Vulnerabilities > CVE-2008-1240 - Unspecified vulnerability in Mozilla Firefox

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
mozilla
nessus

Summary

LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine. NOTE: this is closely related to CVE-2008-1195.

Vulnerable Configurations

Part Description Count
Application
Mozilla
97

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1532.NASL
    description# This shares a lot of text with dsa-1534.wml, dsa-1535.wml, dsa-1574.wml Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-4879 Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy. - CVE-2008-1233
    last seen2020-06-01
    modified2020-06-02
    plugin id31709
    published2008-03-31
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31709
    titleDebian DSA-1532-1 : xulrunner - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1532. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(31709);
      script_version("1.21");
      script_cvs_date("Date: 2019/08/02 13:32:21");
    
      script_cve_id("CVE-2007-4879", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241");
      script_bugtraq_id(28448);
      script_xref(name:"DSA", value:"1532");
    
      script_name(english:"Debian DSA-1532-1 : xulrunner - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "# This shares a lot of text with dsa-1534.wml, dsa-1535.wml,
    dsa-1574.wml
    
    Several remote vulnerabilities have been discovered in Xulrunner, a
    runtime environment for XUL applications. The Common Vulnerabilities
    and Exposures project identifies the following problems :
    
      - CVE-2007-4879
        Peter Brodersen and Alexander Klink discovered that the
        autoselection of SSL client certificates could lead to
        users being tracked, resulting in a loss of privacy.
    
      - CVE-2008-1233
        'moz_bug_r_a4' discovered that variants of CVE-2007-3738
        and CVE-2007-5338 allow the execution of arbitrary code
        through XPCNativeWrapper.
    
      - CVE-2008-1234
        'moz_bug_r_a4' discovered that insecure handling of
        event handlers could lead to cross-site scripting.
    
      - CVE-2008-1235
        Boris Zbarsky, Johnny Stenback and 'moz_bug_r_a4'
        discovered that incorrect principal handling could lead
        to cross-site scripting and the execution of arbitrary
        code.
    
      - CVE-2008-1236
        Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett
        and Mats Palmgren discovered crashes in the layout
        engine, which might allow the execution of arbitrary
        code.
    
      - CVE-2008-1237
        'georgi', 'tgirmann' and Igor Bukanov discovered crashes
        in the JavaScript engine, which might allow the
        execution of arbitrary code.
    
      - CVE-2008-1238
        Gregory Fleischer discovered that HTTP Referrer headers
        were handled incorrectly in combination with URLs
        containing Basic Authentication credentials with empty
        usernames, resulting in potential Cross-Site Request
        Forgery attacks.
    
      - CVE-2008-1240
        Gregory Fleischer discovered that web content fetched
        through the jar: protocol can use Java to connect to
        arbitrary ports. This is only an issue in combination
        with the non-free Java plugin.
    
      - CVE-2008-1241
        Chris Thomas discovered that background tabs could
        generate XUL popups overlaying the current tab,
        resulting in potential spoofing attacks.
    
    The Mozilla products from the old stable distribution (sarge) are no
    longer supported."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-4879"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-1233"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-3738"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-5338"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-1234"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-1235"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-1236"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-1237"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-1238"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-1240"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-1241"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2008/dsa-1532"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the xulrunner packages.
    
    For the stable distribution (etch), these problems have been fixed in
    version 1.8.0.15~pre080323b-0etch1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(59, 79, 94, 287, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xulrunner");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/03/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/03/31");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"4.0", prefix:"libmozillainterfaces-java", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libmozjs-dev", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libmozjs0d", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libmozjs0d-dbg", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libnspr4-0d", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libnspr4-0d-dbg", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libnspr4-dev", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libnss3-0d", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libnss3-0d-dbg", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libnss3-dev", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libnss3-tools", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libsmjs-dev", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libsmjs1", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libxul-common", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libxul-dev", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libxul0d", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libxul0d-dbg", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"python-xpcom", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"spidermonkey-bin", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"xulrunner", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"xulrunner-gnome-support", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLA-XULRUNNER181-5158.NASL
    descriptionThis update brings the Mozilla XULRunner engine to security update version 1.8.1.13 Following security problems were fixed : - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant (cross-tab popups) - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java socket connection to any local port via LiveConnect - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL Client Authentication - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with malformed URLs - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with evidence of memory corruption (rv:1.8.1.13) - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235: JavaScript privilege escalation and arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id32026
    published2008-04-22
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/32026
    titleopenSUSE 10 Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-5158)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update mozilla-xulrunner181-5158.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(32026);
      script_version ("1.10");
      script_cvs_date("Date: 2019/10/25 13:36:32");
    
      script_cve_id("CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241");
    
      script_name(english:"openSUSE 10 Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-5158)");
      script_summary(english:"Check for the mozilla-xulrunner181-5158 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update brings the Mozilla XULRunner engine to security update
    version 1.8.1.13
    
    Following security problems were fixed :
    
      - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant
        (cross-tab popups)
    
      - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java
        socket connection to any local port via LiveConnect
    
      - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL
        Client Authentication
    
      - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with
        malformed URLs
    
      - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes
        with evidence of memory corruption (rv:1.8.1.13)
    
      - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and
        CVE-2008-1235: JavaScript privilege escalation and
        arbitrary code execution."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mozilla-xulrunner181 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(59, 79, 94, 287, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:epiphany");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:epiphany-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:epiphany-extensions");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner181");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner181-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner181-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner181-l10n");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/04/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.2|SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2 / 10.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.2", reference:"epiphany-2.16.1-32") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"epiphany-devel-2.16.1-32") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"epiphany-extensions-2.16.1-32") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"mozilla-xulrunner181-1.8.1.13-0.1") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"mozilla-xulrunner181-devel-1.8.1.13-0.1") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"mozilla-xulrunner181-l10n-1.8.1.13-0.1") ) flag++;
    if ( rpm_check(release:"SUSE10.2", cpu:"x86_64", reference:"mozilla-xulrunner181-32bit-1.8.1.13-0.1") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"epiphany-2.20.0-8.3") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"epiphany-devel-2.20.0-8.3") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"epiphany-extensions-2.20.0-8.3") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"mozilla-xulrunner181-1.8.1.13-0.1") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"mozilla-xulrunner181-devel-1.8.1.13-0.1") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"mozilla-xulrunner181-l10n-1.8.1.13-0.1") ) flag++;
    if ( rpm_check(release:"SUSE10.3", cpu:"x86_64", reference:"mozilla-xulrunner181-32bit-1.8.1.13-0.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "epiphany / epiphany-devel / epiphany-extensions / etc");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_12B336C6FE3611DCB09C001C2514716C.NASL
    descriptionThe Mozilla Foundation reports of multiple security issues in Firefox, SeaMonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. - MFSA 2008-19 XUL popup spoofing variant (cross-tab popups) - MFSA 2008-18 Java socket connection to any local port via LiveConnect - MFSA 2008-17 Privacy issue with SSL Client Authentication - MFSA 2008-16 HTTP Referrer spoofing with malformed URLs - MFSA 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13) - MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution
    last seen2020-06-01
    modified2020-06-02
    plugin id31714
    published2008-03-31
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31714
    titleFreeBSD : mozilla -- multiple vulnerabilities (12b336c6-fe36-11dc-b09c-001c2514716c)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(31714);
      script_version("1.22");
      script_cvs_date("Date: 2019/08/02 13:32:39");
    
      script_cve_id("CVE-2007-4879", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241");
      script_bugtraq_id(28448);
    
      script_name(english:"FreeBSD : mozilla -- multiple vulnerabilities (12b336c6-fe36-11dc-b09c-001c2514716c)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Mozilla Foundation reports of multiple security issues in Firefox,
    SeaMonkey, and Thunderbird. Several of these issues can probably be
    used to run arbitrary code with the privilege of the user running the
    program.
    
    - MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
    
    - MFSA 2008-18 Java socket connection to any local port via
    LiveConnect
    
    - MFSA 2008-17 Privacy issue with SSL Client Authentication
    
    - MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
    
    - MFSA 2008-15 Crashes with evidence of memory corruption
    (rv:1.8.1.13)
    
    - MFSA 2008-14 JavaScript privilege escalation and arbitrary code
    execution"
      );
      # https://vuxml.freebsd.org/freebsd/12b336c6-fe36-11dc-b09c-001c2514716c.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?fe5374e1"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(59, 79, 94, 287, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:flock");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-firefox-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-flock");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-seamonkey-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:thunderbird");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/03/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/03/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/03/31");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"firefox<2.0.0.13,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-firefox<2.0.0.13")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-firefox-devel<2.0.0.13")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"seamonkey<1.1.9")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-seamonkey<1.1.9")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"flock<1.1.1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-flock<1.1.1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-seamonkey-devel>0")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"thunderbird<2.0.0.14")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-thunderbird<2.0.0.14")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200805-18.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200805-18 (Mozilla products: Multiple vulnerabilities) The following vulnerabilities were reported in all mentioned Mozilla products: Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul Nickerson reported browser crashes related to JavaScript methods, possibly triggering memory corruption (CVE-2008-0412). Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown, Philip Taylor, and tgirmann reported crashes in the JavaScript engine, possibly triggering memory corruption (CVE-2008-0413). David Bloom discovered a vulnerability in the way images are treated by the browser when a user leaves a page, possibly triggering memory corruption (CVE-2008-0419). moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of privilege escalation vulnerabilities related to JavaScript (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235). Mozilla developers identified browser crashes caused by the layout and JavaScript engines, possibly triggering memory corruption (CVE-2008-1236, CVE-2008-1237). moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from its sandboxed context and run with chrome privileges, and inject script content into another site, violating the browser
    last seen2020-06-01
    modified2020-06-02
    plugin id32416
    published2008-05-22
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/32416
    titleGLSA-200805-18 : Mozilla products: Multiple vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200805-18.
    #
    # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(32416);
      script_version("1.20");
      script_cvs_date("Date: 2019/08/02 13:32:45");
    
      script_cve_id("CVE-2007-4879", "CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241", "CVE-2008-1380");
      script_xref(name:"GLSA", value:"200805-18");
    
      script_name(english:"GLSA-200805-18 : Mozilla products: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200805-18
    (Mozilla products: Multiple vulnerabilities)
    
        The following vulnerabilities were reported in all mentioned Mozilla
        products:
        Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul
        Nickerson reported browser crashes related to JavaScript methods,
        possibly triggering memory corruption (CVE-2008-0412).
        Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,
        Philip Taylor, and tgirmann reported crashes in the JavaScript engine,
        possibly triggering memory corruption (CVE-2008-0413).
        David Bloom discovered a vulnerability in the way images are treated by
        the browser when a user leaves a page, possibly triggering memory
        corruption (CVE-2008-0419).
        moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of
        privilege escalation vulnerabilities related to JavaScript
        (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235).
        Mozilla developers identified browser crashes caused by the layout and
        JavaScript engines, possibly triggering memory corruption
        (CVE-2008-1236, CVE-2008-1237).
        moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from
        its sandboxed context and run with chrome privileges, and inject script
        content into another site, violating the browser's same origin policy
        (CVE-2008-0415).
        Gerry Eisenhaur discovered a directory traversal vulnerability when
        using 'flat' addons (CVE-2008-0418).
        Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu reported
        multiple character handling flaws related to the backspace character,
        the '0x80' character, involving zero-length non-ASCII sequences in
        multiple character sets, that could facilitate Cross-Site Scripting
        attacks (CVE-2008-0416).
        The following vulnerability was reported in Thunderbird and SeaMonkey:
        regenrecht (via iDefense) reported a heap-based buffer overflow when
        rendering an email message with an external MIME body (CVE-2008-0304).
        The following vulnerabilities were reported in Firefox, SeaMonkey and
        XULRunner:
        The fix for CVE-2008-1237 in Firefox 2.0.0.13
        and SeaMonkey 1.1.9 introduced a new crash vulnerability
        (CVE-2008-1380).
        hong and Gregory Fleischer each reported a
        variant on earlier reported bugs regarding focus shifting in file input
        controls (CVE-2008-0414).
        Gynvael Coldwind (Vexillium) discovered that BMP images could be used
        to reveal uninitialized memory, and that this data could be extracted
        using a 'canvas' feature (CVE-2008-0420).
        Chris Thomas reported that background tabs could create a borderless
        XUL pop-up in front of pages in other tabs (CVE-2008-1241).
        oo.rio.oo discovered that a plain text file with a
        'Content-Disposition: attachment' prevents Firefox from rendering
        future plain text files within the browser (CVE-2008-0592).
        Martin Straka reported that the '.href' property of stylesheet DOM
        nodes is modified to the final URI of a 302 redirect, bypassing the
        same origin policy (CVE-2008-0593).
        Gregory Fleischer discovered that under certain circumstances, leading
        characters from the hostname part of the 'Referer:' HTTP header are
        removed (CVE-2008-1238).
        Peter Brodersen and Alexander Klink reported that the browser
        automatically selected and sent a client certificate when SSL Client
        Authentication is requested by a server (CVE-2007-4879).
        Gregory Fleischer reported that web content fetched via the 'jar:'
        protocol was not subject to network access restrictions
        (CVE-2008-1240).
        The following vulnerabilities were reported in Firefox:
        Justin Dolske discovered a CRLF injection vulnerability when storing
        passwords (CVE-2008-0417).
        Michal Zalewski discovered that Firefox does not properly manage a
        delay timer used in confirmation dialogs (CVE-2008-0591).
        Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery
        warning dialog is not displayed if the entire contents of a web page
        are in a DIV tag that uses absolute positioning (CVE-2008-0594).
      
    Impact :
    
        A remote attacker could entice a user to view a specially crafted web
        page or email that will trigger one of the vulnerabilities, possibly
        leading to the execution of arbitrary code or a Denial of Service. It
        is also possible for an attacker to trick a user to upload arbitrary
        files when submitting a form, to corrupt saved passwords for other
        sites, to steal login credentials, or to conduct Cross-Site Scripting
        and Cross-Site Request Forgery attacks.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200805-18"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Mozilla Firefox users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-2.0.0.14'
        All Mozilla Firefox binary users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-bin-2.0.0.14'
        All Mozilla Thunderbird users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-2.0.0.14'
        All Mozilla Thunderbird binary users should upgrade to the latest
        version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-bin-2.0.0.14'
        All SeaMonkey users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=www-client/seamonkey-1.1.9-r1'
        All SeaMonkey binary users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-1.1.9'
        All XULRunner users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=net-libs/xulrunner-1.8.1.14'
        NOTE: The crash vulnerability (CVE-2008-1380) is currently unfixed in
        the SeaMonkey binary ebuild, as no precompiled packages have been
        released. Until an update is available, we recommend all SeaMonkey
        users to disable JavaScript, use Firefox for JavaScript-enabled
        browsing, or switch to the SeaMonkey source ebuild."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(20, 22, 59, 79, 94, 119, 200, 287, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-firefox-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xulrunner");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/05/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/22");
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/09/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"www-client/mozilla-firefox-bin", unaffected:make_list("ge 2.0.0.14"), vulnerable:make_list("lt 2.0.0.14"))) flag++;
    if (qpkg_check(package:"www-client/seamonkey-bin", unaffected:make_list("ge 1.1.9"), vulnerable:make_list("lt 1.1.9"))) flag++;
    if (qpkg_check(package:"mail-client/mozilla-thunderbird-bin", unaffected:make_list("ge 2.0.0.14"), vulnerable:make_list("lt 2.0.0.14"))) flag++;
    if (qpkg_check(package:"www-client/seamonkey", unaffected:make_list("ge 1.1.9-r1"), vulnerable:make_list("lt 1.1.9-r1"))) flag++;
    if (qpkg_check(package:"mail-client/mozilla-thunderbird", unaffected:make_list("ge 2.0.0.14"), vulnerable:make_list("lt 2.0.0.14"))) flag++;
    if (qpkg_check(package:"net-libs/xulrunner", unaffected:make_list("ge 1.8.1.14"), vulnerable:make_list("lt 1.8.1.14"))) flag++;
    if (qpkg_check(package:"www-client/mozilla-firefox", unaffected:make_list("ge 2.0.0.14"), vulnerable:make_list("lt 2.0.0.14"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla products");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0207.NASL
    descriptionFrom Red Hat Security Advisory 2008:0207 : Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) All Firefox users should upgrade to these updated packages, which contain backported patches that correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67675
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67675
    titleOracle Linux 4 / 5 : firefox (ELSA-2008-0207)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2008:0207 and 
    # Oracle Linux Security Advisory ELSA-2008-0207 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67675);
      script_version("1.11");
      script_cvs_date("Date: 2019/10/25 13:36:07");
    
      script_cve_id("CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241");
      script_bugtraq_id(28448);
      script_xref(name:"RHSA", value:"2008:0207");
    
      script_name(english:"Oracle Linux 4 / 5 : firefox (ELSA-2008-0207)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2008:0207 :
    
    Updated firefox packages that fix several security bugs are now
    available for Red Hat Enterprise Linux 4 and 5.
    
    This update has been rated as having critical security impact by the
    Red Hat Security Response Team.
    
    Mozilla Firefox is an open source Web browser.
    
    Several flaws were found in the processing of some malformed web
    content. A web page containing such malicious content could cause
    Firefox to crash or, potentially, execute arbitrary code as the user
    running Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,
    CVE-2008-1237)
    
    Several flaws were found in the display of malformed web content. A
    web page containing specially crafted content could, potentially,
    trick a Firefox user into surrendering sensitive information.
    (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)
    
    All Firefox users should upgrade to these updated packages, which
    contain backported patches that correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2008-March/000551.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2008-March/000552.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(59, 79, 94, 287, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:firefox-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/09/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/03/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4 / 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"firefox-1.5.0.12-0.14.el4.0.1")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"firefox-1.5.0.12-0.14.el4.0.1")) flag++;
    
    if (rpm_check(release:"EL5", reference:"firefox-1.5.0.12-14.el5_1.0.1")) flag++;
    if (rpm_check(release:"EL5", reference:"firefox-devel-1.5.0.12-14.el5_1.0.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / firefox-devel");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-592-1.NASL
    descriptionAlexey Proskuryakov, Yosuke Hasegawa and Simon Montagu discovered flaws in Firefox
    last seen2020-06-01
    modified2020-06-02
    plugin id31700
    published2008-03-28
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31700
    titleUbuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-592-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SEAMONKEY-5167.NASL
    descriptionThis update brings Mozilla SeaMonkey to the level of seamonkey security update version 1.1.9 Following security problems were fixed : - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant (cross-tab popups) - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java socket connection to any local port via LiveConnect - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL Client Authentication - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with malformed URLs - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with evidence of memory corruption (rv:1.8.1.13) - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235: JavaScript privilege escalation and arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id32027
    published2008-04-22
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/32027
    titleopenSUSE 10 Security Update : seamonkey (seamonkey-5167)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_20013.NASL
    descriptionThe installed version of Firefox is affected by various security issues : - A series of vulnerabilities that allow for JavaScript privilege escalation and arbitrary code execution. - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption. - An HTTP Referer spoofing issue with malformed URLs. - A privacy issue with SSL client authentication. - Web content fetched via the
    last seen2020-06-01
    modified2020-06-02
    plugin id31652
    published2008-03-26
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31652
    titleFirefox < 2.0.0.13 Multiple Vulnerabilities
  • NASL familyWindows
    NASL idSEAMONKEY_119.NASL
    descriptionThe installed version of SeaMonkey is affected by various security issues : - A series of vulnerabilities that allow for JavaScript privilege escalation and arbitrary code execution. - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption. - An HTTP Referer spoofing issue with malformed URLs. - A privacy issue with SSL client authentication. - Web content fetched via the
    last seen2020-06-01
    modified2020-06-02
    plugin id31653
    published2008-03-26
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31653
    titleSeaMonkey < 1.1.9 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-5134.NASL
    descriptionThis update brings Mozilla Firefox to security update version 2.0.0.13 Following security problems were fixed : - XUL popup spoofing variant (cross-tab popups). (MFSA 2008-19 / CVE-2008-1241) - Java socket connection to any local port via LiveConnect. (MFSA 2008-18 / CVE-2008-1195 / CVE-2008-1240) - Privacy issue with SSL Client Authentication. (MFSA 2008-17 / CVE-2007-4879) - HTTP Referrer spoofing with malformed URLs. (MFSA 2008-16 / CVE-2008-1238) - Crashes with evidence of memory corruption (rv:1.8.1.13). (MFSA 2008-15 / CVE-2008-1236 / CVE-2008-1237) - JavaScript privilege escalation and arbitrary code execution. (MFSA 2008-14 / CVE-2008-1233 / CVE-2008-1234 / CVE-2008-1235)
    last seen2020-06-01
    modified2020-06-02
    plugin id31722
    published2008-04-01
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31722
    titleSuSE 10 Security Update : Security update for (ZYPP Patch Number 5134)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1535.NASL
    description# This shares a lot of text with dsa-1532.wml, dsa-1534.wml, dsa-1574.wml Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-4879 Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy. - CVE-2008-1233
    last seen2020-06-01
    modified2020-06-02
    plugin id31806
    published2008-04-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31806
    titleDebian DSA-1535-1 : iceweasel - several vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLA-XULRUNNER-5164.NASL
    descriptionThis update fixes security issues also fixes in the Mozilla Firefox 2.0.0.13 update round. Following security problems were fixed : - XUL popup spoofing variant (cross-tab popups). (MFSA 2008-19 / CVE-2008-1241) - Java socket connection to any local port via LiveConnect. (MFSA 2008-18 / CVE-2008-1195 / CVE-2008-1240) - Privacy issue with SSL Client Authentication. (MFSA 2008-17 / CVE-2007-4879) - HTTP Referrer spoofing with malformed URLs. (MFSA 2008-16 / CVE-2008-1238) - Crashes with evidence of memory corruption (rv:1.8.1.13). (MFSA 2008-15 / CVE-2008-1236 / CVE-2008-1237) - JavaScript privilege escalation and arbitrary code execution. (MFSA 2008-14 / CVE-2008-1233 / CVE-2008-1234 / CVE-2008-1235)
    last seen2020-06-01
    modified2020-06-02
    plugin id31991
    published2008-04-18
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31991
    titleSuSE 10 Security Update : epiphany (ZYPP Patch Number 5164)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1534.NASL
    description# This shares a lot of text with dsa-1532.wml, dsa-1535.wml, dsa-1574.wml Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the SeaMonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-4879 Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy. - CVE-2008-1233
    last seen2020-06-01
    modified2020-06-02
    plugin id31711
    published2008-03-31
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31711
    titleDebian DSA-1534-1 : iceape - several vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-5135.NASL
    descriptionThis update brings Mozilla Firefox to security update version 2.0.0.13 Following security problems were fixed : - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant (cross-tab popups) - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java socket connection to any local port via LiveConnect - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL Client Authentication - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with malformed URLs - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with evidence of memory corruption (rv:1.8.1.13) - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235: JavaScript privilege escalation and arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id31715
    published2008-03-31
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31715
    titleopenSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-5135)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-080.NASL
    descriptionA number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.13. This update provides the latest Firefox to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36441
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36441
    titleMandriva Linux Security Advisory : mozilla-firefox (MDVSA-2008:080)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0207.NASL
    descriptionUpdated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) All Firefox users should upgrade to these updated packages, which contain backported patches that correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31684
    published2008-03-28
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31684
    titleCentOS 4 / 5 : firefox (CESA-2008:0207)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SEAMONKEY-5153.NASL
    descriptionThis update brings Mozilla SeaMonkey to security update version 1.1.9 Following security problems were fixed : - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant (cross-tab popups) - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java socket connection to any local port via LiveConnect - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL Client Authentication - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with malformed URLs - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with evidence of memory corruption (rv:1.8.1.13) - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235: JavaScript privilege escalation and arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id31845
    published2008-04-11
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31845
    titleopenSUSE 10 Security Update : seamonkey (seamonkey-5153)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLA-XULRUNNER-5163.NASL
    descriptionThis update brings the Mozilla XULRunner engine to security update version level 1.1.9 Following security problems were fixed : - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant (cross-tab popups) - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java socket connection to any local port via LiveConnect - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL Client Authentication - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with malformed URLs - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with evidence of memory corruption (rv:1.8.1.13) - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235: JavaScript privilege escalation and arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id32025
    published2008-04-22
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/32025
    titleopenSUSE 10 Security Update : mozilla-xulrunner (mozilla-xulrunner-5163)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0207.NASL
    descriptionUpdated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) All Firefox users should upgrade to these updated packages, which contain backported patches that correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31694
    published2008-03-28
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31694
    titleRHEL 4 / 5 : firefox (RHSA-2008:0207)

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 28448 CVE(CAN) ID: CVE-2008-1241,CVE-2008-1240,CVE-2007-4879,CVE-2008-1238,CVE-2008-1236,CVE-2008-1237,CVE-2008-1233,CVE-2008-1234,CVE-2008-1235 Firefox/Thunderbird/SeaMonkey是Mozilla所发布的WEB浏览器和邮件/新闻组客户端。 Firefox中的多个安全漏洞允许恶意用户泄露敏感信息、绕过安全限制、执行欺骗攻击或入侵用户系统。由于代码共享,Thunderbird和SeaMonkey也受这些漏洞的影响。 1) XPCNativeWrappers调用中的安全漏洞可能允许通过setTimeout()调用以用户权限执行任意Javascript代码。 2) Javascript引擎中的各种错误可能导致内存破坏,允许用户执行任意代码。 3) 如果向URL发送请求的HTTP Referer:头的Basic Authentication凭据中用户名为空的话,就可以绕过跨站请求伪造防护。 4) 在创建到请求了SSL客户端认证的Web服务器的连接时,Firefox提供了之前配置的私有SSL证书,这可能导致泄露敏感信息。 5) jar:协议处理中的错误可能导致创建到本地机器上任意端口的连接。 6) 在显示XUL弹出窗口时的错误可能被利用隐藏窗口边界,这有助于钓鱼攻击。 Mozilla Firefox &lt;= 2.0.0.12 Mozilla Thunderbird &lt;= 2.0.0.12 Mozilla SeaMonkey &lt;= 1.1.8 Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.mozilla.org/ target=_blank>http://www.mozilla.org/</a> RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2008:0207-01)以及相应补丁: RHSA-2008:0207-01:Critical: firefox security update 链接:<a href=https://www.redhat.com/support/errata/RHSA-2008-0207.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0207.html</a>
idSSV:3105
last seen2017-11-19
modified2008-03-31
published2008-03-31
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-3105
titleMozilla Thunderbird/Seamonkey/Firefox 2.0.0.13版本修复多个安全漏洞

References