Vulnerabilities > CVE-2008-1241 - Link Following vulnerability in Mozilla Firefox

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab.

Vulnerable Configurations

Part Description Count
Application
Mozilla
97

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Symlink Attack
    An attacker positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name. The endpoint file may be either output or input. If the file is output, the result is that the endpoint is modified, instead of a file at the intended location. Modifications to the endpoint file may include appending, overwriting, corrupting, changing permissions, or other modifications. In some variants of this attack the attacker may be able to control the change to a file while in other cases they cannot. The former is especially damaging since the attacker may be able to grant themselves increased privileges or insert false information, but the latter can also be damaging as it can expose sensitive information or corrupt or destroy vital system or application files. Alternatively, the endpoint file may serve as input to the targeted application. This can be used to feed malformed input into the target or to cause the target to process different information, possibly allowing the attacker to control the actions of the target or to cause the target to expose information to the attacker. Moreover, the actions taken on the endpoint file are undertaken with the permissions of the targeted user or application, which may exceed the permissions that the attacker would normally have.
  • Accessing, Modifying or Executing Executable Files
    An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Manipulating Input to File System Calls
    An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1532.NASL
    description# This shares a lot of text with dsa-1534.wml, dsa-1535.wml, dsa-1574.wml Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-4879 Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy. - CVE-2008-1233
    last seen2020-06-01
    modified2020-06-02
    plugin id31709
    published2008-03-31
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31709
    titleDebian DSA-1532-1 : xulrunner - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1532. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(31709);
      script_version("1.21");
      script_cvs_date("Date: 2019/08/02 13:32:21");
    
      script_cve_id("CVE-2007-4879", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241");
      script_bugtraq_id(28448);
      script_xref(name:"DSA", value:"1532");
    
      script_name(english:"Debian DSA-1532-1 : xulrunner - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "# This shares a lot of text with dsa-1534.wml, dsa-1535.wml,
    dsa-1574.wml
    
    Several remote vulnerabilities have been discovered in Xulrunner, a
    runtime environment for XUL applications. The Common Vulnerabilities
    and Exposures project identifies the following problems :
    
      - CVE-2007-4879
        Peter Brodersen and Alexander Klink discovered that the
        autoselection of SSL client certificates could lead to
        users being tracked, resulting in a loss of privacy.
    
      - CVE-2008-1233
        'moz_bug_r_a4' discovered that variants of CVE-2007-3738
        and CVE-2007-5338 allow the execution of arbitrary code
        through XPCNativeWrapper.
    
      - CVE-2008-1234
        'moz_bug_r_a4' discovered that insecure handling of
        event handlers could lead to cross-site scripting.
    
      - CVE-2008-1235
        Boris Zbarsky, Johnny Stenback and 'moz_bug_r_a4'
        discovered that incorrect principal handling could lead
        to cross-site scripting and the execution of arbitrary
        code.
    
      - CVE-2008-1236
        Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett
        and Mats Palmgren discovered crashes in the layout
        engine, which might allow the execution of arbitrary
        code.
    
      - CVE-2008-1237
        'georgi', 'tgirmann' and Igor Bukanov discovered crashes
        in the JavaScript engine, which might allow the
        execution of arbitrary code.
    
      - CVE-2008-1238
        Gregory Fleischer discovered that HTTP Referrer headers
        were handled incorrectly in combination with URLs
        containing Basic Authentication credentials with empty
        usernames, resulting in potential Cross-Site Request
        Forgery attacks.
    
      - CVE-2008-1240
        Gregory Fleischer discovered that web content fetched
        through the jar: protocol can use Java to connect to
        arbitrary ports. This is only an issue in combination
        with the non-free Java plugin.
    
      - CVE-2008-1241
        Chris Thomas discovered that background tabs could
        generate XUL popups overlaying the current tab,
        resulting in potential spoofing attacks.
    
    The Mozilla products from the old stable distribution (sarge) are no
    longer supported."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-4879"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-1233"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-3738"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-5338"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-1234"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-1235"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-1236"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-1237"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-1238"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-1240"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-1241"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2008/dsa-1532"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the xulrunner packages.
    
    For the stable distribution (etch), these problems have been fixed in
    version 1.8.0.15~pre080323b-0etch1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(59, 79, 94, 287, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xulrunner");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/03/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/03/31");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"4.0", prefix:"libmozillainterfaces-java", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libmozjs-dev", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libmozjs0d", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libmozjs0d-dbg", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libnspr4-0d", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libnspr4-0d-dbg", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libnspr4-dev", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libnss3-0d", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libnss3-0d-dbg", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libnss3-dev", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libnss3-tools", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libsmjs-dev", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libsmjs1", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libxul-common", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libxul-dev", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libxul0d", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libxul0d-dbg", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"python-xpcom", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"spidermonkey-bin", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"xulrunner", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"xulrunner-gnome-support", reference:"1.8.0.15~pre080323b-0etch1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLA-XULRUNNER181-5158.NASL
    descriptionThis update brings the Mozilla XULRunner engine to security update version 1.8.1.13 Following security problems were fixed : - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant (cross-tab popups) - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java socket connection to any local port via LiveConnect - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL Client Authentication - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with malformed URLs - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with evidence of memory corruption (rv:1.8.1.13) - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235: JavaScript privilege escalation and arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id32026
    published2008-04-22
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/32026
    titleopenSUSE 10 Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-5158)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update mozilla-xulrunner181-5158.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(32026);
      script_version ("1.10");
      script_cvs_date("Date: 2019/10/25 13:36:32");
    
      script_cve_id("CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241");
    
      script_name(english:"openSUSE 10 Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-5158)");
      script_summary(english:"Check for the mozilla-xulrunner181-5158 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update brings the Mozilla XULRunner engine to security update
    version 1.8.1.13
    
    Following security problems were fixed :
    
      - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant
        (cross-tab popups)
    
      - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java
        socket connection to any local port via LiveConnect
    
      - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL
        Client Authentication
    
      - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with
        malformed URLs
    
      - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes
        with evidence of memory corruption (rv:1.8.1.13)
    
      - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and
        CVE-2008-1235: JavaScript privilege escalation and
        arbitrary code execution."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mozilla-xulrunner181 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(59, 79, 94, 287, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:epiphany");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:epiphany-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:epiphany-extensions");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner181");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner181-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner181-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner181-l10n");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/04/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.2|SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2 / 10.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.2", reference:"epiphany-2.16.1-32") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"epiphany-devel-2.16.1-32") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"epiphany-extensions-2.16.1-32") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"mozilla-xulrunner181-1.8.1.13-0.1") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"mozilla-xulrunner181-devel-1.8.1.13-0.1") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"mozilla-xulrunner181-l10n-1.8.1.13-0.1") ) flag++;
    if ( rpm_check(release:"SUSE10.2", cpu:"x86_64", reference:"mozilla-xulrunner181-32bit-1.8.1.13-0.1") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"epiphany-2.20.0-8.3") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"epiphany-devel-2.20.0-8.3") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"epiphany-extensions-2.20.0-8.3") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"mozilla-xulrunner181-1.8.1.13-0.1") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"mozilla-xulrunner181-devel-1.8.1.13-0.1") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"mozilla-xulrunner181-l10n-1.8.1.13-0.1") ) flag++;
    if ( rpm_check(release:"SUSE10.3", cpu:"x86_64", reference:"mozilla-xulrunner181-32bit-1.8.1.13-0.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "epiphany / epiphany-devel / epiphany-extensions / etc");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080326_FIREFOX_ON_SL4_X.NASL
    descriptionSeveral flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)
    last seen2020-06-01
    modified2020-06-02
    plugin id60376
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60376
    titleScientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60376);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/25 13:36:17");
    
      script_cve_id("CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241");
    
      script_name(english:"Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several flaws were found in the processing of some malformed web
    content. A web page containing such malicious content could cause
    Firefox to crash or, potentially, execute arbitrary code as the user
    running Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236,
    CVE-2008-1237)
    
    Several flaws were found in the display of malformed web content. A
    web page containing specially crafted content could, potentially,
    trick a Firefox user into surrendering sensitive information.
    (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0803&L=scientific-linux-errata&T=0&P=1821
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0f432dd3"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox and / or firefox-devel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(59, 79, 94, 287, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/03/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL4", reference:"firefox-1.5.0.12-0.14.el4")) flag++;
    
    if (rpm_check(release:"SL5", reference:"firefox-1.5.0.12-14.el5_1")) flag++;
    if (rpm_check(release:"SL5", reference:"firefox-devel-1.5.0.12-14.el5_1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0209.NASL
    descriptionFrom Red Hat Security Advisory 2008:0209 : Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of some malformed HTML mail content. An HTML mail message containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. An HTML mail message containing specially crafted content could, potentially, trick a user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67677
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67677
    titleOracle Linux 4 : thunderbird (ELSA-2008-0209)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2008:0209 and 
    # Oracle Linux Security Advisory ELSA-2008-0209 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67677);
      script_version("1.10");
      script_cvs_date("Date: 2019/10/25 13:36:07");
    
      script_cve_id("CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241");
      script_bugtraq_id(28448);
      script_xref(name:"RHSA", value:"2008:0209");
    
      script_name(english:"Oracle Linux 4 : thunderbird (ELSA-2008-0209)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2008:0209 :
    
    Updated thunderbird packages that fix several security issues are now
    available for Red Hat Enterprise Linux 4 and 5.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Mozilla Thunderbird is a standalone mail and newsgroup client.
    
    Several flaws were found in the processing of some malformed HTML mail
    content. An HTML mail message containing such malicious content could
    cause Thunderbird to crash or, potentially, execute arbitrary code as
    the user running Thunderbird. (CVE-2008-1233, CVE-2008-1235,
    CVE-2008-1236, CVE-2008-1237)
    
    Several flaws were found in the display of malformed web content. An
    HTML mail message containing specially crafted content could,
    potentially, trick a user into surrendering sensitive information.
    (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)
    
    Note: JavaScript support is disabled by default in Thunderbird; the
    above issues are not exploitable unless JavaScript is enabled.
    
    All Thunderbird users should upgrade to these updated packages, which
    contain backported patches to resolve these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2008-April/000559.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected thunderbird package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(59, 79, 94, 287, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:thunderbird");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/03/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/04/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"thunderbird-1.5.0.12-10.el4.0.1")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"thunderbird-1.5.0.12-10.el4.0.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_12B336C6FE3611DCB09C001C2514716C.NASL
    descriptionThe Mozilla Foundation reports of multiple security issues in Firefox, SeaMonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. - MFSA 2008-19 XUL popup spoofing variant (cross-tab popups) - MFSA 2008-18 Java socket connection to any local port via LiveConnect - MFSA 2008-17 Privacy issue with SSL Client Authentication - MFSA 2008-16 HTTP Referrer spoofing with malformed URLs - MFSA 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13) - MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution
    last seen2020-06-01
    modified2020-06-02
    plugin id31714
    published2008-03-31
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31714
    titleFreeBSD : mozilla -- multiple vulnerabilities (12b336c6-fe36-11dc-b09c-001c2514716c)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(31714);
      script_version("1.22");
      script_cvs_date("Date: 2019/08/02 13:32:39");
    
      script_cve_id("CVE-2007-4879", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241");
      script_bugtraq_id(28448);
    
      script_name(english:"FreeBSD : mozilla -- multiple vulnerabilities (12b336c6-fe36-11dc-b09c-001c2514716c)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Mozilla Foundation reports of multiple security issues in Firefox,
    SeaMonkey, and Thunderbird. Several of these issues can probably be
    used to run arbitrary code with the privilege of the user running the
    program.
    
    - MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
    
    - MFSA 2008-18 Java socket connection to any local port via
    LiveConnect
    
    - MFSA 2008-17 Privacy issue with SSL Client Authentication
    
    - MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
    
    - MFSA 2008-15 Crashes with evidence of memory corruption
    (rv:1.8.1.13)
    
    - MFSA 2008-14 JavaScript privilege escalation and arbitrary code
    execution"
      );
      # https://vuxml.freebsd.org/freebsd/12b336c6-fe36-11dc-b09c-001c2514716c.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?fe5374e1"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(59, 79, 94, 287, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:flock");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-firefox-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-flock");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-seamonkey-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:thunderbird");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/03/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/03/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/03/31");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"firefox<2.0.0.13,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-firefox<2.0.0.13")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-firefox-devel<2.0.0.13")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"seamonkey<1.1.9")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-seamonkey<1.1.9")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"flock<1.1.1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-flock<1.1.1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-seamonkey-devel>0")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"thunderbird<2.0.0.14")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-thunderbird<2.0.0.14")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200805-18.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200805-18 (Mozilla products: Multiple vulnerabilities) The following vulnerabilities were reported in all mentioned Mozilla products: Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul Nickerson reported browser crashes related to JavaScript methods, possibly triggering memory corruption (CVE-2008-0412). Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown, Philip Taylor, and tgirmann reported crashes in the JavaScript engine, possibly triggering memory corruption (CVE-2008-0413). David Bloom discovered a vulnerability in the way images are treated by the browser when a user leaves a page, possibly triggering memory corruption (CVE-2008-0419). moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of privilege escalation vulnerabilities related to JavaScript (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235). Mozilla developers identified browser crashes caused by the layout and JavaScript engines, possibly triggering memory corruption (CVE-2008-1236, CVE-2008-1237). moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from its sandboxed context and run with chrome privileges, and inject script content into another site, violating the browser
    last seen2020-06-01
    modified2020-06-02
    plugin id32416
    published2008-05-22
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/32416
    titleGLSA-200805-18 : Mozilla products: Multiple vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200805-18.
    #
    # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(32416);
      script_version("1.20");
      script_cvs_date("Date: 2019/08/02 13:32:45");
    
      script_cve_id("CVE-2007-4879", "CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241", "CVE-2008-1380");
      script_xref(name:"GLSA", value:"200805-18");
    
      script_name(english:"GLSA-200805-18 : Mozilla products: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200805-18
    (Mozilla products: Multiple vulnerabilities)
    
        The following vulnerabilities were reported in all mentioned Mozilla
        products:
        Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul
        Nickerson reported browser crashes related to JavaScript methods,
        possibly triggering memory corruption (CVE-2008-0412).
        Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,
        Philip Taylor, and tgirmann reported crashes in the JavaScript engine,
        possibly triggering memory corruption (CVE-2008-0413).
        David Bloom discovered a vulnerability in the way images are treated by
        the browser when a user leaves a page, possibly triggering memory
        corruption (CVE-2008-0419).
        moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of
        privilege escalation vulnerabilities related to JavaScript
        (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235).
        Mozilla developers identified browser crashes caused by the layout and
        JavaScript engines, possibly triggering memory corruption
        (CVE-2008-1236, CVE-2008-1237).
        moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from
        its sandboxed context and run with chrome privileges, and inject script
        content into another site, violating the browser's same origin policy
        (CVE-2008-0415).
        Gerry Eisenhaur discovered a directory traversal vulnerability when
        using 'flat' addons (CVE-2008-0418).
        Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu reported
        multiple character handling flaws related to the backspace character,
        the '0x80' character, involving zero-length non-ASCII sequences in
        multiple character sets, that could facilitate Cross-Site Scripting
        attacks (CVE-2008-0416).
        The following vulnerability was reported in Thunderbird and SeaMonkey:
        regenrecht (via iDefense) reported a heap-based buffer overflow when
        rendering an email message with an external MIME body (CVE-2008-0304).
        The following vulnerabilities were reported in Firefox, SeaMonkey and
        XULRunner:
        The fix for CVE-2008-1237 in Firefox 2.0.0.13
        and SeaMonkey 1.1.9 introduced a new crash vulnerability
        (CVE-2008-1380).
        hong and Gregory Fleischer each reported a
        variant on earlier reported bugs regarding focus shifting in file input
        controls (CVE-2008-0414).
        Gynvael Coldwind (Vexillium) discovered that BMP images could be used
        to reveal uninitialized memory, and that this data could be extracted
        using a 'canvas' feature (CVE-2008-0420).
        Chris Thomas reported that background tabs could create a borderless
        XUL pop-up in front of pages in other tabs (CVE-2008-1241).
        oo.rio.oo discovered that a plain text file with a
        'Content-Disposition: attachment' prevents Firefox from rendering
        future plain text files within the browser (CVE-2008-0592).
        Martin Straka reported that the '.href' property of stylesheet DOM
        nodes is modified to the final URI of a 302 redirect, bypassing the
        same origin policy (CVE-2008-0593).
        Gregory Fleischer discovered that under certain circumstances, leading
        characters from the hostname part of the 'Referer:' HTTP header are
        removed (CVE-2008-1238).
        Peter Brodersen and Alexander Klink reported that the browser
        automatically selected and sent a client certificate when SSL Client
        Authentication is requested by a server (CVE-2007-4879).
        Gregory Fleischer reported that web content fetched via the 'jar:'
        protocol was not subject to network access restrictions
        (CVE-2008-1240).
        The following vulnerabilities were reported in Firefox:
        Justin Dolske discovered a CRLF injection vulnerability when storing
        passwords (CVE-2008-0417).
        Michal Zalewski discovered that Firefox does not properly manage a
        delay timer used in confirmation dialogs (CVE-2008-0591).
        Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery
        warning dialog is not displayed if the entire contents of a web page
        are in a DIV tag that uses absolute positioning (CVE-2008-0594).
      
    Impact :
    
        A remote attacker could entice a user to view a specially crafted web
        page or email that will trigger one of the vulnerabilities, possibly
        leading to the execution of arbitrary code or a Denial of Service. It
        is also possible for an attacker to trick a user to upload arbitrary
        files when submitting a form, to corrupt saved passwords for other
        sites, to steal login credentials, or to conduct Cross-Site Scripting
        and Cross-Site Request Forgery attacks.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200805-18"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Mozilla Firefox users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-2.0.0.14'
        All Mozilla Firefox binary users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-bin-2.0.0.14'
        All Mozilla Thunderbird users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-2.0.0.14'
        All Mozilla Thunderbird binary users should upgrade to the latest
        version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-bin-2.0.0.14'
        All SeaMonkey users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=www-client/seamonkey-1.1.9-r1'
        All SeaMonkey binary users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-1.1.9'
        All XULRunner users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=net-libs/xulrunner-1.8.1.14'
        NOTE: The crash vulnerability (CVE-2008-1380) is currently unfixed in
        the SeaMonkey binary ebuild, as no precompiled packages have been
        released. Until an update is available, we recommend all SeaMonkey
        users to disable JavaScript, use Firefox for JavaScript-enabled
        browsing, or switch to the SeaMonkey source ebuild."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(20, 22, 59, 79, 94, 119, 200, 287, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-firefox-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xulrunner");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/05/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/22");
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/09/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"www-client/mozilla-firefox-bin", unaffected:make_list("ge 2.0.0.14"), vulnerable:make_list("lt 2.0.0.14"))) flag++;
    if (qpkg_check(package:"www-client/seamonkey-bin", unaffected:make_list("ge 1.1.9"), vulnerable:make_list("lt 1.1.9"))) flag++;
    if (qpkg_check(package:"mail-client/mozilla-thunderbird-bin", unaffected:make_list("ge 2.0.0.14"), vulnerable:make_list("lt 2.0.0.14"))) flag++;
    if (qpkg_check(package:"www-client/seamonkey", unaffected:make_list("ge 1.1.9-r1"), vulnerable:make_list("lt 1.1.9-r1"))) flag++;
    if (qpkg_check(package:"mail-client/mozilla-thunderbird", unaffected:make_list("ge 2.0.0.14"), vulnerable:make_list("lt 2.0.0.14"))) flag++;
    if (qpkg_check(package:"net-libs/xulrunner", unaffected:make_list("ge 1.8.1.14"), vulnerable:make_list("lt 1.8.1.14"))) flag++;
    if (qpkg_check(package:"www-client/mozilla-firefox", unaffected:make_list("ge 2.0.0.14"), vulnerable:make_list("lt 2.0.0.14"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla products");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0209.NASL
    descriptionUpdated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of some malformed HTML mail content. An HTML mail message containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. An HTML mail message containing specially crafted content could, potentially, trick a user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31757
    published2008-04-04
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31757
    titleRHEL 4 / 5 : thunderbird (RHSA-2008:0209)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0207.NASL
    descriptionFrom Red Hat Security Advisory 2008:0207 : Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) All Firefox users should upgrade to these updated packages, which contain backported patches that correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67675
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67675
    titleOracle Linux 4 / 5 : firefox (ELSA-2008-0207)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-2682.NASL
    descriptionMozilla Firefox is an open source Web browser. Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) All Firefox users should upgrade to these updated packages, which correct these issues, and are rebuilt against the update Firefox packages. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31691
    published2008-03-28
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31691
    titleFedora 8 : Miro-1.1.2-2.fc8 / blam-1.8.3-14.fc8 / chmsee-1.0.0-1.30.fc8 / devhelp-0.16.1-6.fc8 / etc (2008-2682)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-2662.NASL
    descriptionMozilla Firefox is an open source Web browser. Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) All Firefox users should upgrade to these updated packages, which correct these issues, and are rebuilt against the update Firefox packages. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31689
    published2008-03-28
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31689
    titleFedora 7 : Miro-1.1.2-2.fc7 / chmsee-1.0.0-1.30.fc7 / devhelp-0.13-15.fc7 / epiphany-2.18.3-8.fc7 / etc (2008-2662)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-592-1.NASL
    descriptionAlexey Proskuryakov, Yosuke Hasegawa and Simon Montagu discovered flaws in Firefox
    last seen2020-06-01
    modified2020-06-02
    plugin id31700
    published2008-03-28
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31700
    titleUbuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-592-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0208.NASL
    descriptionUpdated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) All SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31695
    published2008-03-28
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31695
    titleRHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0208)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SEAMONKEY-5167.NASL
    descriptionThis update brings Mozilla SeaMonkey to the level of seamonkey security update version 1.1.9 Following security problems were fixed : - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant (cross-tab popups) - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java socket connection to any local port via LiveConnect - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL Client Authentication - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with malformed URLs - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with evidence of memory corruption (rv:1.8.1.13) - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235: JavaScript privilege escalation and arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id32027
    published2008-04-22
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/32027
    titleopenSUSE 10 Security Update : seamonkey (seamonkey-5167)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_20013.NASL
    descriptionThe installed version of Firefox is affected by various security issues : - A series of vulnerabilities that allow for JavaScript privilege escalation and arbitrary code execution. - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption. - An HTTP Referer spoofing issue with malformed URLs. - A privacy issue with SSL client authentication. - Web content fetched via the
    last seen2020-06-01
    modified2020-06-02
    plugin id31652
    published2008-03-26
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31652
    titleFirefox < 2.0.0.13 Multiple Vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0209.NASL
    descriptionUpdated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of some malformed HTML mail content. An HTML mail message containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. An HTML mail message containing specially crafted content could, potentially, trick a user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31946
    published2008-04-17
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31946
    titleCentOS 4 / 5 : thunderbird (CESA-2008:0209)
  • NASL familyWindows
    NASL idSEAMONKEY_119.NASL
    descriptionThe installed version of SeaMonkey is affected by various security issues : - A series of vulnerabilities that allow for JavaScript privilege escalation and arbitrary code execution. - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption. - An HTTP Referer spoofing issue with malformed URLs. - A privacy issue with SSL client authentication. - Web content fetched via the
    last seen2020-06-01
    modified2020-06-02
    plugin id31653
    published2008-03-26
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31653
    titleSeaMonkey < 1.1.9 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-5134.NASL
    descriptionThis update brings Mozilla Firefox to security update version 2.0.0.13 Following security problems were fixed : - XUL popup spoofing variant (cross-tab popups). (MFSA 2008-19 / CVE-2008-1241) - Java socket connection to any local port via LiveConnect. (MFSA 2008-18 / CVE-2008-1195 / CVE-2008-1240) - Privacy issue with SSL Client Authentication. (MFSA 2008-17 / CVE-2007-4879) - HTTP Referrer spoofing with malformed URLs. (MFSA 2008-16 / CVE-2008-1238) - Crashes with evidence of memory corruption (rv:1.8.1.13). (MFSA 2008-15 / CVE-2008-1236 / CVE-2008-1237) - JavaScript privilege escalation and arbitrary code execution. (MFSA 2008-14 / CVE-2008-1233 / CVE-2008-1234 / CVE-2008-1235)
    last seen2020-06-01
    modified2020-06-02
    plugin id31722
    published2008-04-01
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31722
    titleSuSE 10 Security Update : Security update for (ZYPP Patch Number 5134)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1535.NASL
    description# This shares a lot of text with dsa-1532.wml, dsa-1534.wml, dsa-1574.wml Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-4879 Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy. - CVE-2008-1233
    last seen2020-06-01
    modified2020-06-02
    plugin id31806
    published2008-04-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31806
    titleDebian DSA-1535-1 : iceweasel - several vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLA-XULRUNNER-5164.NASL
    descriptionThis update fixes security issues also fixes in the Mozilla Firefox 2.0.0.13 update round. Following security problems were fixed : - XUL popup spoofing variant (cross-tab popups). (MFSA 2008-19 / CVE-2008-1241) - Java socket connection to any local port via LiveConnect. (MFSA 2008-18 / CVE-2008-1195 / CVE-2008-1240) - Privacy issue with SSL Client Authentication. (MFSA 2008-17 / CVE-2007-4879) - HTTP Referrer spoofing with malformed URLs. (MFSA 2008-16 / CVE-2008-1238) - Crashes with evidence of memory corruption (rv:1.8.1.13). (MFSA 2008-15 / CVE-2008-1236 / CVE-2008-1237) - JavaScript privilege escalation and arbitrary code execution. (MFSA 2008-14 / CVE-2008-1233 / CVE-2008-1234 / CVE-2008-1235)
    last seen2020-06-01
    modified2020-06-02
    plugin id31991
    published2008-04-18
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31991
    titleSuSE 10 Security Update : epiphany (ZYPP Patch Number 5164)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1534.NASL
    description# This shares a lot of text with dsa-1532.wml, dsa-1535.wml, dsa-1574.wml Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the SeaMonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-4879 Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy. - CVE-2008-1233
    last seen2020-06-01
    modified2020-06-02
    plugin id31711
    published2008-03-31
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31711
    titleDebian DSA-1534-1 : iceape - several vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-5135.NASL
    descriptionThis update brings Mozilla Firefox to security update version 2.0.0.13 Following security problems were fixed : - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant (cross-tab popups) - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java socket connection to any local port via LiveConnect - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL Client Authentication - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with malformed URLs - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with evidence of memory corruption (rv:1.8.1.13) - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235: JavaScript privilege escalation and arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id31715
    published2008-03-31
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31715
    titleopenSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-5135)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-080.NASL
    descriptionA number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.13. This update provides the latest Firefox to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36441
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36441
    titleMandriva Linux Security Advisory : mozilla-firefox (MDVSA-2008:080)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080327_SEAMONKEY_ON_SL3_X.NASL
    descriptionSeveral flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)
    last seen2020-06-01
    modified2020-06-02
    plugin id60377
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60377
    titleScientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0207.NASL
    descriptionUpdated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) All Firefox users should upgrade to these updated packages, which contain backported patches that correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31684
    published2008-03-28
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31684
    titleCentOS 4 / 5 : firefox (CESA-2008:0207)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SEAMONKEY-5153.NASL
    descriptionThis update brings Mozilla SeaMonkey to security update version 1.1.9 Following security problems were fixed : - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant (cross-tab popups) - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java socket connection to any local port via LiveConnect - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL Client Authentication - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with malformed URLs - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with evidence of memory corruption (rv:1.8.1.13) - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235: JavaScript privilege escalation and arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id31845
    published2008-04-11
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31845
    titleopenSUSE 10 Security Update : seamonkey (seamonkey-5153)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0208.NASL
    descriptionUpdated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) All SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31685
    published2008-03-28
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31685
    titleCentOS 3 / 4 : seamonkey (CESA-2008:0208)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLA-XULRUNNER-5163.NASL
    descriptionThis update brings the Mozilla XULRunner engine to security update version level 1.1.9 Following security problems were fixed : - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant (cross-tab popups) - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java socket connection to any local port via LiveConnect - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL Client Authentication - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with malformed URLs - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with evidence of memory corruption (rv:1.8.1.13) - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235: JavaScript privilege escalation and arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id32025
    published2008-04-22
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/32025
    titleopenSUSE 10 Security Update : mozilla-xulrunner (mozilla-xulrunner-5163)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0208.NASL
    descriptionFrom Red Hat Security Advisory 2008:0208 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) All SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67676
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67676
    titleOracle Linux 3 / 4 : seamonkey (ELSA-2008-0208)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0207.NASL
    descriptionUpdated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) All Firefox users should upgrade to these updated packages, which contain backported patches that correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31694
    published2008-03-28
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31694
    titleRHEL 4 / 5 : firefox (RHSA-2008:0207)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080403_THUNDERBIRD_ON_SL4_X.NASL
    descriptionSeveral flaws were found in the processing of some malformed HTML mail content. An HTML mail message containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. An HTML mail message containing specially crafted content could, potentially, trick a user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)
    last seen2020-06-01
    modified2020-06-02
    plugin id60380
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60380
    titleScientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64

Oval

accepted2013-04-29T04:11:59.210-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionGUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab.
familyunix
idoval:org.mitre.oval:def:11163
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleGUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab.
version27

Redhat

advisories
  • bugzilla
    id438730
    titleCVE-2008-1241 XUL popup spoofing
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • commentfirefox is earlier than 0:1.5.0.12-0.14.el4
        ovaloval:com.redhat.rhsa:tst:20080207001
      • commentfirefox is signed with Red Hat master key
        ovaloval:com.redhat.rhsa:tst:20060200002
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • commentfirefox is earlier than 0:1.5.0.12-14.el5_1
        ovaloval:com.redhat.rhsa:tst:20080207004
      • commentfirefox is signed with Red Hat redhatrelease key
        ovaloval:com.redhat.rhsa:tst:20070097008
    rhsa
    idRHSA-2008:0207
    released2008-03-26
    severityCritical
    titleRHSA-2008:0207: firefox security update (Critical)
  • bugzilla
    id438730
    titleCVE-2008-1241 XUL popup spoofing
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commentseamonkey-chat is earlier than 0:1.0.9-15.el4
            ovaloval:com.redhat.rhsa:tst:20080208001
          • commentseamonkey-chat is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609004
        • AND
          • commentseamonkey-mail is earlier than 0:1.0.9-15.el4
            ovaloval:com.redhat.rhsa:tst:20080208003
          • commentseamonkey-mail is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609012
        • AND
          • commentseamonkey-js-debugger is earlier than 0:1.0.9-15.el4
            ovaloval:com.redhat.rhsa:tst:20080208005
          • commentseamonkey-js-debugger is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609002
        • AND
          • commentseamonkey-devel is earlier than 0:1.0.9-15.el4
            ovaloval:com.redhat.rhsa:tst:20080208007
          • commentseamonkey-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609010
        • AND
          • commentseamonkey-dom-inspector is earlier than 0:1.0.9-15.el4
            ovaloval:com.redhat.rhsa:tst:20080208009
          • commentseamonkey-dom-inspector is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609008
        • AND
          • commentseamonkey is earlier than 0:1.0.9-15.el4
            ovaloval:com.redhat.rhsa:tst:20080208011
          • commentseamonkey is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609006
    rhsa
    idRHSA-2008:0208
    released2008-03-27
    severityCritical
    titleRHSA-2008:0208: seamonkey security update (Critical)
  • bugzilla
    id438730
    titleCVE-2008-1241 XUL popup spoofing
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • commentthunderbird is earlier than 0:1.5.0.12-10.el4
        ovaloval:com.redhat.rhsa:tst:20080209001
      • commentthunderbird is signed with Red Hat master key
        ovaloval:com.redhat.rhsa:tst:20060330002
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • commentthunderbird is earlier than 0:1.5.0.12-11.el5_1
        ovaloval:com.redhat.rhsa:tst:20080209004
      • commentthunderbird is signed with Red Hat redhatrelease key
        ovaloval:com.redhat.rhsa:tst:20070108002
    rhsa
    idRHSA-2008:0209
    released2008-04-03
    severityModerate
    titleRHSA-2008:0209: thunderbird security update (Moderate)
rpms
  • firefox-0:1.5.0.12-0.14.el4
  • firefox-0:1.5.0.12-14.el5_1
  • firefox-debuginfo-0:1.5.0.12-0.14.el4
  • firefox-debuginfo-0:1.5.0.12-14.el5_1
  • seamonkey-0:1.0.9-0.14.el2
  • seamonkey-0:1.0.9-0.16.el3
  • seamonkey-0:1.0.9-15.el4
  • seamonkey-chat-0:1.0.9-0.14.el2
  • seamonkey-chat-0:1.0.9-0.16.el3
  • seamonkey-chat-0:1.0.9-15.el4
  • seamonkey-debuginfo-0:1.0.9-0.16.el3
  • seamonkey-debuginfo-0:1.0.9-15.el4
  • seamonkey-devel-0:1.0.9-0.14.el2
  • seamonkey-devel-0:1.0.9-0.16.el3
  • seamonkey-devel-0:1.0.9-15.el4
  • seamonkey-dom-inspector-0:1.0.9-0.14.el2
  • seamonkey-dom-inspector-0:1.0.9-0.16.el3
  • seamonkey-dom-inspector-0:1.0.9-15.el4
  • seamonkey-js-debugger-0:1.0.9-0.14.el2
  • seamonkey-js-debugger-0:1.0.9-0.16.el3
  • seamonkey-js-debugger-0:1.0.9-15.el4
  • seamonkey-mail-0:1.0.9-0.14.el2
  • seamonkey-mail-0:1.0.9-0.16.el3
  • seamonkey-mail-0:1.0.9-15.el4
  • seamonkey-nspr-0:1.0.9-0.14.el2
  • seamonkey-nspr-0:1.0.9-0.16.el3
  • seamonkey-nspr-devel-0:1.0.9-0.14.el2
  • seamonkey-nspr-devel-0:1.0.9-0.16.el3
  • seamonkey-nss-0:1.0.9-0.14.el2
  • seamonkey-nss-0:1.0.9-0.16.el3
  • seamonkey-nss-devel-0:1.0.9-0.14.el2
  • seamonkey-nss-devel-0:1.0.9-0.16.el3
  • thunderbird-0:1.5.0.12-10.el4
  • thunderbird-0:1.5.0.12-11.el5_1
  • thunderbird-debuginfo-0:1.5.0.12-10.el4
  • thunderbird-debuginfo-0:1.5.0.12-11.el5_1

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 28448 CVE(CAN) ID: CVE-2008-1241,CVE-2008-1240,CVE-2007-4879,CVE-2008-1238,CVE-2008-1236,CVE-2008-1237,CVE-2008-1233,CVE-2008-1234,CVE-2008-1235 Firefox/Thunderbird/SeaMonkey是Mozilla所发布的WEB浏览器和邮件/新闻组客户端。 Firefox中的多个安全漏洞允许恶意用户泄露敏感信息、绕过安全限制、执行欺骗攻击或入侵用户系统。由于代码共享,Thunderbird和SeaMonkey也受这些漏洞的影响。 1) XPCNativeWrappers调用中的安全漏洞可能允许通过setTimeout()调用以用户权限执行任意Javascript代码。 2) Javascript引擎中的各种错误可能导致内存破坏,允许用户执行任意代码。 3) 如果向URL发送请求的HTTP Referer:头的Basic Authentication凭据中用户名为空的话,就可以绕过跨站请求伪造防护。 4) 在创建到请求了SSL客户端认证的Web服务器的连接时,Firefox提供了之前配置的私有SSL证书,这可能导致泄露敏感信息。 5) jar:协议处理中的错误可能导致创建到本地机器上任意端口的连接。 6) 在显示XUL弹出窗口时的错误可能被利用隐藏窗口边界,这有助于钓鱼攻击。 Mozilla Firefox &lt;= 2.0.0.12 Mozilla Thunderbird &lt;= 2.0.0.12 Mozilla SeaMonkey &lt;= 1.1.8 Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.mozilla.org/ target=_blank>http://www.mozilla.org/</a> RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2008:0207-01)以及相应补丁: RHSA-2008:0207-01:Critical: firefox security update 链接:<a href=https://www.redhat.com/support/errata/RHSA-2008-0207.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0207.html</a>
idSSV:3105
last seen2017-11-19
modified2008-03-31
published2008-03-31
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-3105
titleMozilla Thunderbird/Seamonkey/Firefox 2.0.0.13版本修复多个安全漏洞

References