Vulnerabilities > CVE-2008-2806 - Improper Input Validation vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

#
# (C) Tenable Network Security, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(33394);
  script_version("1.17");

  script_cve_id("CVE-2008-1380", "CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800",
                "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805",
                "CVE-2008-2806", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809",
                "CVE-2008-2810", "CVE-2008-2811");
  script_bugtraq_id(30038);

  script_name(english:"SeaMonkey < 1.1.10 Multiple Vulnerabilities");
  script_summary(english:"Checks version of SeaMonkey");

 script_set_attribute(attribute:"synopsis", value:
"A web browser on the remote host is affected by multiple
vulnerabilities." );
 script_set_attribute(attribute:"description", value:
"The installed version of SeaMonkey is affected by various security
issues :

  - A stability problem that could result in a crash during
    JavaScript garbage collection (MFSA 2008-20).

  - Several stability bugs leading to crashes which, in
    some cases, show traces of memory corruption
    (MFSA 2008-21).

  - A vulnerability involving violation of the same-origin 
    policy could allow for cross-site scripting attacks
    (MFSA 2008-22).

  - JavaScript can be injected into the context of signed 
    JARs and executed under the context of the JAR's signer
    (MFSA 2008-23).

  - By taking advantage of the privilege level stored in 
    the pre-compiled 'fastload' file. an attacker may be
    able to run arbitrary JavaScript code with chrome 
    privileges (MFSA 2008-24).

  - Arbitrary code execution is possible in 
    'mozIJSSubScriptLoader.loadSubScript()' (MFSA 2008-25).

  - Several function calls in the MIME handling code
    use unsafe versions of string routines (MFSA 2008-26).

  - An attacker can steal files from known locations on a 
    victim's computer via originalTarget and DOM Range
    (MFSA 2008-27).

  - It is possible for a malicious Java applet to bypass 
    the same-origin policy and create arbitrary socket 
    connections to other domains (MFSA 2008-28).

  - An improperly encoded '.properties' file in an add-on 
    can result in uninitialized memory being used, which
    could lead to data formerly used by other programs
    being exposed to the add-on code (MFSA 2008-29).

  - File URLs in directory listings are not properly HTML-
    escaped when the filenames contained particular 
    characters (MFSA 2008-30).

  - A weakness in the trust model regarding alt names on 
    peer-trusted certs could lead to spoofing secure 
    connections to any other site (MFSA 2008-31).

  - URL shortcut files on Windows (for example, saved IE 
    favorites) could be interpreted as if they were in the 
    local file context when opened by SeaMonkey, although 
    the referenced remote content would be downloaded and 
    displayed (MFSA 2008-32).

  - A crash in Mozilla's block reflow code could be used 
    by an attacker to crash the browser and run arbitrary 
    code on the victim's computer (MFSA 2008-33)." );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-20/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-21/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-22/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-23/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-24/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-25/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-26/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-27/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-28/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-29/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-30/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-31/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-32/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-33/" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to SeaMonkey 1.1.10 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
 script_set_attribute(attribute:"canvas_package", value:'CANVAS');
 script_cwe_id(20, 79, 200, 264, 287, 399);
 script_set_attribute(attribute:"plugin_publication_date", value: "2008/07/02");
 script_cvs_date("Date: 2018/07/27 18:38:15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:seamonkey");
script_end_attributes();

 
  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");
 
  script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");
 
  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("SeaMonkey/Version");

  exit(0);
}

include("mozilla_version.inc");
port = get_kb_item("SMB/transport");
if (!port) port = 445;

installs = get_kb_list("SMB/SeaMonkey/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "SeaMonkey");

mozilla_check_version(installs:installs, product:'seamonkey', fix:'1.1.10', severity:SECURITY_HOLE);

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update seamonkey-193.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(40129);
  script_version("1.14");
  script_cvs_date("Date: 2019/10/25 13:36:31");

  script_cve_id("CVE-2008-2785", "CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2806", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811");

  script_name(english:"openSUSE Security Update : seamonkey (seamonkey-193)");
  script_summary(english:"Check for the seamonkey-193 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"SeaMonkey was updated to version 1.1.11.

Problems fixed in the 1.1.11 update: CVE-2008-2785 MFSA 2008-34: An
anonymous researcher, via TippingPoint's Zero Day Initiative program,
reported a vulnerability in Mozilla's internal CSSValue array data
structure. The vulnerability was caused by an insufficiently sized
variable being used as a reference counter for CSS objects. By
creating a very large number of references to a common CSS object,
this counter could be overflowed which could cause a crash when the
browser attempts to free the CSS object while still in use. An
attacker could use this crash to run arbitrary code on the victim's
computer.

Problems fixed in the 1.1.10 update: CVE-2008-2811 MFSA 2008-33:
Security research firm Astabis reported a vulnerability in Firefox 2
submitted through the iSIGHT Partners GVP Program by Greg McManus,
Primary GVP Researcher. The reported crash in Mozilla's block reflow
code could be used by an attacker to crash the browser and run
arbitrary code on the victim's computer.

CVE-2008-2810 MFSA-2008-32: Mozilla community member Geoff reported a
vulnerability in the way Mozilla opens URL files sent directly to the
browser. He demonstrated that such files were opened with local file
privileges, giving the remote content access to read from the local
filesystem. If a user opened a bookmark to a malicious page in this
manner, the page could potentially read from other local files on the
user's computer.

CVE-2008-2809 MFSA-2008-31: Mozilla developer John G. Myers reported a
weakness in the trust model used by Mozilla regarding alternate names
on self-signed certificates. A user could be prompted to accept a
self-signed certificate from a website which includes alt-name
entries. If the user accepted the certificate, they would also extend
trust to any alternate domains listed in the certificate, despite not
being prompted about the additional domains. This technique could be
used by an attacker to impersonate another server.

CVE-2008-2808 MFSA-2008-30: Mozilla contributor Masahiro Yamada
reported that file URLs in directory listings were not being HTML
escaped properly when the filenames contained particular characters.
This resulted in files from directory listings being opened in
unintended ways or files not being able to be opened by the browser
altogether.

CVE-2008-2807 MFSA-2008-29: Mozilla developer Daniel Glazman
demonstrated that an improperly encoded .properties file in an add-on
can result in uninitialized memory being used. This could potentially
result in small chunks of data from other programs being exposed in
the browser.

CVE-2008-2806 MFSA-2008-28: Security researcher Gregory Fleischer
reported a vulnerability in the way Mozilla indicates the origin of a
document to the Java plugin. This vulnerability could allow a
malicious Java applet to bypass the same-origin policy and create
arbitrary socket connections to other domains.

CVE-2008-2805 MFSA-2008-27: Opera developer Claudio Santambrogio
reported a vulnerability which allows malicious content to force the
browser into uploading local files to the remote server. This could be
used by an attacker to steal arbitrary files from a victim's computer.

MFSA-2008-26: As a follow-up to vulnerability reported in MFSA 2008-12
Mozilla has checked similar constructs in the rest of the MIME
handling code. Although no further buffer overflows were found we
changed several function calls to use safer versions of the string
routines that will be more robust in the face of future code changes.

CVE-2008-2803 MFSA-2008-25: Mozilla contributor moz_bug_r_a4 reported
a vulnerability which allows arbitrary JavaScript to be executed with
chrome privileges. The privilege escalation was possible because
JavaScript loaded via mozIJSSubScriptLoader.loadSubScript() was not
using XPCNativeWrappers when accessing content. This could allow an
attacker to overwrite trusted objects with arbitrary code which would
be executed with chrome privileges when the trusted objects were
called by the browser.

CVE-2008-2802 MFSA-2008-24: Mozilla contributor moz_bug_r_a4 reported
a vulnerability that allowed non-priviliged XUL documents to load
chrome scripts from the fastload file. This could allow an attacker to
run arbitrary JavaScript code with chrome privileges.

CVE-2008-2801 MFSA-2008-23: Security researcher Collin Jackson
reported a series of vulnerabilities which allow JavaScript to be
injected into signed JARs and executed under the context of the JAR's
signer. This could allow an attacker to run JavaScript in a victim's
browser with the privileges of a different website, provided the
attacker possesses a JAR signed by the other website.

CVE-2008-2800 MFSA-2008-22: Mozilla contributor moz_bug_r_a4 submitted
a set of vulnerabilities which allow scripts from one document to be
executed in the context of a different document. These vulnerabilities
could be used by an attacker to violate the same-origin policy and
perform an XSS attack.

CVE-2008-2798 CVE-2008-2799 MFSA-2008-21: Mozilla developers
identified and fixed several stability bugs in the browser engine used
in Firefox and other Mozilla-based products. Some of these crashes
showed evidence of memory corruption under certain circumstances and
we presume that with enough effort at least some of these could be
exploited to run arbitrary code."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=407573"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=416147"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected seamonkey packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(20, 79, 189, 200, 264, 287, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-irc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-mail");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-spellchecker");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-venkman");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/09/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.0", reference:"seamonkey-1.1.11-3.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"seamonkey-dom-inspector-1.1.11-3.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"seamonkey-irc-1.1.11-3.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"seamonkey-mail-1.1.11-3.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"seamonkey-spellchecker-1.1.11-3.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"seamonkey-venkman-1.1.11-3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update MozillaFirefox-5411.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(33499);
  script_version ("1.11");
  script_cvs_date("Date: 2019/10/25 13:36:31");

  script_cve_id("CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2806", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811");

  script_name(english:"openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-5411)");
  script_summary(english:"Check for the MozillaFirefox-5411 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Mozilla Firefox was updated to version 2.0.0.15, fixing various bugs
including following security bugs :

CVE-2008-2798 CVE-2008-2799 MFSA-2008-21: Mozilla developers
identified and fixed several stability bugs in the browser engine used
in Firefox and other Mozilla-based products. Some of these crashes
showed evidence of memory corruption under certain circumstances and
we presume that with enough effort at least some of these could be
exploited to run arbitrary code.

CVE-2008-2800 MFSA-2008-22: Mozilla contributor moz_bug_r_a4 submitted
a set of vulnerabilities which allow scripts from one document to be
executed in the context of a different document. These vulnerabilities
could be used by an attacker to violate the same-origin policy and
perform an XSS attack.

CVE-2008-2801 MFSA-2008-23: Security researcher Collin Jackson
reported a series of vulnerabilities which allow JavaScript to be
injected into signed JARs and executed under the context of the JAR's
signer. This could allow an attacker to run JavaScript in a victim's
browser with the privileges of a different website, provided the
attacker possesses a JAR signed by the other website.

CVE-2008-2802 MFSA-2008-24: Mozilla contributor moz_bug_r_a4 reported
a vulnerability that allowed non-priviliged XUL documents to load
chrome scripts from the fastload file. This could allow an attacker to
run arbitrary JavaScript code with chrome privileges.

CVE-2008-2803 MFSA-2008-25: Mozilla contributor moz_bug_r_a4 reported
a vulnerability which allows arbitrary JavaScript to be executed with
chrome privileges. The privilege escalation was possible because
JavaScript loaded via mozIJSSubScriptLoader.loadSubScript() was not
using XPCNativeWrappers when accessing content. This could allow an
attacker to overwrite trusted objects with arbitrary code which would
be executed with chrome privileges when the trusted objects were
called by the browser.

CVE-2008-2805 MFSA-2008-27: Opera developer Claudio Santambrogio
reported a vulnerability which allows malicious content to force the
browser into uploading local files to the remote server. This could be
used by an attacker to steal arbitrary files from a victim's computer.

CVE-2008-2806 MFSA-2008-28: Security researcher Gregory Fleischer
reported a vulnerability in the way Mozilla indicates the origin of a
document to the Java plugin. This vulnerability could allow a
malicious Java applet to bypass the same-origin policy and create
arbitrary socket connections to other domains.

CVE-2008-2807 MFSA-2008-29: Mozilla developer Daniel Glazman
demonstrated that an improperly encoded .properties file in an add-on
can result in uninitialized memory being used. This could potentially
result in small chunks of data from other programs being exposed in
the browser.

CVE-2008-2808 MFSA-2008-30: Mozilla contributor Masahiro Yamada
reported that file URLs in directory listings were not being HTML
escaped properly when the filenames contained particular characters.
This resulted in files from directory listings being opened in
unintended ways or files not being able to be opened by the browser
altogether.

CVE-2008-2809 MFSA-2008-31: Mozilla developer John G. Myers reported a
weakness in the trust model used by Mozilla regarding alternate names
on self-signed certificates. A user could be prompted to accept a
self-signed certificate from a website which includes alt-name
entries. If the user accepted the certificate, they would also extend
trust to any alternate domains listed in the certificate, despite not
being prompted about the additional domains. This technique could be
used by an attacker to impersonate another server.

CVE-2008-2810 MFSA-2008-32: Mozilla community member Geoff reported a
vulnerability in the way Mozilla opens URL files sent directly to the
browser. He demonstrated that such files were opened with local file
privileges, giving the remote content access to read from the local
filesystem. If a user opened a bookmark to a malicious page in this
manner, the page could potentially read from other local files on the
user's computer.

CVE-2008-2811 MFSA 2008-33: Security research firm Astabis, via the
iSIGHT Partners GVP Program, reported a vulnerability in Mozilla's
block reflow code. This vulnerablitity could be used by an attacker to
crash the browser and run arbitrary code on the victim's computer."
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected MozillaFirefox packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(20, 79, 200, 264, 287, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/07/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/15");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE10\.2|SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2 / 10.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE10.2", reference:"MozillaFirefox-2.0.0.15-0.1") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"MozillaFirefox-translations-2.0.0.15-0.1") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"MozillaFirefox-2.0.0.15-0.1") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"MozillaFirefox-translations-2.0.0.15-0.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2008-6196.
#

include("compat.inc");

if (description)
{
  script_id(33455);
  script_version ("1.21");
  script_cvs_date("Date: 2019/08/02 13:32:28");

  script_cve_id("CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2806", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811");
  script_bugtraq_id(30038);
  script_xref(name:"FEDORA", value:"2008-6196");

  script_name(english:"Fedora 8 : seamonkey-1.1.10-1.fc8 (2008-6196)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated seamonkey packages that fix several security issues are now
available for Fedora 8. SeaMonkey is an all-in-one Internet
application suite. It includes a browser, mail/news client, IRC
client, JavaScript debugger, and a tool to inspect the DOM for web
pages. It is derived from the application formerly known as Mozilla
Application Suite. Multiple flaws were found in the processing of
malformed JavaScript content. A web page containing such malicious
content could cause Firefox to crash or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2008-2801,
CVE-2008-2802, CVE-2008-2803) Several flaws were found in the
processing of malformed web content. A web page containing malicious
content could cause Firefox to crash or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2008-2798,
CVE-2008-2799, CVE-2008-2811) Several flaws were found in the way
malformed web content was displayed. A web page containing specially
crafted content could potentially trick a Firefox user into
surrendering sensitive information. (CVE-2008-2800) Two local file
disclosure flaws were found in Firefox. A web page containing
malicious content could cause Firefox to reveal the contents of a
local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810) A flaw
was found in the way a malformed .properties file was processed by
Firefox. A malicious extension could read uninitialized memory,
possibly leaking sensitive data to the extension. (CVE-2008-2807) A
flaw was found in the way Firefox escaped a listing of local file
names. If a user could be tricked into listing a local directory
containing malicious file names, arbitrary JavaScript could be run
with the permissions of the user running Firefox. (CVE-2008-2808) A
flaw was found in the way Firefox displayed information about
self-signed certificates. It was possible for a self-signed
certificate to contain multiple alternate name entries, which were not
all displayed to the user, allowing them to mistakenly extend trust to
an unknown site. (CVE-2008-2809) Updated packages update SeaMonkey to
upstream version 1.1.10 to address these flaws:
http://www.mozilla.org/projects/security/known-
vulnerabilities.html#seamonkey1.1.10

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://www.mozilla.org/projects/security/known-
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/projects/security/known-"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=452597"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=452598"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=452599"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=452600"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=452602"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=452604"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=452605"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=452709"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=452710"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=452711"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=452712"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=453007"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2008-July/012175.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6bbca527"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected seamonkey package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(20, 79, 200, 264, 287, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:seamonkey");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8");

  script_set_attribute(attribute:"vuln_publication_date", value:"2008/07/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2008/07/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/10");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC8", reference:"seamonkey-1.1.10-1.fc8")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(33498);
  script_version ("1.21");
  script_cvs_date("Date: 2019/10/25 13:36:31");

  script_cve_id("CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2806", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811");

  script_name(english:"SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5405)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 10 host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Mozilla Firefox was updated to version 2.0.0.15, fixing various bugs
including following security bugs :

  - Mozilla developers identified and fixed several
    stability bugs in the browser engine used in Firefox and
    other Mozilla-based products. Some of these crashes
    showed evidence of memory corruption under certain
    circumstances and we presume that with enough effort at
    least some of these could be exploited to run arbitrary
    code. (CVE-2008-2798 / CVE-2008-2799 / MFSA 2008-21)

  - Mozilla contributor moz_bug_r_a4 submitted a set of
    vulnerabilities which allow scripts from one document to
    be executed in the context of a different document.
    These vulnerabilities could be used by an attacker to
    violate the same-origin policy and perform an XSS
    attack. (CVE-2008-2800 / MFSA 2008-22)

  - Security researcher Collin Jackson reported a series of
    vulnerabilities which allow JavaScript to be injected
    into signed JARs and executed under the context of the
    JAR's signer. This could allow an attacker to run
    JavaScript in a victim's browser with the privileges of
    a different website, provided the attacker possesses a
    JAR signed by the other website. (CVE-2008-2801 / MFSA
    2008-23)

  - Mozilla contributor moz_bug_r_a4 reported a
    vulnerability that allowed non-priviliged XUL documents
    to load chrome scripts from the fastload file. This
    could allow an attacker to run arbitrary JavaScript code
    with chrome privileges. (CVE-2008-2802 / MFSA 2008-24)

  - Mozilla contributor moz_bug_r_a4 reported a
    vulnerability which allows arbitrary JavaScript to be
    executed with chrome privileges. The privilege
    escalation was possible because JavaScript loaded via
    mozIJSSubScriptLoader.loadSubScript() was not using
    XPCNativeWrappers when accessing content. This could
    allow an attacker to overwrite trusted objects with
    arbitrary code which would be executed with chrome
    privileges when the trusted objects were called by the
    browser. (CVE-2008-2803 / MFSA 2008-25)

  - Opera developer Claudio Santambrogio reported a
    vulnerability which allows malicious content to force
    the browser into uploading local files to the remote
    server. This could be used by an attacker to steal
    arbitrary files from a victim's computer. (CVE-2008-2805
    / MFSA 2008-27)

  - Security researcher Gregory Fleischer reported a
    vulnerability in the way Mozilla indicates the origin of
    a document to the Java plugin. This vulnerability could
    allow a malicious Java applet to bypass the same-origin
    policy and create arbitrary socket connections to other
    domains. (CVE-2008-2806 / MFSA 2008-28)

  - Mozilla developer Daniel Glazman demonstrated that an
    improperly encoded .properties file in an add-on can
    result in uninitialized memory being used. This could
    potentially result in small chunks of data from other
    programs being exposed in the browser. (CVE-2008-2807 /
    MFSA 2008-29)

  - Mozilla contributor Masahiro Yamada reported that file
    URLs in directory listings were not being HTML escaped
    properly when the filenames contained particular
    characters. This resulted in files from directory
    listings being opened in unintended ways or files not
    being able to be opened by the browser altogether.
    (CVE-2008-2808 / MFSA 2008-30)

  - Mozilla developer John G. Myers reported a weakness in
    the trust model used by Mozilla regarding alternate
    names on self-signed certificates. A user could be
    prompted to accept a self-signed certificate from a
    website which includes alt-name entries. If the user
    accepted the certificate, they would also extend trust
    to any alternate domains listed in the certificate,
    despite not being prompted about the additional domains.
    This technique could be used by an attacker to
    impersonate another server. (CVE-2008-2809 / MFSA
    2008-31)

  - Mozilla community member Geoff reported a vulnerability
    in the way Mozilla opens URL files sent directly to the
    browser. He demonstrated that such files were opened
    with local file privileges, giving the remote content
    access to read from the local filesystem. If a user
    opened a bookmark to a malicious page in this manner,
    the page could potentially read from other local files
    on the user's computer. (CVE-2008-2810 / MFSA 2008-32)

  - Security research firm Astabis, via the iSIGHT Partners
    GVP Program, reported a vulnerability in Mozilla's block
    reflow code. This vulnerablitity could be used by an
    attacker to crash the browser and run arbitrary code on
    the victim's computer. (CVE-2008-2811 / MFSA 2008-33)"
  );
  # http://www.mozilla.org/security/announce/2008/mfsa2008-21.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-21/"
  );
  # http://www.mozilla.org/security/announce/2008/mfsa2008-22.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-22/"
  );
  # http://www.mozilla.org/security/announce/2008/mfsa2008-23.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-23/"
  );
  # http://www.mozilla.org/security/announce/2008/mfsa2008-24.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-24/"
  );
  # http://www.mozilla.org/security/announce/2008/mfsa2008-25.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-25/"
  );
  # http://www.mozilla.org/security/announce/2008/mfsa2008-27.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-27/"
  );
  # http://www.mozilla.org/security/announce/2008/mfsa2008-28.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-28/"
  );
  # http://www.mozilla.org/security/announce/2008/mfsa2008-29.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-29/"
  );
  # http://www.mozilla.org/security/announce/2008/mfsa2008-30.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-30/"
  );
  # http://www.mozilla.org/security/announce/2008/mfsa2008-31.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-31/"
  );
  # http://www.mozilla.org/security/announce/2008/mfsa2008-32.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-32/"
  );
  # http://www.mozilla.org/security/announce/2008/mfsa2008-33.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-33/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-2798.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-2799.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-2800.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-2801.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-2802.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-2803.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-2805.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-2806.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-2807.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-2808.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-2809.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-2810.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-2811.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 5405.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(20, 79, 200, 264, 287, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2008/07/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2008/07/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");


flag = 0;
if (rpm_check(release:"SLED10", sp:1, reference:"MozillaFirefox-2.0.0.15-0.2.3")) flag++;
if (rpm_check(release:"SLED10", sp:1, reference:"MozillaFirefox-translations-2.0.0.15-0.2.3")) flag++;
if (rpm_check(release:"SLED10", sp:2, reference:"MozillaFirefox-2.0.0.15-0.3")) flag++;
if (rpm_check(release:"SLED10", sp:2, reference:"MozillaFirefox-translations-2.0.0.15-0.3")) flag++;
if (rpm_check(release:"SLES10", sp:1, reference:"MozillaFirefox-2.0.0.15-0.2.3")) flag++;
if (rpm_check(release:"SLES10", sp:1, reference:"MozillaFirefox-translations-2.0.0.15-0.2.3")) flag++;
if (rpm_check(release:"SLES10", sp:2, reference:"MozillaFirefox-2.0.0.15-0.3")) flag++;
if (rpm_check(release:"SLES10", sp:2, reference:"MozillaFirefox-translations-2.0.0.15-0.3")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else exit(0, "The host is not affected.");

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update seamonkey-5600.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(34201);
  script_version ("1.12");
  script_cvs_date("Date: 2019/10/25 13:36:33");

  script_cve_id("CVE-2008-2785", "CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2806", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811");

  script_name(english:"openSUSE 10 Security Update : seamonkey (seamonkey-5600)");
  script_summary(english:"Check for the seamonkey-5600 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"SeaMonkey was updated to version 1.1.11.

Problems fixed in the 1.1.11 update: CVE-2008-2785 MFSA 2008-34: An
anonymous researcher, via TippingPoint's Zero Day Initiative program,
reported a vulnerability in Mozilla's internal CSSValue array data
structure. The vulnerability was caused by an insufficiently sized
variable being used as a reference counter for CSS objects. By
creating a very large number of references to a common CSS object,
this counter could be overflowed which could cause a crash when the
browser attempts to free the CSS object while still in use. An
attacker could use this crash to run arbitrary code on the victim's
computer.

Problems fixed in the 1.1.10 update: CVE-2008-2811 MFSA 2008-33:
Security research firm Astabis reported a vulnerability in Firefox 2
submitted through the iSIGHT Partners GVP Program by Greg McManus,
Primary GVP Researcher. The reported crash in Mozilla's block reflow
code could be used by an attacker to crash the browser and run
arbitrary code on the victim's computer.

CVE-2008-2810 MFSA-2008-32: Mozilla community member Geoff reported a
vulnerability in the way Mozilla opens URL files sent directly to the
browser. He demonstrated that such files were opened with local file
privileges, giving the remote content access to read from the local
filesystem. If a user opened a bookmark to a malicious page in this
manner, the page could potentially read from other local files on the
user's computer.

CVE-2008-2809 MFSA-2008-31: Mozilla developer John G. Myers reported a
weakness in the trust model used by Mozilla regarding alternate names
on self-signed certificates. A user could be prompted to accept a
self-signed certificate from a website which includes alt-name
entries. If the user accepted the certificate, they would also extend
trust to any alternate domains listed in the certificate, despite not
being prompted about the additional domains. This technique could be
used by an attacker to impersonate another server.

CVE-2008-2808 MFSA-2008-30: Mozilla contributor Masahiro Yamada
reported that file URLs in directory listings were not being HTML
escaped properly when the filenames contained particular characters.
This resulted in files from directory listings being opened in
unintended ways or files not being able to be opened by the browser
altogether.

CVE-2008-2807 MFSA-2008-29: Mozilla developer Daniel Glazman
demonstrated that an improperly encoded .properties file in an add-on
can result in uninitialized memory being used. This could potentially
result in small chunks of data from other programs being exposed in
the browser.

CVE-2008-2806 MFSA-2008-28: Security researcher Gregory Fleischer
reported a vulnerability in the way Mozilla indicates the origin of a
document to the Java plugin. This vulnerability could allow a
malicious Java applet to bypass the same-origin policy and create
arbitrary socket connections to other domains.

CVE-2008-2805 MFSA-2008-27: Opera developer Claudio Santambrogio
reported a vulnerability which allows malicious content to force the
browser into uploading local files to the remote server. This could be
used by an attacker to steal arbitrary files from a victim's computer.

MFSA-2008-26: As a follow-up to vulnerability reported in MFSA 2008-12
Mozilla has checked similar constructs in the rest of the MIME
handling code. Although no further buffer overflows were found we
changed several function calls to use safer versions of the string
routines that will be more robust in the face of future code changes.

CVE-2008-2803 MFSA-2008-25: Mozilla contributor moz_bug_r_a4 reported
a vulnerability which allows arbitrary JavaScript to be executed with
chrome privileges. The privilege escalation was possible because
JavaScript loaded via mozIJSSubScriptLoader.loadSubScript() was not
using XPCNativeWrappers when accessing content. This could allow an
attacker to overwrite trusted objects with arbitrary code which would
be executed with chrome privileges when the trusted objects were
called by the browser.

CVE-2008-2802 MFSA-2008-24: Mozilla contributor moz_bug_r_a4 reported
a vulnerability that allowed non-priviliged XUL documents to load
chrome scripts from the fastload file. This could allow an attacker to
run arbitrary JavaScript code with chrome privileges.

CVE-2008-2801 MFSA-2008-23: Security researcher Collin Jackson
reported a series of vulnerabilities which allow JavaScript to be
injected into signed JARs and executed under the context of the JAR's
signer. This could allow an attacker to run JavaScript in a victim's
browser with the privileges of a different website, provided the
attacker possesses a JAR signed by the other website.

CVE-2008-2800 MFSA-2008-22: Mozilla contributor moz_bug_r_a4 submitted
a set of vulnerabilities which allow scripts from one document to be
executed in the context of a different document. These vulnerabilities
could be used by an attacker to violate the same-origin policy and
perform an XSS attack.

CVE-2008-2798 CVE-2008-2799 MFSA-2008-21: Mozilla developers
identified and fixed several stability bugs in the browser engine used
in Firefox and other Mozilla-based products. Some of these crashes
showed evidence of memory corruption under certain circumstances and
we presume that with enough effort at least some of these could be
exploited to run arbitrary code."
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected seamonkey packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(20, 79, 189, 200, 264, 287, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-irc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-mail");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-spellchecker");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-venkman");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/09/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/14");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE10.3", reference:"seamonkey-1.1.11-3.1") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"seamonkey-dom-inspector-1.1.11-3.1") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"seamonkey-irc-1.1.11-3.1") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"seamonkey-mail-1.1.11-3.1") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"seamonkey-spellchecker-1.1.11-3.1") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"seamonkey-venkman-1.1.11-3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2008-6193.
#

include("compat.inc");

if (description)
{
  script_id(33454);
  script_version ("1.21");
  script_cvs_date("Date: 2019/08/02 13:32:28");

  script_cve_id("CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2806", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811");
  script_bugtraq_id(30038);
  script_xref(name:"FEDORA", value:"2008-6193");

  script_name(english:"Fedora 9 : seamonkey-1.1.10-1.fc9 (2008-6193)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated seamonkey packages that fix several security issues are now
available for Fedora 9. SeaMonkey is an all-in-one Internet
application suite. It includes a browser, mail/news client, IRC
client, JavaScript debugger, and a tool to inspect the DOM for web
pages. It is derived from the application formerly known as Mozilla
Application Suite. Multiple flaws were found in the processing of
malformed JavaScript content. A web page containing such malicious
content could cause Firefox to crash or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2008-2801,
CVE-2008-2802, CVE-2008-2803) Several flaws were found in the
processing of malformed web content. A web page containing malicious
content could cause Firefox to crash or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2008-2798,
CVE-2008-2799, CVE-2008-2811) Several flaws were found in the way
malformed web content was displayed. A web page containing specially
crafted content could potentially trick a Firefox user into
surrendering sensitive information. (CVE-2008-2800) Two local file
disclosure flaws were found in Firefox. A web page containing
malicious content could cause Firefox to reveal the contents of a
local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810) A flaw
was found in the way a malformed .properties file was processed by
Firefox. A malicious extension could read uninitialized memory,
possibly leaking sensitive data to the extension. (CVE-2008-2807) A
flaw was found in the way Firefox escaped a listing of local file
names. If a user could be tricked into listing a local directory
containing malicious file names, arbitrary JavaScript could be run
with the permissions of the user running Firefox. (CVE-2008-2808) A
flaw was found in the way Firefox displayed information about
self-signed certificates. It was possible for a self-signed
certificate to contain multiple alternate name entries, which were not
all displayed to the user, allowing them to mistakenly extend trust to
an unknown site. (CVE-2008-2809) Updated packages update SeaMonkey to
upstream version 1.1.10 to address these flaws:
http://www.mozilla.org/projects/security/known-
vulnerabilities.html#seamonkey1.1.10

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://www.mozilla.org/projects/security/known-
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/projects/security/known-"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=452597"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=452598"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=452599"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=452600"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=452602"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=452604"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=452605"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=452709"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=452710"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=452711"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=452712"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=453007"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2008-July/012168.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?12706614"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected seamonkey package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(20, 79, 200, 264, 287, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:seamonkey");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:9");

  script_set_attribute(attribute:"vuln_publication_date", value:"2008/07/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2008/07/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/10");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 9.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC9", reference:"seamonkey-1.1.10-1.fc9")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey");
}

#
# (C) Tenable Network Security, Inc.
#



include("compat.inc");

if (description)
{
  script_id(33393);
  script_version("1.14");

  script_cve_id(
   "CVE-2008-2798", 
   "CVE-2008-2799", 
   "CVE-2008-2800", 
   "CVE-2008-2801", 
   "CVE-2008-2802", 
   "CVE-2008-2803", 
   "CVE-2008-2805", 
   "CVE-2008-2806", 
   "CVE-2008-2807", 
   "CVE-2008-2808",
   "CVE-2008-2809", 
   "CVE-2008-2810", 
   "CVE-2008-2811"
  );
  script_bugtraq_id(30038);
  script_xref(name:"Secunia", value:"30911");

  script_name(english:"Firefox < 2.0.0.15 Multiple Vulnerabilities");
  script_summary(english:"Checks version of Firefox");

 script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a web browser that is affected by
multiple vulnerabilities." );
 script_set_attribute(attribute:"description", value:
"The installed version of Firefox is affected by various security
issues :

  - Several stability bugs leading to crashes which, in
    some cases, show traces of memory corruption
    (MFSA 2008-21).

  - A vulnerability involving violation of the same-origin 
    policy could allow for cross-site scripting attacks
    (MFSA 2008-22).

  - JavaScript can be injected into the context of signed 
    JARs and executed under the context of the JAR's signer
    (MFSA 2008-23).

  - By taking advantage of the privilege level stored in 
    the pre-compiled 'fastload' file, an attacker may be
    able to run arbitrary JavaScript code with chrome 
    privileges (MFSA 2008-24).

  - Arbitrary code execution is possible in 
    'mozIJSSubScriptLoader.loadSubScript()' (MFSA 2008-25).

  - An attacker can steal files from known locations on a 
    victim's computer via originalTarget and DOM Range
    (MFSA 2008-27).

  - It is possible for a malicious Java applet to bypass 
    the same-origin policy and create arbitrary socket 
    connections to other domains (MFSA 2008-28).

  - An improperly encoded '.properties' file in an add-on 
    can result in uninitialized memory being used, which
    could lead to data formerly used by other programs
    being exposed to the add-on code (MFSA 2008-29).

  - File URLs in directory listings are not properly HTML-
    escaped when the filenames contained particular 
    characters (MFSA 2008-30).

  - A weakness in the trust model regarding alt names on 
    peer-trusted certs could lead to spoofing secure 
    connections to any other site (MFSA 2008-31).

  - URL shortcut files on Windows (for example, saved IE 
    favorites) could be interpreted as if they were in the 
    local file context when opened by Firefox, although 
    the referenced remote content would be downloaded and 
    displayed (MFSA 2008-32).

  - A crash in Mozilla's block reflow code could be used 
    by an attacker to crash the browser and run arbitrary 
    code on the victim's computer (MFSA 2008-33)." );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-21/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-22/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-23/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-24/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-25/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-27/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-28/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-29/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-30/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-31/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-32/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-33/" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to Firefox 2.0.0.15 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
 script_set_attribute(attribute:"canvas_package", value:'CANVAS');
 script_cwe_id(20, 79, 200, 264, 287, 399);

 script_set_attribute(attribute:"plugin_publication_date", value: "2008/07/02");
 script_set_attribute(attribute:"patch_publication_date", value: "2008/07/01");
 script_cvs_date("Date: 2018/07/16 14:09:14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");
  script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");
  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("Mozilla/Firefox/Version");
  exit(0);
}

include("mozilla_version.inc");
port = get_kb_item_or_exit("SMB/transport"); 

installs = get_kb_list("SMB/Mozilla/Firefox/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");

mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'2.0.0.15', severity:SECURITY_HOLE);

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-619-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(33436);
  script_version("1.17");
  script_cvs_date("Date: 2019/08/02 13:33:02");

  script_cve_id("CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2806", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811");
  script_xref(name:"USN", value:"619-1");

  script_name(english:"Ubuntu 6.06 LTS / 7.04 / 7.10 : firefox vulnerabilities (USN-619-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Various flaws were discovered in the browser engine. By tricking a
user into opening a malicious web page, an attacker could cause a
denial of service via application crash, or possibly execute arbitrary
code with the privileges of the user invoking the program.
(CVE-2008-2798, CVE-2008-2799)

Several problems were discovered in the JavaScript engine. If a user
were tricked into opening a malicious web page, an attacker could
perform cross-site scripting attacks. (CVE-2008-2800)

Collin Jackson discovered various flaws in the JavaScript engine which
allowed JavaScript to be injected into signed JAR files. If a user
were tricked into opening malicious web content, an attacker may be
able to execute arbitrary code with the privileges of a different
website or link content within the JAR file to an attacker-controlled
JavaScript file. (CVE-2008-2801)

It was discovered that Firefox would allow non-privileged XUL
documents to load chrome scripts from the fastload file. This could
allow an attacker to execute arbitrary JavaScript code with chrome
privileges. (CVE-2008-2802)

A flaw was discovered in Firefox that allowed overwriting trusted
objects via mozIJSSubScriptLoader.loadSubScript(). If a user were
tricked into opening a malicious web page, an attacker could execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2008-2803)

Claudio Santambrogio discovered a vulnerability in Firefox which could
lead to stealing of arbitrary files. If a user were tricked into
opening malicious content, an attacker could force the browser into
uploading local files to the remote server. (CVE-2008-2805)

Gregory Fleischer discovered a flaw in Java LiveConnect. An attacker
could exploit this to bypass the same-origin policy and create
arbitrary socket connections to other domains. (CVE-2008-2806)

Daniel Glazman found that an improperly encoded .properties file in an
add-on can result in uninitialized memory being used. If a user were
tricked into installing a malicious add-on, the browser may be able to
see data from other programs. (CVE-2008-2807)

Masahiro Yamada discovered that Firefox did not properly sanitize file
URLs in directory listings, resulting in files from directory listings
being opened in unintended ways or not being able to be opened by the
browser at all. (CVE-2008-2808)

John G. Myers discovered a weakness in the trust model used by Firefox
regarding alternate names on self-signed certificates. If a user were
tricked into accepting a certificate containing alternate name
entries, an attacker could impersonate another server. (CVE-2008-2809)

A flaw was discovered in the way Firefox opened URL files. If a user
were tricked into opening a bookmark to a malicious web page, the page
could potentially read from local files on the user's computer.
(CVE-2008-2810)

A vulnerability was discovered in the block reflow code of Firefox.
This vulnerability could be used by an attacker to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2008-2811).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/619-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(20, 79, 200, 264, 287, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-libthai");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnspr-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnspr4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dom-inspector");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-gnome-support");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/07/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/08");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(6\.06|7\.04|7\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 7.04 / 7.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"6.06", pkgname:"firefox", pkgver:"1.5.dfsg+1.5.0.15~prepatch080614c-0ubuntu1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"firefox-dbg", pkgver:"1.5.dfsg+1.5.0.15~prepatch080614c-0ubuntu1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"firefox-dev", pkgver:"1.5.dfsg+1.5.0.15~prepatch080614c-0ubuntu1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"firefox-dom-inspector", pkgver:"1.5.dfsg+1.5.0.15~prepatch080614c-0ubuntu1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"firefox-gnome-support", pkgver:"1.5.dfsg+1.5.0.15~prepatch080614c-0ubuntu1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libnspr-dev", pkgver:"1.firefox1.5.dfsg+1.5.0.15~prepatch080614c-0ubuntu1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libnspr4", pkgver:"1.firefox1.5.dfsg+1.5.0.15~prepatch080614c-0ubuntu1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libnss-dev", pkgver:"1.firefox1.5.dfsg+1.5.0.15~prepatch080614c-0ubuntu1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libnss3", pkgver:"1.firefox1.5.dfsg+1.5.0.15~prepatch080614c-0ubuntu1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"mozilla-firefox", pkgver:"1.5.dfsg+1.5.0.15~prepatch080614c-0ubuntu1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"mozilla-firefox-dev", pkgver:"1.5.dfsg+1.5.0.15~prepatch080614c-0ubuntu1")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"firefox", pkgver:"2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"firefox-dbg", pkgver:"2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"firefox-dev", pkgver:"2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"firefox-dom-inspector", pkgver:"2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"firefox-gnome-support", pkgver:"2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"firefox-libthai", pkgver:"2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"libnspr-dev", pkgver:"1.firefox2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"libnspr4", pkgver:"1.firefox2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"libnss-dev", pkgver:"1.firefox2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"libnss3", pkgver:"1.firefox2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"mozilla-firefox", pkgver:"2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"mozilla-firefox-dev", pkgver:"2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"mozilla-firefox-dom-inspector", pkgver:"2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"mozilla-firefox-gnome-support", pkgver:"2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"firefox", pkgver:"2.0.0.15+1nobinonly-0ubuntu0.7.10")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"firefox-dbg", pkgver:"2.0.0.15+1nobinonly-0ubuntu0.7.10")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"firefox-dev", pkgver:"2.0.0.15+1nobinonly-0ubuntu0.7.10")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"firefox-dom-inspector", pkgver:"2.0.0.15+1nobinonly-0ubuntu0.7.10")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"firefox-gnome-support", pkgver:"2.0.0.15+1nobinonly-0ubuntu0.7.10")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"firefox-libthai", pkgver:"2.0.0.15+1nobinonly-0ubuntu0.7.10")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / firefox-dbg / firefox-dev / firefox-dom-inspector / etc");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Slackware Security Advisory 2008-191-03. The text 
# itself is copyright (C) Slackware Linux, Inc.
#

include("compat.inc");

if (description)
{
  script_id(33466);
  script_version("1.16");
  script_cvs_date("Date: 2019/10/25 13:36:21");

  script_cve_id("CVE-2008-1380", "CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2806", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811");
  script_bugtraq_id(30038);
  script_xref(name:"SSA", value:"2008-191-03");

  script_name(english:"Slackware 11.0 / 12.0 / 12.1 / current : seamonkey (SSA:2008-191-03)");
  script_summary(english:"Checks for updated package in /var/log/packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Slackware host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"New seamonkey packages are available for Slackware 11.0, 12.0, 12.1,
and -current to fix security issues."
  );
  # http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?637d935f"
  );
  # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?649b6e09"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected seamonkey package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(20, 79, 200, 264, 287, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:seamonkey");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:11.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2008/04/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2008/07/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/10");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Slackware Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("slackware.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);


flag = 0;
if (slackware_check(osver:"11.0", pkgname:"seamonkey", pkgver:"1.1.10", pkgarch:"i486", pkgnum:"1_slack11.0")) flag++;

if (slackware_check(osver:"12.0", pkgname:"seamonkey", pkgver:"1.1.10", pkgarch:"i486", pkgnum:"1_slack12.0")) flag++;

if (slackware_check(osver:"12.1", pkgname:"seamonkey", pkgver:"1.1.10", pkgarch:"i486", pkgnum:"1_slack12.1")) flag++;

if (slackware_check(osver:"current", pkgname:"seamonkey", pkgver:"1.1.10", pkgarch:"i486", pkgnum:"1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");