Vulnerabilities > CVE-2008-0420 - Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Subverting Environment Variable Values The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
- Footprinting An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Browser Fingerprinting An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
- Session Credential Falsification through Prediction This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-582-1.NASL description It was discovered that Thunderbird did not properly set the size of a buffer when parsing an external-body MIME-type. If a user were to open a specially crafted email, an attacker could cause a denial of service via application crash or possibly execute arbitrary code as the user. (CVE-2008-0304) Various flaws were discovered in Thunderbird and its JavaScript engine. By tricking a user into opening a malicious message, an attacker could execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 31341 published 2008-03-04 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31341 title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : mozilla-thunderbird, thunderbird vulnerabilities (USN-582-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-582-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(31341); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:33:01"); script_cve_id("CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0418", "CVE-2008-0420", "CVE-2008-0591"); script_xref(name:"USN", value:"582-1"); script_name(english:"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : mozilla-thunderbird, thunderbird vulnerabilities (USN-582-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that Thunderbird did not properly set the size of a buffer when parsing an external-body MIME-type. If a user were to open a specially crafted email, an attacker could cause a denial of service via application crash or possibly execute arbitrary code as the user. (CVE-2008-0304) Various flaws were discovered in Thunderbird and its JavaScript engine. By tricking a user into opening a malicious message, an attacker could execute arbitrary code with the user's privileges. (CVE-2008-0412, CVE-2008-0413) Various flaws were discovered in the JavaScript engine. By tricking a user into opening a malicious message, an attacker could escalate privileges within Thunderbird, perform cross-site scripting attacks and/or execute arbitrary code with the user's privileges. (CVE-2008-0415) Gerry Eisenhaur discovered that the chrome URI scheme did not properly guard against directory traversal. Under certain circumstances, an attacker may be able to load files or steal session data. Ubuntu is not vulnerable in the default installation. (CVE-2008-0418) Flaws were discovered in the BMP decoder. By tricking a user into opening a specially crafted BMP file, an attacker could obtain sensitive information. (CVE-2008-0420). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/582-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(22, 79, 119, 200, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-typeaheadfind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:thunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:thunderbird-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:thunderbird-gnome-support"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/03/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.06|6\.10|7\.04|7\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 6.10 / 7.04 / 7.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"mozilla-thunderbird", pkgver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.0")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"mozilla-thunderbird-dev", pkgver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.0")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"mozilla-thunderbird-inspector", pkgver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.0")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"mozilla-thunderbird-typeaheadfind", pkgver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.0")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"mozilla-thunderbird", pkgver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.0")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"mozilla-thunderbird-dev", pkgver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.0")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"mozilla-thunderbird-inspector", pkgver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.0")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"mozilla-thunderbird-typeaheadfind", pkgver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.0")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"mozilla-thunderbird", pkgver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.0")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"mozilla-thunderbird-dev", pkgver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.0")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"mozilla-thunderbird-inspector", pkgver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.0")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"mozilla-thunderbird-typeaheadfind", pkgver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.0")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"mozilla-thunderbird", pkgver:"2.0.0.12+nobinonly-0ubuntu0.7.10.0")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"mozilla-thunderbird-dev", pkgver:"2.0.0.12+nobinonly-0ubuntu0.7.10.0")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"thunderbird", pkgver:"2.0.0.12+nobinonly-0ubuntu0.7.10.0")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"thunderbird-dev", pkgver:"2.0.0.12+nobinonly-0ubuntu0.7.10.0")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"thunderbird-gnome-support", pkgver:"2.0.0.12+nobinonly-0ubuntu0.7.10.0")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mozilla-thunderbird / mozilla-thunderbird-dev / etc"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200805-18.NASL description The remote host is affected by the vulnerability described in GLSA-200805-18 (Mozilla products: Multiple vulnerabilities) The following vulnerabilities were reported in all mentioned Mozilla products: Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul Nickerson reported browser crashes related to JavaScript methods, possibly triggering memory corruption (CVE-2008-0412). Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown, Philip Taylor, and tgirmann reported crashes in the JavaScript engine, possibly triggering memory corruption (CVE-2008-0413). David Bloom discovered a vulnerability in the way images are treated by the browser when a user leaves a page, possibly triggering memory corruption (CVE-2008-0419). moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of privilege escalation vulnerabilities related to JavaScript (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235). Mozilla developers identified browser crashes caused by the layout and JavaScript engines, possibly triggering memory corruption (CVE-2008-1236, CVE-2008-1237). moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from its sandboxed context and run with chrome privileges, and inject script content into another site, violating the browser last seen 2020-06-01 modified 2020-06-02 plugin id 32416 published 2008-05-22 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/32416 title GLSA-200805-18 : Mozilla products: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200805-18. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(32416); script_version("1.20"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2007-4879", "CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241", "CVE-2008-1380"); script_xref(name:"GLSA", value:"200805-18"); script_name(english:"GLSA-200805-18 : Mozilla products: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200805-18 (Mozilla products: Multiple vulnerabilities) The following vulnerabilities were reported in all mentioned Mozilla products: Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul Nickerson reported browser crashes related to JavaScript methods, possibly triggering memory corruption (CVE-2008-0412). Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown, Philip Taylor, and tgirmann reported crashes in the JavaScript engine, possibly triggering memory corruption (CVE-2008-0413). David Bloom discovered a vulnerability in the way images are treated by the browser when a user leaves a page, possibly triggering memory corruption (CVE-2008-0419). moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of privilege escalation vulnerabilities related to JavaScript (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235). Mozilla developers identified browser crashes caused by the layout and JavaScript engines, possibly triggering memory corruption (CVE-2008-1236, CVE-2008-1237). moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from its sandboxed context and run with chrome privileges, and inject script content into another site, violating the browser's same origin policy (CVE-2008-0415). Gerry Eisenhaur discovered a directory traversal vulnerability when using 'flat' addons (CVE-2008-0418). Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu reported multiple character handling flaws related to the backspace character, the '0x80' character, involving zero-length non-ASCII sequences in multiple character sets, that could facilitate Cross-Site Scripting attacks (CVE-2008-0416). The following vulnerability was reported in Thunderbird and SeaMonkey: regenrecht (via iDefense) reported a heap-based buffer overflow when rendering an email message with an external MIME body (CVE-2008-0304). The following vulnerabilities were reported in Firefox, SeaMonkey and XULRunner: The fix for CVE-2008-1237 in Firefox 2.0.0.13 and SeaMonkey 1.1.9 introduced a new crash vulnerability (CVE-2008-1380). hong and Gregory Fleischer each reported a variant on earlier reported bugs regarding focus shifting in file input controls (CVE-2008-0414). Gynvael Coldwind (Vexillium) discovered that BMP images could be used to reveal uninitialized memory, and that this data could be extracted using a 'canvas' feature (CVE-2008-0420). Chris Thomas reported that background tabs could create a borderless XUL pop-up in front of pages in other tabs (CVE-2008-1241). oo.rio.oo discovered that a plain text file with a 'Content-Disposition: attachment' prevents Firefox from rendering future plain text files within the browser (CVE-2008-0592). Martin Straka reported that the '.href' property of stylesheet DOM nodes is modified to the final URI of a 302 redirect, bypassing the same origin policy (CVE-2008-0593). Gregory Fleischer discovered that under certain circumstances, leading characters from the hostname part of the 'Referer:' HTTP header are removed (CVE-2008-1238). Peter Brodersen and Alexander Klink reported that the browser automatically selected and sent a client certificate when SSL Client Authentication is requested by a server (CVE-2007-4879). Gregory Fleischer reported that web content fetched via the 'jar:' protocol was not subject to network access restrictions (CVE-2008-1240). The following vulnerabilities were reported in Firefox: Justin Dolske discovered a CRLF injection vulnerability when storing passwords (CVE-2008-0417). Michal Zalewski discovered that Firefox does not properly manage a delay timer used in confirmation dialogs (CVE-2008-0591). Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery warning dialog is not displayed if the entire contents of a web page are in a DIV tag that uses absolute positioning (CVE-2008-0594). Impact : A remote attacker could entice a user to view a specially crafted web page or email that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to trick a user to upload arbitrary files when submitting a form, to corrupt saved passwords for other sites, to steal login credentials, or to conduct Cross-Site Scripting and Cross-Site Request Forgery attacks. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200805-18" ); script_set_attribute( attribute:"solution", value: "All Mozilla Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-2.0.0.14' All Mozilla Firefox binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-bin-2.0.0.14' All Mozilla Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-2.0.0.14' All Mozilla Thunderbird binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-bin-2.0.0.14' All SeaMonkey users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/seamonkey-1.1.9-r1' All SeaMonkey binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-1.1.9' All XULRunner users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-libs/xulrunner-1.8.1.14' NOTE: The crash vulnerability (CVE-2008-1380) is currently unfixed in the SeaMonkey binary ebuild, as no precompiled packages have been released. Until an update is available, we recommend all SeaMonkey users to disable JavaScript, use Firefox for JavaScript-enabled browsing, or switch to the SeaMonkey source ebuild." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 22, 59, 79, 94, 119, 200, 287, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-firefox-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-thunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xulrunner"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/05/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/22"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/09/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-client/mozilla-firefox-bin", unaffected:make_list("ge 2.0.0.14"), vulnerable:make_list("lt 2.0.0.14"))) flag++; if (qpkg_check(package:"www-client/seamonkey-bin", unaffected:make_list("ge 1.1.9"), vulnerable:make_list("lt 1.1.9"))) flag++; if (qpkg_check(package:"mail-client/mozilla-thunderbird-bin", unaffected:make_list("ge 2.0.0.14"), vulnerable:make_list("lt 2.0.0.14"))) flag++; if (qpkg_check(package:"www-client/seamonkey", unaffected:make_list("ge 1.1.9-r1"), vulnerable:make_list("lt 1.1.9-r1"))) flag++; if (qpkg_check(package:"mail-client/mozilla-thunderbird", unaffected:make_list("ge 2.0.0.14"), vulnerable:make_list("lt 2.0.0.14"))) flag++; if (qpkg_check(package:"net-libs/xulrunner", unaffected:make_list("ge 1.8.1.14"), vulnerable:make_list("lt 1.8.1.14"))) flag++; if (qpkg_check(package:"www-client/mozilla-firefox", unaffected:make_list("ge 2.0.0.14"), vulnerable:make_list("lt 2.0.0.14"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla products"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0104.NASL description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed web content. A webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way SeaMonkey displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way SeaMonkey stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way SeaMonkey handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of SeaMonkey. (CVE-2008-0418) A flaw was found in the way SeaMonkey saves certain text files. If a website offers a file of type last seen 2020-06-01 modified 2020-06-02 plugin id 30221 published 2008-02-11 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30221 title CentOS 3 / 4 : seamonkey (CESA-2008:0104) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0104 and # CentOS Errata and Security Advisory 2008:0104 respectively. # include("compat.inc"); if (description) { script_id(30221); script_version("1.19"); script_cvs_date("Date: 2019/10/25 13:36:04"); script_cve_id("CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593"); script_bugtraq_id(24293, 27406, 27683); script_xref(name:"RHSA", value:"2008:0104"); script_name(english:"CentOS 3 / 4 : seamonkey (CESA-2008:0104)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed web content. A webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way SeaMonkey displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way SeaMonkey stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way SeaMonkey handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of SeaMonkey. (CVE-2008-0418) A flaw was found in the way SeaMonkey saves certain text files. If a website offers a file of type 'plain/text', rather than 'text/plain', SeaMonkey will not show future 'text/plain' content to the user in the browser, forcing them to save those files locally to view the content. (CVE-2008-0592) Users of SeaMonkey are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); # https://lists.centos.org/pipermail/centos-announce/2008-February/014661.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1b615239" ); # https://lists.centos.org/pipermail/centos-announce/2008-February/014662.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?43cc2832" ); # https://lists.centos.org/pipermail/centos-announce/2008-February/014667.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2634875c" ); # https://lists.centos.org/pipermail/centos-announce/2008-February/014668.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?212996e0" ); # https://lists.centos.org/pipermail/centos-announce/2008-February/014673.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?15f721aa" ); # https://lists.centos.org/pipermail/centos-announce/2008-February/014674.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ecf7b57f" ); script_set_attribute( attribute:"solution", value:"Update the affected seamonkey packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(22, 79, 94, 119, 200, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-chat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-js-debugger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nspr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nss-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/08"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"seamonkey-1.0.9-0.9.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-chat-1.0.9-0.9.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-devel-1.0.9-0.9.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-dom-inspector-1.0.9-0.9.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-js-debugger-1.0.9-0.9.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-mail-1.0.9-0.9.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-nspr-1.0.9-0.9.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-nspr-devel-1.0.9-0.9.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-nss-1.0.9-0.9.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-nss-devel-1.0.9-0.9.el3.centos3")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-1.0.9-9.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-chat-1.0.9-9.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-devel-1.0.9-9.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-dom-inspector-1.0.9-9.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-js-debugger-1.0.9-9.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-mail-1.0.9-9.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-nspr-1.0.9-9.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-nspr-devel-1.0.9-9.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-nss-1.0.9-9.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-nss-devel-1.0.9-9.el4.centos")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey / seamonkey-chat / seamonkey-devel / etc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0103.NASL description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Firefox displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Firefox stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way Firefox handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of Firefox. (CVE-2008-0418) A flaw was found in the way Firefox saves certain text files. If a website offers a file of type last seen 2020-06-01 modified 2020-06-02 plugin id 30245 published 2008-02-11 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30245 title RHEL 4 / 5 : firefox (RHSA-2008:0103) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0103. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(30245); script_version ("1.26"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593"); script_bugtraq_id(24293, 27406, 27683); script_xref(name:"RHSA", value:"2008:0103"); script_name(english:"RHEL 4 / 5 : firefox (RHSA-2008:0103)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Firefox displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Firefox stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way Firefox handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of Firefox. (CVE-2008-0418) A flaw was found in the way Firefox saves certain text files. If a website offers a file of type 'plain/text', rather than 'text/plain', Firefox will not show future 'text/plain' content to the user in the browser, forcing them to save those files locally to view the content. (CVE-2008-0592) Users of firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0412" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0413" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0415" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0416" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0417" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0418" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0419" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0420" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0591" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0592" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0593" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2008:0103" ); script_set_attribute( attribute:"solution", value:"Update the affected firefox and / or firefox-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(22, 79, 94, 200, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/08"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2008:0103"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"firefox-1.5.0.12-0.10.el4")) flag++; if (rpm_check(release:"RHEL5", reference:"firefox-1.5.0.12-9.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"firefox-devel-1.5.0.12-9.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / firefox-devel"); } }NASL family Fedora Local Security Checks NASL id FEDORA_2008-2060.NASL description Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed HTML mail content. A HTML mail message containing malicious content could cause Thunderbird to crash, or potentially execute arbitrary code as the user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Thunderbird displayed malformed HTML mail content. A HTML mail message containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Thunderbird handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious HTML mail message to steal sensitive session data. Note: this flaw does not affect a default installation of Thunderbird. (CVE-2008-0418) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. A flaw was found in the way Thunderbird saves certain text files. If a remote site offers a file of type last seen 2020-06-01 modified 2020-06-02 plugin id 31314 published 2008-02-29 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31314 title Fedora 8 : thunderbird-2.0.0.12-1.fc8 (2008-2060) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-2060. # include("compat.inc"); if (description) { script_id(31314); script_version ("1.19"); script_cvs_date("Date: 2019/08/02 13:32:27"); script_cve_id("CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593"); script_bugtraq_id(27406, 27683, 28012); script_xref(name:"FEDORA", value:"2008-2060"); script_name(english:"Fedora 8 : thunderbird-2.0.0.12-1.fc8 (2008-2060)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed HTML mail content. A HTML mail message containing malicious content could cause Thunderbird to crash, or potentially execute arbitrary code as the user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Thunderbird displayed malformed HTML mail content. A HTML mail message containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Thunderbird handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious HTML mail message to steal sensitive session data. Note: this flaw does not affect a default installation of Thunderbird. (CVE-2008-0418) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. A flaw was found in the way Thunderbird saves certain text files. If a remote site offers a file of type 'plain/text', rather than 'text/plain', Thunderbird will not show future 'text/plain' content to the user, forcing them to save those files locally to view the content. (CVE-2008-0592) Users of thunderbird are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=431732" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=431733" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=431739" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=431748" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=431749" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=431750" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=431751" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=431752" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=431756" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=435123" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/008286.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9a0a8007" ); script_set_attribute( attribute:"solution", value:"Update the affected thunderbird package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(22, 79, 119, 200, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:thunderbird"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/08"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC8", reference:"thunderbird-2.0.0.12-1.fc8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird"); }NASL family Windows NASL id SEAMONKEY_118.NASL description The installed version of SeaMonkey is affected by various security issues : - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption - Several file input focus stealing vulnerabilities that could result in uploading of arbitrary files provided their full path and file names are known. - Several issues that allow scripts from page content to escape from their sandboxed context and/or run with chrome privileges, resulting in privilege escalation, XSS, and/or remote code execution. - A directory traversal vulnerability via the last seen 2020-06-01 modified 2020-06-02 plugin id 30210 published 2008-02-08 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/30210 title SeaMonkey < 1.1.8 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(30210); script_version("1.21"); script_cve_id("CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0592", "CVE-2008-0593"); script_bugtraq_id(27406, 27683, 27826, 28012, 29303); script_name(english:"SeaMonkey < 1.1.8 Multiple Vulnerabilities"); script_summary(english:"Checks version of SeaMonkey"); script_set_attribute(attribute:"synopsis", value: "A web browser on the remote host is affected by multiple vulnerabilities." ); script_set_attribute(attribute:"description", value: "The installed version of SeaMonkey is affected by various security issues : - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption - Several file input focus stealing vulnerabilities that could result in uploading of arbitrary files provided their full path and file names are known. - Several issues that allow scripts from page content to escape from their sandboxed context and/or run with chrome privileges, resulting in privilege escalation, XSS, and/or remote code execution. - A directory traversal vulnerability via the 'chrome:' URI. - A vulnerability involving 'designMode' frames that may result in web browsing history and forward navigation stealing. - An information disclosure issue in the BMP decoder. - Mis-handling of locally-saved plaintext files. - Possible disclosure of sensitive URL parameters, such as session tokens, via the .href property of stylesheet DOM nodes reflecting the final URI of the stylesheet after following any 302 redirects. - A heap-based buffer overflow that can be triggered when viewing an email with an external MIME body. - Multiple cross-site scripting vulnerabilities related to character encoding." ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-01/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-02/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-03/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-05/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-06/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-07/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-09/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-10/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-12/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-13/" ); script_set_attribute(attribute:"solution", value: "Upgrade to SeaMonkey 1.1.8 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 22, 79, 119, 200, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/02/08"); script_cvs_date("Date: 2018/07/27 18:38:15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:seamonkey"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("SeaMonkey/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item("SMB/transport"); if (!port) port = 445; installs = get_kb_list("SMB/SeaMonkey/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "SeaMonkey"); mozilla_check_version(installs:installs, product:'seamonkey', fix:'1.1.8', severity:SECURITY_HOLE);NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0105.NASL description From Red Hat Security Advisory 2008:0105 : Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 27th February 2008] The erratum text has been updated to include the details of additional issues that were fixed by these erratum packages, but which were not public at the time of release. No changes have been made to the packages. Mozilla Thunderbird is a standalone mail and newsgroup client. A heap-based buffer overflow flaw was found in the way Thunderbird processed messages with external-body Multipurpose Internet Message Extensions (MIME) types. A HTML mail message containing malicious content could cause Thunderbird to execute arbitrary code as the user running Thunderbird. (CVE-2008-0304) Several flaws were found in the way Thunderbird processed certain malformed HTML mail content. A HTML mail message containing malicious content could cause Thunderbird to crash, or potentially execute arbitrary code as the user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Thunderbird displayed malformed HTML mail content. A HTML mail message containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0420, CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Thunderbird handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious HTML mail message to steal sensitive session data. Note: this flaw does not affect a default installation of Thunderbird. (CVE-2008-0418) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. A flaw was found in the way Thunderbird saves certain text files. If a remote site offers a file of type last seen 2020-06-01 modified 2020-06-02 plugin id 67649 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67649 title Oracle Linux 4 : thunderbird (ELSA-2008-0105) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0105 and # Oracle Linux Security Advisory ELSA-2008-0105 respectively. # include("compat.inc"); if (description) { script_id(67649); script_version("1.12"); script_cvs_date("Date: 2019/10/25 13:36:07"); script_cve_id("CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593"); script_bugtraq_id(24293, 27406, 27683, 28012); script_xref(name:"RHSA", value:"2008:0105"); script_name(english:"Oracle Linux 4 : thunderbird (ELSA-2008-0105)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2008:0105 : Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 27th February 2008] The erratum text has been updated to include the details of additional issues that were fixed by these erratum packages, but which were not public at the time of release. No changes have been made to the packages. Mozilla Thunderbird is a standalone mail and newsgroup client. A heap-based buffer overflow flaw was found in the way Thunderbird processed messages with external-body Multipurpose Internet Message Extensions (MIME) types. A HTML mail message containing malicious content could cause Thunderbird to execute arbitrary code as the user running Thunderbird. (CVE-2008-0304) Several flaws were found in the way Thunderbird processed certain malformed HTML mail content. A HTML mail message containing malicious content could cause Thunderbird to crash, or potentially execute arbitrary code as the user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Thunderbird displayed malformed HTML mail content. A HTML mail message containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0420, CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Thunderbird handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious HTML mail message to steal sensitive session data. Note: this flaw does not affect a default installation of Thunderbird. (CVE-2008-0418) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. A flaw was found in the way Thunderbird saves certain text files. If a remote site offers a file of type 'plain/text', rather than 'text/plain', Thunderbird will not show future 'text/plain' content to the user, forcing them to save those files locally to view the content. (CVE-2008-0592) Users of thunderbird are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2008-February/000511.html" ); script_set_attribute( attribute:"solution", value:"Update the affected thunderbird package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(22, 79, 119, 200, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:thunderbird"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/08"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL4", cpu:"i386", reference:"thunderbird-1.5.0.12-8.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"thunderbird-1.5.0.12-8.el4.0.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0103.NASL description From Red Hat Security Advisory 2008:0103 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Firefox displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Firefox stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way Firefox handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of Firefox. (CVE-2008-0418) A flaw was found in the way Firefox saves certain text files. If a website offers a file of type last seen 2020-06-01 modified 2020-06-02 plugin id 67647 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67647 title Oracle Linux 4 / 5 : firefox (ELSA-2008-0103) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0103 and # Oracle Linux Security Advisory ELSA-2008-0103 respectively. # include("compat.inc"); if (description) { script_id(67647); script_version("1.12"); script_cvs_date("Date: 2019/10/25 13:36:07"); script_cve_id("CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593"); script_bugtraq_id(24293, 27406, 27683); script_xref(name:"RHSA", value:"2008:0103"); script_name(english:"Oracle Linux 4 / 5 : firefox (ELSA-2008-0103)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2008:0103 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Firefox displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Firefox stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way Firefox handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of Firefox. (CVE-2008-0418) A flaw was found in the way Firefox saves certain text files. If a website offers a file of type 'plain/text', rather than 'text/plain', Firefox will not show future 'text/plain' content to the user in the browser, forcing them to save those files locally to view the content. (CVE-2008-0592) Users of firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2008-February/000508.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2008-February/000509.html" ); script_set_attribute( attribute:"solution", value:"Update the affected firefox packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(22, 79, 94, 200, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:firefox-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/08"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4 / 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL4", cpu:"i386", reference:"firefox-1.5.0.12-0.10.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"firefox-1.5.0.12-0.10.el4.0.1")) flag++; if (rpm_check(release:"EL5", reference:"firefox-1.5.0.12-9.el5.0.1")) flag++; if (rpm_check(release:"EL5", reference:"firefox-devel-1.5.0.12-9.el5.0.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / firefox-devel"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-576-1.NASL description Various flaws were discovered in the browser and JavaScript engine. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 30252 published 2008-02-11 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30252 title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-576-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-576-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(30252); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:33:01"); script_cve_id("CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"); script_xref(name:"USN", value:"576-1"); script_name(english:"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-576-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Various flaws were discovered in the browser and JavaScript engine. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. (CVE-2008-0412, CVE-2008-0413) Flaws were discovered in the file upload form control. A malicious website could force arbitrary files from the user's computer to be uploaded without consent. (CVE-2008-0414) Various flaws were discovered in the JavaScript engine. By tricking a user into opening a malicious web page, an attacker could escalate privileges within the browser, perform cross-site scripting attacks and/or execute arbitrary code with the user's privileges. (CVE-2008-0415) Various flaws were discovered in character encoding handling. If a user were ticked into opening a malicious web page, an attacker could perform cross-site scripting attacks. (CVE-2008-0416) Justin Dolske discovered a flaw in the password saving mechanism. By tricking a user into opening a malicious web page, an attacker could corrupt the user's stored passwords. (CVE-2008-0417) Gerry Eisenhaur discovered that the chrome URI scheme did not properly guard against directory traversal. Under certain circumstances, an attacker may be able to load files or steal session data. Ubuntu is not vulnerable in the default installation. (CVE-2008-0418) David Bloom discovered flaws in the way images are treated by the browser. A malicious website could exploit this to steal the user's history information, crash the browser and/or possibly execute arbitrary code with the user's privileges. (CVE-2008-0419) Flaws were discovered in the BMP decoder. By tricking a user into opening a specially crafted BMP file, an attacker could obtain sensitive information. (CVE-2008-0420) Michal Zalewski discovered flaws with timer-enabled security dialogs. A malicious website could force the user to confirm a security dialog without explicit consent. (CVE-2008-0591) It was discovered that Firefox mishandled locally saved plain text files. By tricking a user into saving a specially crafted text file, an attacker could prevent the browser from displaying local files with a .txt extension. (CVE-2008-0592) Martin Straka discovered flaws in stylesheet handling after a 302 redirect. By tricking a user into opening a malicious web page, an attacker could obtain sensitive URL parameters. (CVE-2008-0593) Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery warning dialog wasn't displayed under certain circumstances. A malicious website could exploit this to conduct phishing attacks against the user. (CVE-2008-0594). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/576-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 22, 79, 94, 200, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-libthai"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnspr-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnspr4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-gnome-support"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.06|6\.10|7\.04|7\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 6.10 / 7.04 / 7.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"firefox", pkgver:"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"firefox-dbg", pkgver:"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"firefox-dev", pkgver:"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"firefox-dom-inspector", pkgver:"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"firefox-gnome-support", pkgver:"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libnspr-dev", pkgver:"1.firefox1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libnspr4", pkgver:"1.firefox1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libnss-dev", pkgver:"1.firefox1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libnss3", pkgver:"1.firefox1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"mozilla-firefox", pkgver:"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"mozilla-firefox-dev", pkgver:"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"firefox", pkgver:"2.0.0.12+0nobinonly+2-0ubuntu0.6.10")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"firefox-dbg", pkgver:"2.0.0.12+0nobinonly+2-0ubuntu0.6.10")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"firefox-dev", pkgver:"2.0.0.12+0nobinonly+2-0ubuntu0.6.10")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"firefox-dom-inspector", pkgver:"2.0.0.12+0nobinonly+2-0ubuntu0.6.10")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"firefox-gnome-support", pkgver:"2.0.0.12+0nobinonly+2-0ubuntu0.6.10")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libnspr-dev", pkgver:"1.firefox2.0.0.12+0nobinonly+2-0ubuntu0.6.10")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libnspr4", pkgver:"1.firefox2.0.0.12+0nobinonly+2-0ubuntu0.6.10")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libnss-dev", pkgver:"1.firefox2.0.0.12+0nobinonly+2-0ubuntu0.6.10")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libnss3", pkgver:"1.firefox2.0.0.12+0nobinonly+2-0ubuntu0.6.10")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"mozilla-firefox", pkgver:"2.0.0.12+0nobinonly+2-0ubuntu0.6.10")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"mozilla-firefox-dev", pkgver:"2.0.0.12+0nobinonly+2-0ubuntu0.6.10")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"mozilla-firefox-dom-inspector", pkgver:"2.0.0.12+0nobinonly+2-0ubuntu0.6.10")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"mozilla-firefox-gnome-support", pkgver:"2.0.0.12+0nobinonly+2-0ubuntu0.6.10")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"firefox", pkgver:"2.0.0.12+1nobinonly+2-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"firefox-dbg", pkgver:"2.0.0.12+1nobinonly+2-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"firefox-dev", pkgver:"2.0.0.12+1nobinonly+2-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"firefox-dom-inspector", pkgver:"2.0.0.12+1nobinonly+2-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"firefox-gnome-support", pkgver:"2.0.0.12+1nobinonly+2-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"firefox-libthai", pkgver:"2.0.0.12+1nobinonly+2-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"libnspr-dev", pkgver:"1.firefox2.0.0.12+1nobinonly+2-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"libnspr4", pkgver:"1.firefox2.0.0.12+1nobinonly+2-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"libnss-dev", pkgver:"1.firefox2.0.0.12+1nobinonly+2-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"libnss3", pkgver:"1.firefox2.0.0.12+1nobinonly+2-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"mozilla-firefox", pkgver:"2.0.0.12+1nobinonly+2-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"mozilla-firefox-dev", pkgver:"2.0.0.12+1nobinonly+2-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"mozilla-firefox-dom-inspector", pkgver:"2.0.0.12+1nobinonly+2-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"mozilla-firefox-gnome-support", pkgver:"2.0.0.12+1nobinonly+2-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"firefox", pkgver:"2.0.0.12+2nobinonly+2-0ubuntu0.7.10")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"firefox-dbg", pkgver:"2.0.0.12+2nobinonly+2-0ubuntu0.7.10")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"firefox-dev", pkgver:"2.0.0.12+2nobinonly+2-0ubuntu0.7.10")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"firefox-dom-inspector", pkgver:"2.0.0.12+2nobinonly+2-0ubuntu0.7.10")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"firefox-gnome-support", pkgver:"2.0.0.12+2nobinonly+2-0ubuntu0.7.10")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"firefox-libthai", pkgver:"2.0.0.12+2nobinonly+2-0ubuntu0.7.10")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / firefox-dbg / firefox-dev / firefox-dom-inspector / etc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0105.NASL description Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 27th February 2008] The erratum text has been updated to include the details of additional issues that were fixed by these erratum packages, but which were not public at the time of release. No changes have been made to the packages. Mozilla Thunderbird is a standalone mail and newsgroup client. A heap-based buffer overflow flaw was found in the way Thunderbird processed messages with external-body Multipurpose Internet Message Extensions (MIME) types. A HTML mail message containing malicious content could cause Thunderbird to execute arbitrary code as the user running Thunderbird. (CVE-2008-0304) Several flaws were found in the way Thunderbird processed certain malformed HTML mail content. A HTML mail message containing malicious content could cause Thunderbird to crash, or potentially execute arbitrary code as the user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Thunderbird displayed malformed HTML mail content. A HTML mail message containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0420, CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Thunderbird handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious HTML mail message to steal sensitive session data. Note: this flaw does not affect a default installation of Thunderbird. (CVE-2008-0418) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. A flaw was found in the way Thunderbird saves certain text files. If a remote site offers a file of type last seen 2020-06-01 modified 2020-06-02 plugin id 30247 published 2008-02-11 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30247 title RHEL 4 / 5 : thunderbird (RHSA-2008:0105) NASL family Fedora Local Security Checks NASL id FEDORA_2008-2118.NASL description Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed HTML mail content. A HTML mail message containing malicious content could cause Thunderbird to crash, or potentially execute arbitrary code as the user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Thunderbird displayed malformed HTML mail content. A HTML mail message containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Thunderbird handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious HTML mail message to steal sensitive session data. Note: this flaw does not affect a default installation of Thunderbird. (CVE-2008-0418) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. A flaw was found in the way Thunderbird saves certain text files. If a remote site offers a file of type last seen 2020-06-01 modified 2020-06-02 plugin id 31318 published 2008-02-29 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31318 title Fedora 7 : thunderbird-2.0.0.12-1.fc7 (2008-2118) NASL family Windows NASL id MOZILLA_FIREFOX_20012.NASL description The installed version of Firefox is affected by various security issues : - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption - Several file input focus stealing vulnerabilities that could result in uploading of arbitrary files provided their full path and file names are known. - Several issues that allow scripts from page content to escape from their sandboxed context and/or run with chrome privileges, resulting in privilege escalation, XSS, and/or remote code execution. - An issue that could allow a malicious site to inject newlines into the application last seen 2020-06-01 modified 2020-06-02 plugin id 30209 published 2008-02-08 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/30209 title Firefox < 2.0.0.12 Multiple Vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0104.NASL description From Red Hat Security Advisory 2008:0104 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed web content. A webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way SeaMonkey displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way SeaMonkey stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way SeaMonkey handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of SeaMonkey. (CVE-2008-0418) A flaw was found in the way SeaMonkey saves certain text files. If a website offers a file of type last seen 2020-06-01 modified 2020-06-02 plugin id 67648 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67648 title Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0104) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0105.NASL description Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 27th February 2008] The erratum text has been updated to include the details of additional issues that were fixed by these erratum packages, but which were not public at the time of release. No changes have been made to the packages. Mozilla Thunderbird is a standalone mail and newsgroup client. A heap-based buffer overflow flaw was found in the way Thunderbird processed messages with external-body Multipurpose Internet Message Extensions (MIME) types. A HTML mail message containing malicious content could cause Thunderbird to execute arbitrary code as the user running Thunderbird. (CVE-2008-0304) Several flaws were found in the way Thunderbird processed certain malformed HTML mail content. A HTML mail message containing malicious content could cause Thunderbird to crash, or potentially execute arbitrary code as the user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Thunderbird displayed malformed HTML mail content. A HTML mail message containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0420, CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Thunderbird handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious HTML mail message to steal sensitive session data. Note: this flaw does not affect a default installation of Thunderbird. (CVE-2008-0418) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. A flaw was found in the way Thunderbird saves certain text files. If a remote site offers a file of type last seen 2020-06-01 modified 2020-06-02 plugin id 30222 published 2008-02-11 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30222 title CentOS 4 / 5 : thunderbird (CESA-2008:0105) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0103.NASL description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Firefox displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Firefox stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way Firefox handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of Firefox. (CVE-2008-0418) A flaw was found in the way Firefox saves certain text files. If a website offers a file of type last seen 2020-06-01 modified 2020-06-02 plugin id 30220 published 2008-02-11 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30220 title CentOS 4 / 5 : firefox (CESA-2008:0103) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-048.NASL description A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.12. This update provides the latest Firefox to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37189 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37189 title Mandriva Linux Security Advisory : mozilla-firefox (MDVSA-2008:048) NASL family Windows NASL id NETSCAPE_BROWSER_9006.NASL description The installed version of Netscape is affected by various security issues : - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption. - Several file input focus stealing vulnerabilities that could result in uploading of arbitrary files provided their full path and file names are known. - Several issues that allow scripts from page content to escape from their sandboxed context and/or run with chrome privileges, resulting in privilege escalation, XSS, and/or remote code execution. - An issue that could allow a malicious site to inject newlines into the application last seen 2020-06-01 modified 2020-06-02 plugin id 31135 published 2008-02-22 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31135 title Netscape Browser < 9.0.0.6 Multiple Vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_810A5197E0D911DC891A02061B08FC24.NASL description The Mozilla Foundation reports of multiple security issues in Firefox, SeaMonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. - Web forgery overwrite with div overlay - URL token stealing via stylesheet redirect - Mishandling of locally-saved plain text files - File action dialog tampering - Possible information disclosure in BMP decoder - Web browsing history and forward navigation stealing - Directory traversal via chrome: URI - Stored password corruption - Privilege escalation, XSS, Remote Code Execution - Multiple file input focus stealing vulnerabilities - Crashes with evidence of memory corruption (rv:1.8.1.12) last seen 2020-06-01 modified 2020-06-02 plugin id 31155 published 2008-02-25 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31155 title FreeBSD : mozilla -- multiple vulnerabilities (810a5197-e0d9-11dc-891a-02061b08fc24) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0104.NASL description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed web content. A webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way SeaMonkey displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way SeaMonkey stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way SeaMonkey handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of SeaMonkey. (CVE-2008-0418) A flaw was found in the way SeaMonkey saves certain text files. If a website offers a file of type last seen 2020-06-01 modified 2020-06-02 plugin id 30246 published 2008-02-11 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30246 title RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0104) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-582-2.NASL description USN-582-1 fixed several vulnerabilities in Thunderbird. The upstream fixes were incomplete, and after performing certain actions Thunderbird would crash due to memory errors. This update fixes the problem. We apologize for the inconvenience. It was discovered that Thunderbird did not properly set the size of a buffer when parsing an external-body MIME-type. If a user were to open a specially crafted email, an attacker could cause a denial of service via application crash or possibly execute arbitrary code as the user. (CVE-2008-0304) Various flaws were discovered in Thunderbird and its JavaScript engine. By tricking a user into opening a malicious message, an attacker could execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 65107 published 2013-03-09 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65107 title Ubuntu 6.06 LTS / 6.10 / 7.04 : mozilla-thunderbird (USN-582-2)
Oval
| accepted | 2013-04-29T04:01:54.399-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||
| description | Ubuntu 6.06 through 7.10. | ||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:10119 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||
| title | Ubuntu 6.06 through 7.10. | ||||||||||||||||||||||||
| version | 27 |
Redhat
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 26937 CVE(CAN) ID: CVE-2007-6520,CVE-2007-6521,CVE-2007-6522,CVE-2007-6524 Opera是一款流行的WEB浏览器,支持多种平台。 Opera Web浏览器的9.25之前版本中存在多个安全漏洞,可能允许恶意用户执行跨站脚本攻击、泄露敏感信息、导致拒绝服务或执行任意代码。 1) 某些插件可能导致跨站脚本攻击。 2) 在连接到TLS保护的站点时,Opera会解析包含有主题替换名称的X.509证书。如果证书带有特制的主题替换名称的话,就会在Opera中触发堆溢出,导致拒绝服务或执行任意代码。 3) Opera中的富文本编辑功能允许远程攻击者通过使用designMode修改其他域中网页的内容执行跨站脚本攻击。 4) Opera在处理特制的BMP文件时可能允许攻击者通过HTML文档中的CANVAS单元和JavaScript获得敏感内存内容。这个漏洞与CVE-2008-0420中所述漏洞相关。 Opera Software Opera < 9.25 Opera Software -------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.opera.com target=_blank>http://www.opera.com</a> Gentoo ------ Gentoo已经为此发布了一个安全公告(GLSA-200712-22)以及相应补丁: GLSA-200712-22:Opera: Multiple vulnerabilities 链接:<a href=http://security.gentoo.org/glsa/glsa-200712-22.xml target=_blank>http://security.gentoo.org/glsa/glsa-200712-22.xml</a> 所有Opera用户都应升级到最新版本: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/opera-9.25" |
| id | SSV:3351 |
| last seen | 2017-11-19 |
| modified | 2008-05-30 |
| published | 2008-05-30 |
| reporter | Root |
| title | Opera Web浏览器9.25版本修复多个漏洞 |
References
- http://browser.netscape.com/releasenotes/
- http://secunia.com/advisories/28758
- http://secunia.com/advisories/28839
- http://secunia.com/advisories/29049
- http://secunia.com/advisories/29098
- http://secunia.com/advisories/29167
- http://secunia.com/advisories/30327
- http://secunia.com/advisories/30620
- http://securitytracker.com/id?1019434
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
- http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:048
- http://www.mozilla.org/security/announce/2008/mfsa2008-07.html
- http://www.securityfocus.com/archive/1/488264/100/0/threaded
- http://www.securityfocus.com/bid/27826
- http://www.ubuntu.com/usn/usn-582-1
- http://www.ubuntu.com/usn/usn-582-2
- http://www.vupen.com/english/advisories/2008/0627/references
- http://www.vupen.com/english/advisories/2008/1793/references
- https://bugzilla.mozilla.org/show_bug.cgi?id=408076
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40491
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40606
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10119
- https://usn.ubuntu.com/576-1/
- https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html
- https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html