Vulnerabilities > CVE-2008-2806 - Improper Input Validation vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Server Side Include (SSI) Injection An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
- Cross Zone Scripting An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
- Cross Site Scripting through Log Files An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
- Command Line Execution through SQL Injection An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
Nessus
NASL family Windows NASL id SEAMONKEY_1110.NASL description The installed version of SeaMonkey is affected by various security issues : - A stability problem that could result in a crash during JavaScript garbage collection (MFSA 2008-20). - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption (MFSA 2008-21). - A vulnerability involving violation of the same-origin policy could allow for cross-site scripting attacks (MFSA 2008-22). - JavaScript can be injected into the context of signed JARs and executed under the context of the JAR last seen 2020-06-01 modified 2020-06-02 plugin id 33394 published 2008-07-02 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33394 title SeaMonkey < 1.1.10 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(33394); script_version("1.17"); script_cve_id("CVE-2008-1380", "CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2806", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811"); script_bugtraq_id(30038); script_name(english:"SeaMonkey < 1.1.10 Multiple Vulnerabilities"); script_summary(english:"Checks version of SeaMonkey"); script_set_attribute(attribute:"synopsis", value: "A web browser on the remote host is affected by multiple vulnerabilities." ); script_set_attribute(attribute:"description", value: "The installed version of SeaMonkey is affected by various security issues : - A stability problem that could result in a crash during JavaScript garbage collection (MFSA 2008-20). - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption (MFSA 2008-21). - A vulnerability involving violation of the same-origin policy could allow for cross-site scripting attacks (MFSA 2008-22). - JavaScript can be injected into the context of signed JARs and executed under the context of the JAR's signer (MFSA 2008-23). - By taking advantage of the privilege level stored in the pre-compiled 'fastload' file. an attacker may be able to run arbitrary JavaScript code with chrome privileges (MFSA 2008-24). - Arbitrary code execution is possible in 'mozIJSSubScriptLoader.loadSubScript()' (MFSA 2008-25). - Several function calls in the MIME handling code use unsafe versions of string routines (MFSA 2008-26). - An attacker can steal files from known locations on a victim's computer via originalTarget and DOM Range (MFSA 2008-27). - It is possible for a malicious Java applet to bypass the same-origin policy and create arbitrary socket connections to other domains (MFSA 2008-28). - An improperly encoded '.properties' file in an add-on can result in uninitialized memory being used, which could lead to data formerly used by other programs being exposed to the add-on code (MFSA 2008-29). - File URLs in directory listings are not properly HTML- escaped when the filenames contained particular characters (MFSA 2008-30). - A weakness in the trust model regarding alt names on peer-trusted certs could lead to spoofing secure connections to any other site (MFSA 2008-31). - URL shortcut files on Windows (for example, saved IE favorites) could be interpreted as if they were in the local file context when opened by SeaMonkey, although the referenced remote content would be downloaded and displayed (MFSA 2008-32). - A crash in Mozilla's block reflow code could be used by an attacker to crash the browser and run arbitrary code on the victim's computer (MFSA 2008-33)." ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-20/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-21/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-22/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-23/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-24/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-25/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-26/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-27/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-28/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-29/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-30/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-31/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-32/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-33/" ); script_set_attribute(attribute:"solution", value: "Upgrade to SeaMonkey 1.1.10 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 79, 200, 264, 287, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/07/02"); script_cvs_date("Date: 2018/07/27 18:38:15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:seamonkey"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("SeaMonkey/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item("SMB/transport"); if (!port) port = 445; installs = get_kb_list("SMB/SeaMonkey/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "SeaMonkey"); mozilla_check_version(installs:installs, product:'seamonkey', fix:'1.1.10', severity:SECURITY_HOLE);
NASL family SuSE Local Security Checks NASL id SUSE_11_0_SEAMONKEY-080912.NASL description SeaMonkey was updated to version 1.1.11. Problems fixed in the 1.1.11 update: CVE-2008-2785 MFSA 2008-34: An anonymous researcher, via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 40129 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40129 title openSUSE Security Update : seamonkey (seamonkey-193) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update seamonkey-193. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(40129); script_version("1.14"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2008-2785", "CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2806", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811"); script_name(english:"openSUSE Security Update : seamonkey (seamonkey-193)"); script_summary(english:"Check for the seamonkey-193 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "SeaMonkey was updated to version 1.1.11. Problems fixed in the 1.1.11 update: CVE-2008-2785 MFSA 2008-34: An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla's internal CSSValue array data structure. The vulnerability was caused by an insufficiently sized variable being used as a reference counter for CSS objects. By creating a very large number of references to a common CSS object, this counter could be overflowed which could cause a crash when the browser attempts to free the CSS object while still in use. An attacker could use this crash to run arbitrary code on the victim's computer. Problems fixed in the 1.1.10 update: CVE-2008-2811 MFSA 2008-33: Security research firm Astabis reported a vulnerability in Firefox 2 submitted through the iSIGHT Partners GVP Program by Greg McManus, Primary GVP Researcher. The reported crash in Mozilla's block reflow code could be used by an attacker to crash the browser and run arbitrary code on the victim's computer. CVE-2008-2810 MFSA-2008-32: Mozilla community member Geoff reported a vulnerability in the way Mozilla opens URL files sent directly to the browser. He demonstrated that such files were opened with local file privileges, giving the remote content access to read from the local filesystem. If a user opened a bookmark to a malicious page in this manner, the page could potentially read from other local files on the user's computer. CVE-2008-2809 MFSA-2008-31: Mozilla developer John G. Myers reported a weakness in the trust model used by Mozilla regarding alternate names on self-signed certificates. A user could be prompted to accept a self-signed certificate from a website which includes alt-name entries. If the user accepted the certificate, they would also extend trust to any alternate domains listed in the certificate, despite not being prompted about the additional domains. This technique could be used by an attacker to impersonate another server. CVE-2008-2808 MFSA-2008-30: Mozilla contributor Masahiro Yamada reported that file URLs in directory listings were not being HTML escaped properly when the filenames contained particular characters. This resulted in files from directory listings being opened in unintended ways or files not being able to be opened by the browser altogether. CVE-2008-2807 MFSA-2008-29: Mozilla developer Daniel Glazman demonstrated that an improperly encoded .properties file in an add-on can result in uninitialized memory being used. This could potentially result in small chunks of data from other programs being exposed in the browser. CVE-2008-2806 MFSA-2008-28: Security researcher Gregory Fleischer reported a vulnerability in the way Mozilla indicates the origin of a document to the Java plugin. This vulnerability could allow a malicious Java applet to bypass the same-origin policy and create arbitrary socket connections to other domains. CVE-2008-2805 MFSA-2008-27: Opera developer Claudio Santambrogio reported a vulnerability which allows malicious content to force the browser into uploading local files to the remote server. This could be used by an attacker to steal arbitrary files from a victim's computer. MFSA-2008-26: As a follow-up to vulnerability reported in MFSA 2008-12 Mozilla has checked similar constructs in the rest of the MIME handling code. Although no further buffer overflows were found we changed several function calls to use safer versions of the string routines that will be more robust in the face of future code changes. CVE-2008-2803 MFSA-2008-25: Mozilla contributor moz_bug_r_a4 reported a vulnerability which allows arbitrary JavaScript to be executed with chrome privileges. The privilege escalation was possible because JavaScript loaded via mozIJSSubScriptLoader.loadSubScript() was not using XPCNativeWrappers when accessing content. This could allow an attacker to overwrite trusted objects with arbitrary code which would be executed with chrome privileges when the trusted objects were called by the browser. CVE-2008-2802 MFSA-2008-24: Mozilla contributor moz_bug_r_a4 reported a vulnerability that allowed non-priviliged XUL documents to load chrome scripts from the fastload file. This could allow an attacker to run arbitrary JavaScript code with chrome privileges. CVE-2008-2801 MFSA-2008-23: Security researcher Collin Jackson reported a series of vulnerabilities which allow JavaScript to be injected into signed JARs and executed under the context of the JAR's signer. This could allow an attacker to run JavaScript in a victim's browser with the privileges of a different website, provided the attacker possesses a JAR signed by the other website. CVE-2008-2800 MFSA-2008-22: Mozilla contributor moz_bug_r_a4 submitted a set of vulnerabilities which allow scripts from one document to be executed in the context of a different document. These vulnerabilities could be used by an attacker to violate the same-origin policy and perform an XSS attack. CVE-2008-2798 CVE-2008-2799 MFSA-2008-21: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=407573" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=416147" ); script_set_attribute( attribute:"solution", value:"Update the affected seamonkey packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 79, 189, 200, 264, 287, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-irc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-spellchecker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-venkman"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.0", reference:"seamonkey-1.1.11-3.1") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"seamonkey-dom-inspector-1.1.11-3.1") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"seamonkey-irc-1.1.11-3.1") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"seamonkey-mail-1.1.11-3.1") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"seamonkey-spellchecker-1.1.11-3.1") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"seamonkey-venkman-1.1.11-3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey"); }
NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-5411.NASL description Mozilla Firefox was updated to version 2.0.0.15, fixing various bugs including following security bugs : CVE-2008-2798 CVE-2008-2799 MFSA-2008-21: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. CVE-2008-2800 MFSA-2008-22: Mozilla contributor moz_bug_r_a4 submitted a set of vulnerabilities which allow scripts from one document to be executed in the context of a different document. These vulnerabilities could be used by an attacker to violate the same-origin policy and perform an XSS attack. CVE-2008-2801 MFSA-2008-23: Security researcher Collin Jackson reported a series of vulnerabilities which allow JavaScript to be injected into signed JARs and executed under the context of the JAR last seen 2020-06-01 modified 2020-06-02 plugin id 33499 published 2008-07-15 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33499 title openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-5411) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update MozillaFirefox-5411. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(33499); script_version ("1.11"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2806", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811"); script_name(english:"openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-5411)"); script_summary(english:"Check for the MozillaFirefox-5411 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Mozilla Firefox was updated to version 2.0.0.15, fixing various bugs including following security bugs : CVE-2008-2798 CVE-2008-2799 MFSA-2008-21: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. CVE-2008-2800 MFSA-2008-22: Mozilla contributor moz_bug_r_a4 submitted a set of vulnerabilities which allow scripts from one document to be executed in the context of a different document. These vulnerabilities could be used by an attacker to violate the same-origin policy and perform an XSS attack. CVE-2008-2801 MFSA-2008-23: Security researcher Collin Jackson reported a series of vulnerabilities which allow JavaScript to be injected into signed JARs and executed under the context of the JAR's signer. This could allow an attacker to run JavaScript in a victim's browser with the privileges of a different website, provided the attacker possesses a JAR signed by the other website. CVE-2008-2802 MFSA-2008-24: Mozilla contributor moz_bug_r_a4 reported a vulnerability that allowed non-priviliged XUL documents to load chrome scripts from the fastload file. This could allow an attacker to run arbitrary JavaScript code with chrome privileges. CVE-2008-2803 MFSA-2008-25: Mozilla contributor moz_bug_r_a4 reported a vulnerability which allows arbitrary JavaScript to be executed with chrome privileges. The privilege escalation was possible because JavaScript loaded via mozIJSSubScriptLoader.loadSubScript() was not using XPCNativeWrappers when accessing content. This could allow an attacker to overwrite trusted objects with arbitrary code which would be executed with chrome privileges when the trusted objects were called by the browser. CVE-2008-2805 MFSA-2008-27: Opera developer Claudio Santambrogio reported a vulnerability which allows malicious content to force the browser into uploading local files to the remote server. This could be used by an attacker to steal arbitrary files from a victim's computer. CVE-2008-2806 MFSA-2008-28: Security researcher Gregory Fleischer reported a vulnerability in the way Mozilla indicates the origin of a document to the Java plugin. This vulnerability could allow a malicious Java applet to bypass the same-origin policy and create arbitrary socket connections to other domains. CVE-2008-2807 MFSA-2008-29: Mozilla developer Daniel Glazman demonstrated that an improperly encoded .properties file in an add-on can result in uninitialized memory being used. This could potentially result in small chunks of data from other programs being exposed in the browser. CVE-2008-2808 MFSA-2008-30: Mozilla contributor Masahiro Yamada reported that file URLs in directory listings were not being HTML escaped properly when the filenames contained particular characters. This resulted in files from directory listings being opened in unintended ways or files not being able to be opened by the browser altogether. CVE-2008-2809 MFSA-2008-31: Mozilla developer John G. Myers reported a weakness in the trust model used by Mozilla regarding alternate names on self-signed certificates. A user could be prompted to accept a self-signed certificate from a website which includes alt-name entries. If the user accepted the certificate, they would also extend trust to any alternate domains listed in the certificate, despite not being prompted about the additional domains. This technique could be used by an attacker to impersonate another server. CVE-2008-2810 MFSA-2008-32: Mozilla community member Geoff reported a vulnerability in the way Mozilla opens URL files sent directly to the browser. He demonstrated that such files were opened with local file privileges, giving the remote content access to read from the local filesystem. If a user opened a bookmark to a malicious page in this manner, the page could potentially read from other local files on the user's computer. CVE-2008-2811 MFSA 2008-33: Security research firm Astabis, via the iSIGHT Partners GVP Program, reported a vulnerability in Mozilla's block reflow code. This vulnerablitity could be used by an attacker to crash the browser and run arbitrary code on the victim's computer." ); script_set_attribute( attribute:"solution", value:"Update the affected MozillaFirefox packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 79, 200, 264, 287, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3"); script_set_attribute(attribute:"patch_publication_date", value:"2008/07/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.2|SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2 / 10.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.2", reference:"MozillaFirefox-2.0.0.15-0.1") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"MozillaFirefox-translations-2.0.0.15-0.1") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"MozillaFirefox-2.0.0.15-0.1") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"MozillaFirefox-translations-2.0.0.15-0.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2008-6196.NASL description Updated seamonkey packages that fix several security issues are now available for Fedora 8. SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite. Multiple flaws were found in the processing of malformed JavaScript content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-2798, CVE-2008-2799, CVE-2008-2811) Several flaws were found in the way malformed web content was displayed. A web page containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-2800) Two local file disclosure flaws were found in Firefox. A web page containing malicious content could cause Firefox to reveal the contents of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810) A flaw was found in the way a malformed .properties file was processed by Firefox. A malicious extension could read uninitialized memory, possibly leaking sensitive data to the extension. (CVE-2008-2807) A flaw was found in the way Firefox escaped a listing of local file names. If a user could be tricked into listing a local directory containing malicious file names, arbitrary JavaScript could be run with the permissions of the user running Firefox. (CVE-2008-2808) A flaw was found in the way Firefox displayed information about self-signed certificates. It was possible for a self-signed certificate to contain multiple alternate name entries, which were not all displayed to the user, allowing them to mistakenly extend trust to an unknown site. (CVE-2008-2809) Updated packages update SeaMonkey to upstream version 1.1.10 to address these flaws: http://www.mozilla.org/projects/security/known- vulnerabilities.html#seamonkey1.1.10 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 33455 published 2008-07-10 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33455 title Fedora 8 : seamonkey-1.1.10-1.fc8 (2008-6196) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-6196. # include("compat.inc"); if (description) { script_id(33455); script_version ("1.21"); script_cvs_date("Date: 2019/08/02 13:32:28"); script_cve_id("CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2806", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811"); script_bugtraq_id(30038); script_xref(name:"FEDORA", value:"2008-6196"); script_name(english:"Fedora 8 : seamonkey-1.1.10-1.fc8 (2008-6196)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated seamonkey packages that fix several security issues are now available for Fedora 8. SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite. Multiple flaws were found in the processing of malformed JavaScript content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-2798, CVE-2008-2799, CVE-2008-2811) Several flaws were found in the way malformed web content was displayed. A web page containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-2800) Two local file disclosure flaws were found in Firefox. A web page containing malicious content could cause Firefox to reveal the contents of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810) A flaw was found in the way a malformed .properties file was processed by Firefox. A malicious extension could read uninitialized memory, possibly leaking sensitive data to the extension. (CVE-2008-2807) A flaw was found in the way Firefox escaped a listing of local file names. If a user could be tricked into listing a local directory containing malicious file names, arbitrary JavaScript could be run with the permissions of the user running Firefox. (CVE-2008-2808) A flaw was found in the way Firefox displayed information about self-signed certificates. It was possible for a self-signed certificate to contain multiple alternate name entries, which were not all displayed to the user, allowing them to mistakenly extend trust to an unknown site. (CVE-2008-2809) Updated packages update SeaMonkey to upstream version 1.1.10 to address these flaws: http://www.mozilla.org/projects/security/known- vulnerabilities.html#seamonkey1.1.10 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://www.mozilla.org/projects/security/known- script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/projects/security/known-" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=452597" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=452598" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=452599" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=452600" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=452602" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=452604" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=452605" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=452709" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=452710" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=452711" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=452712" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=453007" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-July/012175.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6bbca527" ); script_set_attribute( attribute:"solution", value:"Update the affected seamonkey package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 79, 200, 264, 287, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:seamonkey"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/07/07"); script_set_attribute(attribute:"patch_publication_date", value:"2008/07/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC8", reference:"seamonkey-1.1.10-1.fc8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey"); }
NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-5405.NASL description Mozilla Firefox was updated to version 2.0.0.15, fixing various bugs including following security bugs : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (CVE-2008-2798 / CVE-2008-2799 / MFSA 2008-21) - Mozilla contributor moz_bug_r_a4 submitted a set of vulnerabilities which allow scripts from one document to be executed in the context of a different document. These vulnerabilities could be used by an attacker to violate the same-origin policy and perform an XSS attack. (CVE-2008-2800 / MFSA 2008-22) - Security researcher Collin Jackson reported a series of vulnerabilities which allow JavaScript to be injected into signed JARs and executed under the context of the JAR last seen 2020-06-01 modified 2020-06-02 plugin id 33498 published 2008-07-15 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33498 title SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5405) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(33498); script_version ("1.21"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2806", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811"); script_name(english:"SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5405)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Mozilla Firefox was updated to version 2.0.0.15, fixing various bugs including following security bugs : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (CVE-2008-2798 / CVE-2008-2799 / MFSA 2008-21) - Mozilla contributor moz_bug_r_a4 submitted a set of vulnerabilities which allow scripts from one document to be executed in the context of a different document. These vulnerabilities could be used by an attacker to violate the same-origin policy and perform an XSS attack. (CVE-2008-2800 / MFSA 2008-22) - Security researcher Collin Jackson reported a series of vulnerabilities which allow JavaScript to be injected into signed JARs and executed under the context of the JAR's signer. This could allow an attacker to run JavaScript in a victim's browser with the privileges of a different website, provided the attacker possesses a JAR signed by the other website. (CVE-2008-2801 / MFSA 2008-23) - Mozilla contributor moz_bug_r_a4 reported a vulnerability that allowed non-priviliged XUL documents to load chrome scripts from the fastload file. This could allow an attacker to run arbitrary JavaScript code with chrome privileges. (CVE-2008-2802 / MFSA 2008-24) - Mozilla contributor moz_bug_r_a4 reported a vulnerability which allows arbitrary JavaScript to be executed with chrome privileges. The privilege escalation was possible because JavaScript loaded via mozIJSSubScriptLoader.loadSubScript() was not using XPCNativeWrappers when accessing content. This could allow an attacker to overwrite trusted objects with arbitrary code which would be executed with chrome privileges when the trusted objects were called by the browser. (CVE-2008-2803 / MFSA 2008-25) - Opera developer Claudio Santambrogio reported a vulnerability which allows malicious content to force the browser into uploading local files to the remote server. This could be used by an attacker to steal arbitrary files from a victim's computer. (CVE-2008-2805 / MFSA 2008-27) - Security researcher Gregory Fleischer reported a vulnerability in the way Mozilla indicates the origin of a document to the Java plugin. This vulnerability could allow a malicious Java applet to bypass the same-origin policy and create arbitrary socket connections to other domains. (CVE-2008-2806 / MFSA 2008-28) - Mozilla developer Daniel Glazman demonstrated that an improperly encoded .properties file in an add-on can result in uninitialized memory being used. This could potentially result in small chunks of data from other programs being exposed in the browser. (CVE-2008-2807 / MFSA 2008-29) - Mozilla contributor Masahiro Yamada reported that file URLs in directory listings were not being HTML escaped properly when the filenames contained particular characters. This resulted in files from directory listings being opened in unintended ways or files not being able to be opened by the browser altogether. (CVE-2008-2808 / MFSA 2008-30) - Mozilla developer John G. Myers reported a weakness in the trust model used by Mozilla regarding alternate names on self-signed certificates. A user could be prompted to accept a self-signed certificate from a website which includes alt-name entries. If the user accepted the certificate, they would also extend trust to any alternate domains listed in the certificate, despite not being prompted about the additional domains. This technique could be used by an attacker to impersonate another server. (CVE-2008-2809 / MFSA 2008-31) - Mozilla community member Geoff reported a vulnerability in the way Mozilla opens URL files sent directly to the browser. He demonstrated that such files were opened with local file privileges, giving the remote content access to read from the local filesystem. If a user opened a bookmark to a malicious page in this manner, the page could potentially read from other local files on the user's computer. (CVE-2008-2810 / MFSA 2008-32) - Security research firm Astabis, via the iSIGHT Partners GVP Program, reported a vulnerability in Mozilla's block reflow code. This vulnerablitity could be used by an attacker to crash the browser and run arbitrary code on the victim's computer. (CVE-2008-2811 / MFSA 2008-33)" ); # http://www.mozilla.org/security/announce/2008/mfsa2008-21.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-21/" ); # http://www.mozilla.org/security/announce/2008/mfsa2008-22.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-22/" ); # http://www.mozilla.org/security/announce/2008/mfsa2008-23.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-23/" ); # http://www.mozilla.org/security/announce/2008/mfsa2008-24.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-24/" ); # http://www.mozilla.org/security/announce/2008/mfsa2008-25.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-25/" ); # http://www.mozilla.org/security/announce/2008/mfsa2008-27.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-27/" ); # http://www.mozilla.org/security/announce/2008/mfsa2008-28.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-28/" ); # http://www.mozilla.org/security/announce/2008/mfsa2008-29.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-29/" ); # http://www.mozilla.org/security/announce/2008/mfsa2008-30.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-30/" ); # http://www.mozilla.org/security/announce/2008/mfsa2008-31.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-31/" ); # http://www.mozilla.org/security/announce/2008/mfsa2008-32.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-32/" ); # http://www.mozilla.org/security/announce/2008/mfsa2008-33.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-33/" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-2798.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-2799.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-2800.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-2801.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-2802.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-2803.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-2805.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-2806.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-2807.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-2808.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-2809.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-2810.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-2811.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 5405."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 79, 200, 264, 287, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/07/07"); script_set_attribute(attribute:"patch_publication_date", value:"2008/07/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:1, reference:"MozillaFirefox-2.0.0.15-0.2.3")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"MozillaFirefox-translations-2.0.0.15-0.2.3")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"MozillaFirefox-2.0.0.15-0.3")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"MozillaFirefox-translations-2.0.0.15-0.3")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"MozillaFirefox-2.0.0.15-0.2.3")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"MozillaFirefox-translations-2.0.0.15-0.2.3")) flag++; if (rpm_check(release:"SLES10", sp:2, reference:"MozillaFirefox-2.0.0.15-0.3")) flag++; if (rpm_check(release:"SLES10", sp:2, reference:"MozillaFirefox-translations-2.0.0.15-0.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");
NASL family SuSE Local Security Checks NASL id SUSE_SEAMONKEY-5600.NASL description SeaMonkey was updated to version 1.1.11. Problems fixed in the 1.1.11 update: CVE-2008-2785 MFSA 2008-34: An anonymous researcher, via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 34201 published 2008-09-14 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34201 title openSUSE 10 Security Update : seamonkey (seamonkey-5600) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update seamonkey-5600. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(34201); script_version ("1.12"); script_cvs_date("Date: 2019/10/25 13:36:33"); script_cve_id("CVE-2008-2785", "CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2806", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811"); script_name(english:"openSUSE 10 Security Update : seamonkey (seamonkey-5600)"); script_summary(english:"Check for the seamonkey-5600 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "SeaMonkey was updated to version 1.1.11. Problems fixed in the 1.1.11 update: CVE-2008-2785 MFSA 2008-34: An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla's internal CSSValue array data structure. The vulnerability was caused by an insufficiently sized variable being used as a reference counter for CSS objects. By creating a very large number of references to a common CSS object, this counter could be overflowed which could cause a crash when the browser attempts to free the CSS object while still in use. An attacker could use this crash to run arbitrary code on the victim's computer. Problems fixed in the 1.1.10 update: CVE-2008-2811 MFSA 2008-33: Security research firm Astabis reported a vulnerability in Firefox 2 submitted through the iSIGHT Partners GVP Program by Greg McManus, Primary GVP Researcher. The reported crash in Mozilla's block reflow code could be used by an attacker to crash the browser and run arbitrary code on the victim's computer. CVE-2008-2810 MFSA-2008-32: Mozilla community member Geoff reported a vulnerability in the way Mozilla opens URL files sent directly to the browser. He demonstrated that such files were opened with local file privileges, giving the remote content access to read from the local filesystem. If a user opened a bookmark to a malicious page in this manner, the page could potentially read from other local files on the user's computer. CVE-2008-2809 MFSA-2008-31: Mozilla developer John G. Myers reported a weakness in the trust model used by Mozilla regarding alternate names on self-signed certificates. A user could be prompted to accept a self-signed certificate from a website which includes alt-name entries. If the user accepted the certificate, they would also extend trust to any alternate domains listed in the certificate, despite not being prompted about the additional domains. This technique could be used by an attacker to impersonate another server. CVE-2008-2808 MFSA-2008-30: Mozilla contributor Masahiro Yamada reported that file URLs in directory listings were not being HTML escaped properly when the filenames contained particular characters. This resulted in files from directory listings being opened in unintended ways or files not being able to be opened by the browser altogether. CVE-2008-2807 MFSA-2008-29: Mozilla developer Daniel Glazman demonstrated that an improperly encoded .properties file in an add-on can result in uninitialized memory being used. This could potentially result in small chunks of data from other programs being exposed in the browser. CVE-2008-2806 MFSA-2008-28: Security researcher Gregory Fleischer reported a vulnerability in the way Mozilla indicates the origin of a document to the Java plugin. This vulnerability could allow a malicious Java applet to bypass the same-origin policy and create arbitrary socket connections to other domains. CVE-2008-2805 MFSA-2008-27: Opera developer Claudio Santambrogio reported a vulnerability which allows malicious content to force the browser into uploading local files to the remote server. This could be used by an attacker to steal arbitrary files from a victim's computer. MFSA-2008-26: As a follow-up to vulnerability reported in MFSA 2008-12 Mozilla has checked similar constructs in the rest of the MIME handling code. Although no further buffer overflows were found we changed several function calls to use safer versions of the string routines that will be more robust in the face of future code changes. CVE-2008-2803 MFSA-2008-25: Mozilla contributor moz_bug_r_a4 reported a vulnerability which allows arbitrary JavaScript to be executed with chrome privileges. The privilege escalation was possible because JavaScript loaded via mozIJSSubScriptLoader.loadSubScript() was not using XPCNativeWrappers when accessing content. This could allow an attacker to overwrite trusted objects with arbitrary code which would be executed with chrome privileges when the trusted objects were called by the browser. CVE-2008-2802 MFSA-2008-24: Mozilla contributor moz_bug_r_a4 reported a vulnerability that allowed non-priviliged XUL documents to load chrome scripts from the fastload file. This could allow an attacker to run arbitrary JavaScript code with chrome privileges. CVE-2008-2801 MFSA-2008-23: Security researcher Collin Jackson reported a series of vulnerabilities which allow JavaScript to be injected into signed JARs and executed under the context of the JAR's signer. This could allow an attacker to run JavaScript in a victim's browser with the privileges of a different website, provided the attacker possesses a JAR signed by the other website. CVE-2008-2800 MFSA-2008-22: Mozilla contributor moz_bug_r_a4 submitted a set of vulnerabilities which allow scripts from one document to be executed in the context of a different document. These vulnerabilities could be used by an attacker to violate the same-origin policy and perform an XSS attack. CVE-2008-2798 CVE-2008-2799 MFSA-2008-21: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code." ); script_set_attribute( attribute:"solution", value:"Update the affected seamonkey packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 79, 189, 200, 264, 287, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-irc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-spellchecker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-venkman"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3"); script_set_attribute(attribute:"patch_publication_date", value:"2008/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.3", reference:"seamonkey-1.1.11-3.1") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"seamonkey-dom-inspector-1.1.11-3.1") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"seamonkey-irc-1.1.11-3.1") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"seamonkey-mail-1.1.11-3.1") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"seamonkey-spellchecker-1.1.11-3.1") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"seamonkey-venkman-1.1.11-3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2008-6193.NASL description Updated seamonkey packages that fix several security issues are now available for Fedora 9. SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite. Multiple flaws were found in the processing of malformed JavaScript content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-2798, CVE-2008-2799, CVE-2008-2811) Several flaws were found in the way malformed web content was displayed. A web page containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-2800) Two local file disclosure flaws were found in Firefox. A web page containing malicious content could cause Firefox to reveal the contents of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810) A flaw was found in the way a malformed .properties file was processed by Firefox. A malicious extension could read uninitialized memory, possibly leaking sensitive data to the extension. (CVE-2008-2807) A flaw was found in the way Firefox escaped a listing of local file names. If a user could be tricked into listing a local directory containing malicious file names, arbitrary JavaScript could be run with the permissions of the user running Firefox. (CVE-2008-2808) A flaw was found in the way Firefox displayed information about self-signed certificates. It was possible for a self-signed certificate to contain multiple alternate name entries, which were not all displayed to the user, allowing them to mistakenly extend trust to an unknown site. (CVE-2008-2809) Updated packages update SeaMonkey to upstream version 1.1.10 to address these flaws: http://www.mozilla.org/projects/security/known- vulnerabilities.html#seamonkey1.1.10 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 33454 published 2008-07-10 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33454 title Fedora 9 : seamonkey-1.1.10-1.fc9 (2008-6193) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-6193. # include("compat.inc"); if (description) { script_id(33454); script_version ("1.21"); script_cvs_date("Date: 2019/08/02 13:32:28"); script_cve_id("CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2806", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811"); script_bugtraq_id(30038); script_xref(name:"FEDORA", value:"2008-6193"); script_name(english:"Fedora 9 : seamonkey-1.1.10-1.fc9 (2008-6193)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated seamonkey packages that fix several security issues are now available for Fedora 9. SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite. Multiple flaws were found in the processing of malformed JavaScript content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-2798, CVE-2008-2799, CVE-2008-2811) Several flaws were found in the way malformed web content was displayed. A web page containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-2800) Two local file disclosure flaws were found in Firefox. A web page containing malicious content could cause Firefox to reveal the contents of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810) A flaw was found in the way a malformed .properties file was processed by Firefox. A malicious extension could read uninitialized memory, possibly leaking sensitive data to the extension. (CVE-2008-2807) A flaw was found in the way Firefox escaped a listing of local file names. If a user could be tricked into listing a local directory containing malicious file names, arbitrary JavaScript could be run with the permissions of the user running Firefox. (CVE-2008-2808) A flaw was found in the way Firefox displayed information about self-signed certificates. It was possible for a self-signed certificate to contain multiple alternate name entries, which were not all displayed to the user, allowing them to mistakenly extend trust to an unknown site. (CVE-2008-2809) Updated packages update SeaMonkey to upstream version 1.1.10 to address these flaws: http://www.mozilla.org/projects/security/known- vulnerabilities.html#seamonkey1.1.10 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://www.mozilla.org/projects/security/known- script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/projects/security/known-" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=452597" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=452598" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=452599" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=452600" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=452602" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=452604" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=452605" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=452709" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=452710" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=452711" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=452712" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=453007" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-July/012168.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?12706614" ); script_set_attribute( attribute:"solution", value:"Update the affected seamonkey package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 79, 200, 264, 287, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:seamonkey"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:9"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/07/07"); script_set_attribute(attribute:"patch_publication_date", value:"2008/07/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 9.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC9", reference:"seamonkey-1.1.10-1.fc9")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey"); }
NASL family Windows NASL id MOZILLA_FIREFOX_20015.NASL description The installed version of Firefox is affected by various security issues : - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption (MFSA 2008-21). - A vulnerability involving violation of the same-origin policy could allow for cross-site scripting attacks (MFSA 2008-22). - JavaScript can be injected into the context of signed JARs and executed under the context of the JAR last seen 2020-06-01 modified 2020-06-02 plugin id 33393 published 2008-07-02 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33393 title Firefox < 2.0.0.15 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(33393); script_version("1.14"); script_cve_id( "CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2806", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811" ); script_bugtraq_id(30038); script_xref(name:"Secunia", value:"30911"); script_name(english:"Firefox < 2.0.0.15 Multiple Vulnerabilities"); script_summary(english:"Checks version of Firefox"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a web browser that is affected by multiple vulnerabilities." ); script_set_attribute(attribute:"description", value: "The installed version of Firefox is affected by various security issues : - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption (MFSA 2008-21). - A vulnerability involving violation of the same-origin policy could allow for cross-site scripting attacks (MFSA 2008-22). - JavaScript can be injected into the context of signed JARs and executed under the context of the JAR's signer (MFSA 2008-23). - By taking advantage of the privilege level stored in the pre-compiled 'fastload' file, an attacker may be able to run arbitrary JavaScript code with chrome privileges (MFSA 2008-24). - Arbitrary code execution is possible in 'mozIJSSubScriptLoader.loadSubScript()' (MFSA 2008-25). - An attacker can steal files from known locations on a victim's computer via originalTarget and DOM Range (MFSA 2008-27). - It is possible for a malicious Java applet to bypass the same-origin policy and create arbitrary socket connections to other domains (MFSA 2008-28). - An improperly encoded '.properties' file in an add-on can result in uninitialized memory being used, which could lead to data formerly used by other programs being exposed to the add-on code (MFSA 2008-29). - File URLs in directory listings are not properly HTML- escaped when the filenames contained particular characters (MFSA 2008-30). - A weakness in the trust model regarding alt names on peer-trusted certs could lead to spoofing secure connections to any other site (MFSA 2008-31). - URL shortcut files on Windows (for example, saved IE favorites) could be interpreted as if they were in the local file context when opened by Firefox, although the referenced remote content would be downloaded and displayed (MFSA 2008-32). - A crash in Mozilla's block reflow code could be used by an attacker to crash the browser and run arbitrary code on the victim's computer (MFSA 2008-33)." ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-21/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-22/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-23/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-24/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-25/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-27/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-28/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-29/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-30/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-31/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-32/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-33/" ); script_set_attribute(attribute:"solution", value: "Upgrade to Firefox 2.0.0.15 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 79, 200, 264, 287, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/07/02"); script_set_attribute(attribute:"patch_publication_date", value: "2008/07/01"); script_cvs_date("Date: 2018/07/16 14:09:14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Firefox/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item_or_exit("SMB/transport"); installs = get_kb_list("SMB/Mozilla/Firefox/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox"); mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'2.0.0.15', severity:SECURITY_HOLE);
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-619-1.NASL description Various flaws were discovered in the browser engine. By tricking a user into opening a malicious web page, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2798, CVE-2008-2799) Several problems were discovered in the JavaScript engine. If a user were tricked into opening a malicious web page, an attacker could perform cross-site scripting attacks. (CVE-2008-2800) Collin Jackson discovered various flaws in the JavaScript engine which allowed JavaScript to be injected into signed JAR files. If a user were tricked into opening malicious web content, an attacker may be able to execute arbitrary code with the privileges of a different website or link content within the JAR file to an attacker-controlled JavaScript file. (CVE-2008-2801) It was discovered that Firefox would allow non-privileged XUL documents to load chrome scripts from the fastload file. This could allow an attacker to execute arbitrary JavaScript code with chrome privileges. (CVE-2008-2802) A flaw was discovered in Firefox that allowed overwriting trusted objects via mozIJSSubScriptLoader.loadSubScript(). If a user were tricked into opening a malicious web page, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2803) Claudio Santambrogio discovered a vulnerability in Firefox which could lead to stealing of arbitrary files. If a user were tricked into opening malicious content, an attacker could force the browser into uploading local files to the remote server. (CVE-2008-2805) Gregory Fleischer discovered a flaw in Java LiveConnect. An attacker could exploit this to bypass the same-origin policy and create arbitrary socket connections to other domains. (CVE-2008-2806) Daniel Glazman found that an improperly encoded .properties file in an add-on can result in uninitialized memory being used. If a user were tricked into installing a malicious add-on, the browser may be able to see data from other programs. (CVE-2008-2807) Masahiro Yamada discovered that Firefox did not properly sanitize file URLs in directory listings, resulting in files from directory listings being opened in unintended ways or not being able to be opened by the browser at all. (CVE-2008-2808) John G. Myers discovered a weakness in the trust model used by Firefox regarding alternate names on self-signed certificates. If a user were tricked into accepting a certificate containing alternate name entries, an attacker could impersonate another server. (CVE-2008-2809) A flaw was discovered in the way Firefox opened URL files. If a user were tricked into opening a bookmark to a malicious web page, the page could potentially read from local files on the user last seen 2020-06-01 modified 2020-06-02 plugin id 33436 published 2008-07-08 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33436 title Ubuntu 6.06 LTS / 7.04 / 7.10 : firefox vulnerabilities (USN-619-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-619-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(33436); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:33:02"); script_cve_id("CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2806", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811"); script_xref(name:"USN", value:"619-1"); script_name(english:"Ubuntu 6.06 LTS / 7.04 / 7.10 : firefox vulnerabilities (USN-619-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Various flaws were discovered in the browser engine. By tricking a user into opening a malicious web page, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2798, CVE-2008-2799) Several problems were discovered in the JavaScript engine. If a user were tricked into opening a malicious web page, an attacker could perform cross-site scripting attacks. (CVE-2008-2800) Collin Jackson discovered various flaws in the JavaScript engine which allowed JavaScript to be injected into signed JAR files. If a user were tricked into opening malicious web content, an attacker may be able to execute arbitrary code with the privileges of a different website or link content within the JAR file to an attacker-controlled JavaScript file. (CVE-2008-2801) It was discovered that Firefox would allow non-privileged XUL documents to load chrome scripts from the fastload file. This could allow an attacker to execute arbitrary JavaScript code with chrome privileges. (CVE-2008-2802) A flaw was discovered in Firefox that allowed overwriting trusted objects via mozIJSSubScriptLoader.loadSubScript(). If a user were tricked into opening a malicious web page, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2803) Claudio Santambrogio discovered a vulnerability in Firefox which could lead to stealing of arbitrary files. If a user were tricked into opening malicious content, an attacker could force the browser into uploading local files to the remote server. (CVE-2008-2805) Gregory Fleischer discovered a flaw in Java LiveConnect. An attacker could exploit this to bypass the same-origin policy and create arbitrary socket connections to other domains. (CVE-2008-2806) Daniel Glazman found that an improperly encoded .properties file in an add-on can result in uninitialized memory being used. If a user were tricked into installing a malicious add-on, the browser may be able to see data from other programs. (CVE-2008-2807) Masahiro Yamada discovered that Firefox did not properly sanitize file URLs in directory listings, resulting in files from directory listings being opened in unintended ways or not being able to be opened by the browser at all. (CVE-2008-2808) John G. Myers discovered a weakness in the trust model used by Firefox regarding alternate names on self-signed certificates. If a user were tricked into accepting a certificate containing alternate name entries, an attacker could impersonate another server. (CVE-2008-2809) A flaw was discovered in the way Firefox opened URL files. If a user were tricked into opening a bookmark to a malicious web page, the page could potentially read from local files on the user's computer. (CVE-2008-2810) A vulnerability was discovered in the block reflow code of Firefox. This vulnerability could be used by an attacker to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2811). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/619-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 79, 200, 264, 287, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-libthai"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnspr-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnspr4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-gnome-support"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10"); script_set_attribute(attribute:"patch_publication_date", value:"2008/07/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.06|7\.04|7\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 7.04 / 7.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"firefox", pkgver:"1.5.dfsg+1.5.0.15~prepatch080614c-0ubuntu1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"firefox-dbg", pkgver:"1.5.dfsg+1.5.0.15~prepatch080614c-0ubuntu1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"firefox-dev", pkgver:"1.5.dfsg+1.5.0.15~prepatch080614c-0ubuntu1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"firefox-dom-inspector", pkgver:"1.5.dfsg+1.5.0.15~prepatch080614c-0ubuntu1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"firefox-gnome-support", pkgver:"1.5.dfsg+1.5.0.15~prepatch080614c-0ubuntu1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libnspr-dev", pkgver:"1.firefox1.5.dfsg+1.5.0.15~prepatch080614c-0ubuntu1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libnspr4", pkgver:"1.firefox1.5.dfsg+1.5.0.15~prepatch080614c-0ubuntu1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libnss-dev", pkgver:"1.firefox1.5.dfsg+1.5.0.15~prepatch080614c-0ubuntu1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libnss3", pkgver:"1.firefox1.5.dfsg+1.5.0.15~prepatch080614c-0ubuntu1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"mozilla-firefox", pkgver:"1.5.dfsg+1.5.0.15~prepatch080614c-0ubuntu1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"mozilla-firefox-dev", pkgver:"1.5.dfsg+1.5.0.15~prepatch080614c-0ubuntu1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"firefox", pkgver:"2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"firefox-dbg", pkgver:"2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"firefox-dev", pkgver:"2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"firefox-dom-inspector", pkgver:"2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"firefox-gnome-support", pkgver:"2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"firefox-libthai", pkgver:"2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"libnspr-dev", pkgver:"1.firefox2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"libnspr4", pkgver:"1.firefox2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"libnss-dev", pkgver:"1.firefox2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"libnss3", pkgver:"1.firefox2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"mozilla-firefox", pkgver:"2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"mozilla-firefox-dev", pkgver:"2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"mozilla-firefox-dom-inspector", pkgver:"2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"mozilla-firefox-gnome-support", pkgver:"2.0.0.15+0nobinonly-0ubuntu0.7.4")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"firefox", pkgver:"2.0.0.15+1nobinonly-0ubuntu0.7.10")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"firefox-dbg", pkgver:"2.0.0.15+1nobinonly-0ubuntu0.7.10")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"firefox-dev", pkgver:"2.0.0.15+1nobinonly-0ubuntu0.7.10")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"firefox-dom-inspector", pkgver:"2.0.0.15+1nobinonly-0ubuntu0.7.10")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"firefox-gnome-support", pkgver:"2.0.0.15+1nobinonly-0ubuntu0.7.10")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"firefox-libthai", pkgver:"2.0.0.15+1nobinonly-0ubuntu0.7.10")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / firefox-dbg / firefox-dev / firefox-dom-inspector / etc"); }
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2008-191-03.NASL description New seamonkey packages are available for Slackware 11.0, 12.0, 12.1, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 33466 published 2008-07-10 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33466 title Slackware 11.0 / 12.0 / 12.1 / current : seamonkey (SSA:2008-191-03) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2008-191-03. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(33466); script_version("1.16"); script_cvs_date("Date: 2019/10/25 13:36:21"); script_cve_id("CVE-2008-1380", "CVE-2008-2798", "CVE-2008-2799", "CVE-2008-2800", "CVE-2008-2801", "CVE-2008-2802", "CVE-2008-2803", "CVE-2008-2805", "CVE-2008-2806", "CVE-2008-2807", "CVE-2008-2808", "CVE-2008-2809", "CVE-2008-2810", "CVE-2008-2811"); script_bugtraq_id(30038); script_xref(name:"SSA", value:"2008-191-03"); script_name(english:"Slackware 11.0 / 12.0 / 12.1 / current : seamonkey (SSA:2008-191-03)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New seamonkey packages are available for Slackware 11.0, 12.0, 12.1, and -current to fix security issues." ); # http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?637d935f" ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?649b6e09" ); script_set_attribute( attribute:"solution", value:"Update the affected seamonkey package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 79, 200, 264, 287, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:seamonkey"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:11.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/04/17"); script_set_attribute(attribute:"patch_publication_date", value:"2008/07/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"11.0", pkgname:"seamonkey", pkgver:"1.1.10", pkgarch:"i486", pkgnum:"1_slack11.0")) flag++; if (slackware_check(osver:"12.0", pkgname:"seamonkey", pkgver:"1.1.10", pkgarch:"i486", pkgnum:"1_slack12.0")) flag++; if (slackware_check(osver:"12.1", pkgname:"seamonkey", pkgver:"1.1.10", pkgarch:"i486", pkgnum:"1_slack12.1")) flag++; if (slackware_check(osver:"current", pkgname:"seamonkey", pkgver:"1.1.10", pkgarch:"i486", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 30038 CVE ID:CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2806 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2810 CVE-2008-2811 CNCVE ID:CNCVE-20082798 CNCVE-20082799 CNCVE-20082800 CNCVE-20082801 CNCVE-20082802 CNCVE-20082803 CNCVE-20082805 CNCVE-20082806 CNCVE-20082807 CNCVE-20082808 CNCVE-20082809 CNCVE-20082810 CNCVE-20082811 Mozilla Firefox是一款开放源代码的WEB浏览器。 Mozilla Firefox存在错个安全问题,远程攻击者可以利用漏洞获得敏感信息或进行拒绝服务,任意代码执行攻击。 -处理畸形JavaScript内容存在缺陷,可导致Firefox崩溃,可能导致任意代码执行(CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)。 -处理畸形WEB内容页存在缺陷,可导致Firefox崩溃,可能导致任意代码执行(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)。 -特殊构建包含特殊内容的WEB页诱使Firefox用户处理可导致敏感信息泄漏(CVE-2008-2800)。 -Firefox存在两个本地文件泄漏问题,包含恶意内容的WEB页可泄漏本地文件内容(CVE-2008-2805, CVE-2008-2810)。 -处理畸形.properties文件存在缺陷,恶意扩展会读取未初始化内存,导致泄漏敏感数据给扩展(CVE-2008-2807)。 -firefox转义本地文件名列表存在缺陷,如果用户被诱使访问包含恶意文件名的本地目录,可导致以运行Firefox用户权限执行任意JavaScript。 -Firefox显示自签名证书信息存在缺陷,如果自签名证书包含多个预备名条目,缺陷可导致不显示个用户,导致错误的扩展可信证书到不可信站点。 Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 lpia Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux AS 2.1 RedHat Enterprise Linux 5 server RedHat Desktop 4.0 RedHat Desktop 3.0 RedHat Advanced Workstation for the Itanium Processor 2.1 Mozilla SeaMonkey 1.1.9 Mozilla SeaMonkey 1.1.8 Mozilla SeaMonkey 1.1.7 Mozilla SeaMonkey 1.1.6 Mozilla SeaMonkey 1.1.5 Mozilla SeaMonkey 1.1.4 Mozilla SeaMonkey 1.1.3 Mozilla SeaMonkey 1.1.2 Mozilla SeaMonkey 1.1.1 Mozilla SeaMonkey 1.1 beta Mozilla Firefox 2.0 8 Mozilla Firefox 2.0 .9 Mozilla Firefox 2.0 .7 Mozilla Firefox 2.0 .6 Mozilla Firefox 2.0 .5 Mozilla Firefox 2.0 .4 Mozilla Firefox 2.0 .10 Mozilla Firefox 2.0 .1 Mozilla Firefox 2.0.0.3 Mozilla Firefox 2.0.0.2 Mozilla Firefox 2.0.0.14 Mozilla Firefox 2.0.0.13 Mozilla Firefox 2.0.0.12 Mozilla Firefox 2.0.0.11 Mozilla Firefox 2.0 RC3 Mozilla Firefox 2.0 RC2 Mozilla Firefox 2.0 beta 1 Mozilla Firefox 2.0 升级程序: Mozilla Firefox 2.0.0.3 * Mozilla Mozilla Firefox Download <a href=http://www.mozilla.com/en-US/firefox/all.html target=_blank>http://www.mozilla.com/en-US/firefox/all.html</a> Mozilla Firefox 2.0.0.12 * Mozilla Mozilla Firefox Download <a href=http://www.mozilla.com/en-US/firefox/all.html target=_blank>http://www.mozilla.com/en-US/firefox/all.html</a> Mozilla Firefox 2.0.0.11 * Mozilla Mozilla Firefox Download <a href=http://www.mozilla.com/en-US/firefox/all.html target=_blank>http://www.mozilla.com/en-US/firefox/all.html</a> Mozilla Firefox 2.0.0.2 * Mozilla Mozilla Firefox Download <a href=http://www.mozilla.com/en-US/firefox/all.html target=_blank>http://www.mozilla.com/en-US/firefox/all.html</a> Mozilla Firefox 2.0 RC2 * Mozilla Mozilla Firefox Download <a href=http://www.mozilla.com/en-US/firefox/all.html target=_blank>http://www.mozilla.com/en-US/firefox/all.html</a> Mozilla Firefox 2.0 * Mozilla Mozilla Firefox Download <a href=http://www.mozilla.com/en-US/firefox/all.html target=_blank>http://www.mozilla.com/en-US/firefox/all.html</a> Mozilla Firefox 2.0 RC3 * Mozilla Mozilla Firefox Download <a href=http://www.mozilla.com/en-US/firefox/all.html target=_blank>http://www.mozilla.com/en-US/firefox/all.html</a> Mozilla Firefox 2.0 beta 1 * Mozilla Mozilla Firefox Download <a href=http://www.mozilla.com/en-US/firefox/all.html target=_blank>http://www.mozilla.com/en-US/firefox/all.html</a> Mozilla Firefox 2.0 .9 * Mozilla Mozilla Firefox Download <a href=http://www.mozilla.com/en-US/firefox/all.html target=_blank>http://www.mozilla.com/en-US/firefox/all.html</a> Mozilla Firefox 2.0 .6 * Mozilla Mozilla Firefox Download <a href=http://www.mozilla.com/en-US/firefox/all.html target=_blank>http://www.mozilla.com/en-US/firefox/all.html</a> Mozilla Firefox 2.0 .5 * Mozilla Mozilla Firefox Download <a href=http://www.mozilla.com/en-US/firefox/all.html target=_blank>http://www.mozilla.com/en-US/firefox/all.html</a> Mozilla Firefox 2.0 .1 * Mozilla Mozilla Firefox Download <a href=http://www.mozilla.com/en-US/firefox/all.html target=_blank>http://www.mozilla.com/en-US/firefox/all.html</a> Mozilla Firefox 2.0 8 * Mozilla Mozilla Firefox Download <a href=http://www.mozilla.com/en-US/firefox/all.html target=_blank>http://www.mozilla.com/en-US/firefox/all.html</a> Mozilla Firefox 2.0 .7 * Mozilla Mozilla Firefox Download <a href=http://www.mozilla.com/en-US/firefox/all.html target=_blank>http://www.mozilla.com/en-US/firefox/all.html</a> Mozilla Firefox 2.0 .10 * Mozilla Mozilla Firefox Download <a href=http://www.mozilla.com/en-US/firefox/all.html target=_blank>http://www.mozilla.com/en-US/firefox/all.html</a> Mozilla Firefox 2.0 .4 * Mozilla Mozilla Firefox Download <a href=http://www.mozilla.com/en-US/firefox/all.html target=_blank>http://www.mozilla.com/en-US/firefox/all.html</a> |
id | SSV:3533 |
last seen | 2017-11-19 |
modified | 2008-07-03 |
published | 2008-07-03 |
reporter | Root |
title | Mozilla Firefox 2.0.0.14存在多个远程漏洞 |
References
- http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html
- http://secunia.com/advisories/30898
- http://secunia.com/advisories/30911
- http://secunia.com/advisories/31005
- http://secunia.com/advisories/31008
- http://secunia.com/advisories/31021
- http://secunia.com/advisories/31023
- http://secunia.com/advisories/31076
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911
- http://wiki.rpath.com/Advisories:rPSA-2008-0216
- http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15
- http://www.mozilla.org/security/announce/2008/mfsa2008-28.html
- http://www.securityfocus.com/archive/1/494080/100/0/threaded
- http://www.securityfocus.com/bid/30038
- http://www.securitytracker.com/id?1020419
- http://www.ubuntu.com/usn/usn-619-1
- http://www.vupen.com/english/advisories/2008/1993/references
- https://bugzilla.mozilla.org/show_bug.cgi?id=408329
- https://issues.rpath.com/browse/RPL-2646
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html