Vulnerabilities > CVE-2008-0594 - Remote vulnerability in Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.11

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1485. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(30225);
  script_version("1.21");
  script_cvs_date("Date: 2019/08/02 13:32:21");

  script_cve_id("CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594");
  script_bugtraq_id(27406, 27683);
  script_xref(name:"DSA", value:"1485");

  script_name(english:"Debian DSA-1485-2 : icedove - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several remote vulnerabilities have been discovered in the Icedove
mail client, an unbranded version of the Thunderbird client. The
Common Vulnerabilities and Exposures project identifies the following
problems :

  - CVE-2008-0412
    Jesse Ruderman, Kai Engert, Martijn Wargers, Mats
    Palmgren and Paul Nickerson discovered crashes in the
    layout engine, which might allow the execution of
    arbitrary code.

  - CVE-2008-0413
    Carsten Book, Wesley Garland, Igor Bukanov,
    'moz_bug_r_a4', 'shutdown', Philip Taylor and 'tgirmann'
    discovered crashes in the JavaScript engine, which might
    allow the execution of arbitrary code.

  - CVE-2008-0415
    'moz_bug_r_a4' and Boris Zbarsky discovered several
    vulnerabilities in JavaScript handling, which could
    allow privilege escalation.

  - CVE-2008-0418
    Gerry Eisenhaur and 'moz_bug_r_a4' discovered that a
    directory traversal vulnerability in chrome: URI
    handling could lead to information disclosure.

  - CVE-2008-0419
    David Bloom discovered a race condition in the image
    handling of designMode elements, which can lead to
    information disclosure and potentially the execution of
    arbitrary code.

  - CVE-2008-0591
    Michal Zalewski discovered that timers protecting
    security-sensitive dialogs (by disabling dialog elements
    until a timeout is reached) could be bypassed by window
    focus changes through JavaScript.

The Mozilla products from the old stable distribution (sarge) are no
longer supported with security updates."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2008-0412"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2008-0413"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2008-0415"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2008-0418"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2008-0419"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2008-0591"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2008/dsa-1485"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the icedove packages.

For the stable distribution (etch), these problems have been fixed in
version 1.5.0.13+1.5.0.15b.dfsg1-0etch2."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(20, 22, 79, 94, 200, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icedove");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/02/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/11");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"4.0", prefix:"icedove", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++;
if (deb_check(release:"4.0", prefix:"icedove-dbg", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++;
if (deb_check(release:"4.0", prefix:"icedove-dev", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++;
if (deb_check(release:"4.0", prefix:"icedove-gnome-support", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++;
if (deb_check(release:"4.0", prefix:"icedove-inspector", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++;
if (deb_check(release:"4.0", prefix:"icedove-typeaheadfind", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++;
if (deb_check(release:"4.0", prefix:"mozilla-thunderbird", reference:"1.5.0.13+1.5.0.15a.dfsg1-0etch2")) flag++;
if (deb_check(release:"4.0", prefix:"mozilla-thunderbird-dev", reference:"1.5.0.13+1.5.0.15a.dfsg1-0etch2")) flag++;
if (deb_check(release:"4.0", prefix:"mozilla-thunderbird-inspector", reference:"1.5.0.13+1.5.0.15a.dfsg1-0etch2")) flag++;
if (deb_check(release:"4.0", prefix:"mozilla-thunderbird-typeaheadfind", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++;
if (deb_check(release:"4.0", prefix:"thunderbird", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++;
if (deb_check(release:"4.0", prefix:"thunderbird-dbg", reference:"1.5.0.13+1.5.0.15a.dfsg1-0etch2")) flag++;
if (deb_check(release:"4.0", prefix:"thunderbird-dev", reference:"1.5.0.13+1.5.0.15a.dfsg1-0etch2")) flag++;
if (deb_check(release:"4.0", prefix:"thunderbird-gnome-support", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++;
if (deb_check(release:"4.0", prefix:"thunderbird-inspector", reference:"1.5.0.13+1.5.0.15a.dfsg1-0etch2")) flag++;
if (deb_check(release:"4.0", prefix:"thunderbird-typeaheadfind", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200805-18.
#
# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(32416);
  script_version("1.20");
  script_cvs_date("Date: 2019/08/02 13:32:45");

  script_cve_id("CVE-2007-4879", "CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241", "CVE-2008-1380");
  script_xref(name:"GLSA", value:"200805-18");

  script_name(english:"GLSA-200805-18 : Mozilla products: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200805-18
(Mozilla products: Multiple vulnerabilities)

    The following vulnerabilities were reported in all mentioned Mozilla
    products:
    Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul
    Nickerson reported browser crashes related to JavaScript methods,
    possibly triggering memory corruption (CVE-2008-0412).
    Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,
    Philip Taylor, and tgirmann reported crashes in the JavaScript engine,
    possibly triggering memory corruption (CVE-2008-0413).
    David Bloom discovered a vulnerability in the way images are treated by
    the browser when a user leaves a page, possibly triggering memory
    corruption (CVE-2008-0419).
    moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of
    privilege escalation vulnerabilities related to JavaScript
    (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235).
    Mozilla developers identified browser crashes caused by the layout and
    JavaScript engines, possibly triggering memory corruption
    (CVE-2008-1236, CVE-2008-1237).
    moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from
    its sandboxed context and run with chrome privileges, and inject script
    content into another site, violating the browser's same origin policy
    (CVE-2008-0415).
    Gerry Eisenhaur discovered a directory traversal vulnerability when
    using 'flat' addons (CVE-2008-0418).
    Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu reported
    multiple character handling flaws related to the backspace character,
    the '0x80' character, involving zero-length non-ASCII sequences in
    multiple character sets, that could facilitate Cross-Site Scripting
    attacks (CVE-2008-0416).
    The following vulnerability was reported in Thunderbird and SeaMonkey:
    regenrecht (via iDefense) reported a heap-based buffer overflow when
    rendering an email message with an external MIME body (CVE-2008-0304).
    The following vulnerabilities were reported in Firefox, SeaMonkey and
    XULRunner:
    The fix for CVE-2008-1237 in Firefox 2.0.0.13
    and SeaMonkey 1.1.9 introduced a new crash vulnerability
    (CVE-2008-1380).
    hong and Gregory Fleischer each reported a
    variant on earlier reported bugs regarding focus shifting in file input
    controls (CVE-2008-0414).
    Gynvael Coldwind (Vexillium) discovered that BMP images could be used
    to reveal uninitialized memory, and that this data could be extracted
    using a 'canvas' feature (CVE-2008-0420).
    Chris Thomas reported that background tabs could create a borderless
    XUL pop-up in front of pages in other tabs (CVE-2008-1241).
    oo.rio.oo discovered that a plain text file with a
    'Content-Disposition: attachment' prevents Firefox from rendering
    future plain text files within the browser (CVE-2008-0592).
    Martin Straka reported that the '.href' property of stylesheet DOM
    nodes is modified to the final URI of a 302 redirect, bypassing the
    same origin policy (CVE-2008-0593).
    Gregory Fleischer discovered that under certain circumstances, leading
    characters from the hostname part of the 'Referer:' HTTP header are
    removed (CVE-2008-1238).
    Peter Brodersen and Alexander Klink reported that the browser
    automatically selected and sent a client certificate when SSL Client
    Authentication is requested by a server (CVE-2007-4879).
    Gregory Fleischer reported that web content fetched via the 'jar:'
    protocol was not subject to network access restrictions
    (CVE-2008-1240).
    The following vulnerabilities were reported in Firefox:
    Justin Dolske discovered a CRLF injection vulnerability when storing
    passwords (CVE-2008-0417).
    Michal Zalewski discovered that Firefox does not properly manage a
    delay timer used in confirmation dialogs (CVE-2008-0591).
    Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery
    warning dialog is not displayed if the entire contents of a web page
    are in a DIV tag that uses absolute positioning (CVE-2008-0594).
  
Impact :

    A remote attacker could entice a user to view a specially crafted web
    page or email that will trigger one of the vulnerabilities, possibly
    leading to the execution of arbitrary code or a Denial of Service. It
    is also possible for an attacker to trick a user to upload arbitrary
    files when submitting a form, to corrupt saved passwords for other
    sites, to steal login credentials, or to conduct Cross-Site Scripting
    and Cross-Site Request Forgery attacks.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200805-18"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All Mozilla Firefox users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-2.0.0.14'
    All Mozilla Firefox binary users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-bin-2.0.0.14'
    All Mozilla Thunderbird users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-2.0.0.14'
    All Mozilla Thunderbird binary users should upgrade to the latest
    version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-bin-2.0.0.14'
    All SeaMonkey users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=www-client/seamonkey-1.1.9-r1'
    All SeaMonkey binary users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-1.1.9'
    All XULRunner users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=net-libs/xulrunner-1.8.1.14'
    NOTE: The crash vulnerability (CVE-2008-1380) is currently unfixed in
    the SeaMonkey binary ebuild, as no precompiled packages have been
    released. Until an update is available, we recommend all SeaMonkey
    users to disable JavaScript, use Firefox for JavaScript-enabled
    browsing, or switch to the SeaMonkey source ebuild."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(20, 22, 59, 79, 94, 119, 200, 287, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-firefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-firefox-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-thunderbird");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xulrunner");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/05/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/22");
  script_set_attribute(attribute:"vuln_publication_date", value:"2007/09/08");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"www-client/mozilla-firefox-bin", unaffected:make_list("ge 2.0.0.14"), vulnerable:make_list("lt 2.0.0.14"))) flag++;
if (qpkg_check(package:"www-client/seamonkey-bin", unaffected:make_list("ge 1.1.9"), vulnerable:make_list("lt 1.1.9"))) flag++;
if (qpkg_check(package:"mail-client/mozilla-thunderbird-bin", unaffected:make_list("ge 2.0.0.14"), vulnerable:make_list("lt 2.0.0.14"))) flag++;
if (qpkg_check(package:"www-client/seamonkey", unaffected:make_list("ge 1.1.9-r1"), vulnerable:make_list("lt 1.1.9-r1"))) flag++;
if (qpkg_check(package:"mail-client/mozilla-thunderbird", unaffected:make_list("ge 2.0.0.14"), vulnerable:make_list("lt 2.0.0.14"))) flag++;
if (qpkg_check(package:"net-libs/xulrunner", unaffected:make_list("ge 1.8.1.14"), vulnerable:make_list("lt 1.8.1.14"))) flag++;
if (qpkg_check(package:"www-client/mozilla-firefox", unaffected:make_list("ge 2.0.0.14"), vulnerable:make_list("lt 2.0.0.14"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla products");
}

#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update MozillaThunderbird-5095.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(31620);
  script_version ("1.11");
  script_cvs_date("Date: 2019/10/25 13:36:31");

  script_cve_id("CVE-2008-0412", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594");

  script_name(english:"openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5095)");
  script_summary(english:"Check for the MozillaThunderbird-5095 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update brings Mozilla Thunderbird to security fix level of
version 2.0.0.12

Following security problems were fixed :

  - MFSA 2008-11/CVE-2008-0594 Web forgery overwrite with
    div overlay

  - MFSA 2008-10/CVE-2008-0593 URL token stealing via
    stylesheet redirect

  - MFSA 2008-09/CVE-2008-0592 Mishandling of locally-saved
    plain text files

  - MFSA 2008-08/CVE-2008-0591 File action dialog tampering

  - MFSA 2008-06/CVE-2008-0419 Web browsing history and
    forward navigation stealing

  - MFSA 2008-05/CVE-2008-0418 Directory traversal via
    chrome: URI

  - MFSA 2008-04/CVE-2008-0417 Stored password corruption

  - MFSA 2008-03/CVE-2008-0415 Privilege escalation, XSS,
    Remote Code Execution

  - MFSA 2008-02/CVE-2008-0414 Multiple file input focus
    stealing vulnerabilities

  - MFSA 2008-01/CVE-2008-0412 Crashes with evidence of
    memory corruption (rv:1.8.1.12)"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected MozillaThunderbird packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_cwe_id(20, 22, 79, 94, 200, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/03/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/03/19");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE10\.1|SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE10.1", reference:"MozillaThunderbird-1.5.0.14-0.3") ) flag++;
if ( rpm_check(release:"SUSE10.1", reference:"MozillaThunderbird-translations-1.5.0.14-0.3") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"MozillaThunderbird-1.5.0.14-0.3") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"MozillaThunderbird-translations-1.5.0.14-0.3") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaThunderbird");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2008-1535.
#

include("compat.inc");

if (description)
{
  script_id(31067);
  script_version ("1.18");
  script_cvs_date("Date: 2019/08/02 13:32:27");

  script_cve_id("CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594");
  script_xref(name:"FEDORA", value:"2008-1535");

  script_name(english:"Fedora 8 : Miro-1.1-3.fc8 / blam-1.8.3-13.fc8 / chmsee-1.0.0-1.28.fc8 / devhelp-0.16.1-5.fc8 / etc (2008-1535)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Mozilla Firefox is an open source Web browser. Several flaws were
found in the way Firefox processed certain malformed web content. A
web page containing malicious content could cause Firefox to crash, or
potentially execute arbitrary code as the user running Firefox.
(CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several
flaws were found in the way Firefox displayed malformed web content. A
web page containing specially crafted content could trick a user into
surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A
flaw was found in the way Firefox stored password data. If a user
saves login information for a malicious website, it could be possible
to corrupt the password database, preventing the user from properly
accessing saved password data. (CVE-2008-0417) A flaw was found in the
way Firefox handles certain chrome URLs. If a user has certain
extensions installed, it could allow a malicious website to steal
sensitive session data. Note: this flaw does not affect a default
installation of Firefox. (CVE-2008-0418) A flaw was found in the way
Firefox saves certain text files. If a website offers a file of type
'plain/text', rather than 'text/plain', Firefox will not show future
'text/plain' content to the user in the browser, forcing them to save
those files locally to view the content. (CVE-2008-0592) Users of
firefox are advised to upgrade to these updated packages, which
contain updated packages to resolve these issues.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=431732"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=431733"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=431739"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=431742"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=431748"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=431749"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=431751"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=431752"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=431756"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=432036"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=432040"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007754.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?150b6c21"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007755.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?b751fe08"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007756.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?c8bd9950"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007757.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?d571352f"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007758.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?df5f34ea"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007759.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?080b7023"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007760.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?1bc21d1f"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007761.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?cb3ac43d"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007762.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?406b01bc"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007763.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?fe5d5ec2"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007764.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?d0528e90"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007765.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?4dd87a98"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007766.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?2dbdbc11"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007767.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?67a56ae1"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007768.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?11b25edd"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007769.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?34ff5880"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_cwe_id(20, 22, 79, 94, 200, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:Miro");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:blam");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:chmsee");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:devhelp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:epiphany");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:epiphany-extensions");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:firefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:galeon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnome-web-photo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gtkmozembedmm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kazehakase");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:liferea");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openvrml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-gnome2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:yelp");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8");

  script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2008/02/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/14");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC8", reference:"Miro-1.1-3.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"blam-1.8.3-13.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"chmsee-1.0.0-1.28.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"devhelp-0.16.1-5.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"epiphany-2.20.2-3.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"epiphany-extensions-2.20.1-5.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"firefox-2.0.0.12-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"galeon-2.0.4-1.fc8.2")) flag++;
if (rpm_check(release:"FC8", reference:"gnome-python2-extras-2.19.1-12.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"gnome-web-photo-0.3-8.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"gtkmozembedmm-1.4.2.cvs20060817-18.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"kazehakase-0.5.2-1.fc8.2")) flag++;
if (rpm_check(release:"FC8", reference:"liferea-1.4.11-2.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"openvrml-0.17.5-2.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"ruby-gnome2-0.16.0-20.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"yelp-2.20.0-7.fc8")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Miro / blam / chmsee / devhelp / epiphany / epiphany-extensions / etc");
}