Vulnerabilities > CVE-2008-5513 - Cross-Site Scripting vulnerability in multiple products

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE

Summary

Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data.

Vulnerable Configurations

Part Description Count
Application
Mozilla
71
OS
Canonical
3
OS
Debian
2

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Embedding Scripts in Non-Script Elements
    This attack is a form of Cross-Site Scripting (XSS) where malicious scripts are embedded in elements that are not expected to host scripts such as image tags (<img>), comments in XML documents (< !-CDATA->), etc. These tags may not be subject to the same input validation, output validation, and other content filtering and checking routines, so this can create an opportunity for an attacker to tunnel through the application's elements and launch a XSS attack through other elements. As with all remote attacks, it is important to differentiate the ability to launch an attack (such as probing an internal network for unpatched servers) and the ability of the remote attacker to collect and interpret the output of said attack.
  • Embedding Scripts within Scripts
    An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
  • Cross-Site Scripting in Error Pages
    An attacker distributes a link (or possibly some other query structure) with a request to a third party web server that is malformed and also contains a block of exploit code in order to have the exploit become live code in the resulting error page. When the third party web server receives the crafted request and notes the error it then creates an error message that echoes the malformed message, including the exploit. Doing this converts the exploit portion of the message into to valid language elements that are executed by the viewing browser. When a victim executes the query provided by the attacker the infected error message error message is returned including the exploit code which then runs in the victim's browser. XSS can result in execution of code as well as data leakage (e.g. session cookies can be sent to the attacker). This type of attack is especially dangerous since the exploit appears to come from the third party web server, who the victim may trust and hence be more vulnerable to deception.
  • Cross-Site Scripting Using Alternate Syntax
    The attacker uses alternate forms of keywords or commands that result in the same action as the primary form but which may not be caught by filters. For example, many keywords are processed in a case insensitive manner. If the site's web filtering algorithm does not convert all tags into a consistent case before the comparison with forbidden keywords it is possible to bypass filters (e.g., incomplete black lists) by using an alternate case structure. For example, the "script" tag using the alternate forms of "Script" or "ScRiPt" may bypass filters where "script" is the only form tested. Other variants using different syntax representations are also possible as well as using pollution meta-characters or entities that are eventually ignored by the rendering engine. The attack can result in the execution of otherwise prohibited functionality.

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-0002.NASL
    descriptionUpdated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513) Several flaws were found in the way malformed content was processed. An HTML mail message containing specially crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2008-5503, CVE-2008-5506, CVE-2008-5507) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. A flaw was found in the way malformed URLs were processed by Thunderbird. This flaw could prevent various URL sanitization mechanisms from properly parsing a malicious URL. (CVE-2008-5508) All Thunderbird users should upgrade to these updated packages, which resolve these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id35315
    published2009-01-08
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35315
    titleRHEL 4 / 5 : thunderbird (RHSA-2009:0002)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2009:0002. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(35315);
      script_version ("1.26");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2008-5500", "CVE-2008-5501", "CVE-2008-5502", "CVE-2008-5503", "CVE-2008-5506", "CVE-2008-5507", "CVE-2008-5508", "CVE-2008-5511", "CVE-2008-5512", "CVE-2008-5513");
      script_bugtraq_id(32882);
      script_xref(name:"RHSA", value:"2009:0002");
    
      script_name(english:"RHEL 4 / 5 : thunderbird (RHSA-2009:0002)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated thunderbird packages that fix several security issues are now
    available for Red Hat Enterprise Linux 4 and 5.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Mozilla Thunderbird is a standalone mail and newsgroup client.
    
    Several flaws were found in the processing of malformed HTML mail
    content. An HTML mail message containing malicious content could cause
    Thunderbird to crash or, potentially, execute arbitrary code as the
    user running Thunderbird. (CVE-2008-5500, CVE-2008-5501,
    CVE-2008-5502, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513)
    
    Several flaws were found in the way malformed content was processed.
    An HTML mail message containing specially crafted content could
    potentially trick a Thunderbird user into surrendering sensitive
    information. (CVE-2008-5503, CVE-2008-5506, CVE-2008-5507)
    
    Note: JavaScript support is disabled by default in Thunderbird; the
    above issues are not exploitable unless JavaScript is enabled.
    
    A flaw was found in the way malformed URLs were processed by
    Thunderbird. This flaw could prevent various URL sanitization
    mechanisms from properly parsing a malicious URL. (CVE-2008-5508)
    
    All Thunderbird users should upgrade to these updated packages, which
    resolve these issues. All running instances of Thunderbird must be
    restarted for the update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-5500"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-5501"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-5502"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-5503"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-5506"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-5507"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-5508"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-5511"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-5512"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-5513"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2009:0002"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected thunderbird package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 79, 200, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:thunderbird");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/12/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/01/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/01/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2009:0002";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", reference:"thunderbird-1.5.0.12-18.el4")) flag++;
    
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"thunderbird-2.0.0.19-1.el5_2")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"thunderbird-2.0.0.19-1.el5_2")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird");
      }
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20081216_FIREFOX_ON_SL4_X.NASL
    descriptionSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-5506, CVE-2008-5507) A flaw was found in the way Firefox stored attributes in XML User Interface Language (XUL) elements. A website could use this flaw to track users across browser sessions, even if users did not allow the site to store cookies in the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id60506
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60506
    titleScientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60506);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/25 13:36:18");
    
      script_cve_id("CVE-2008-5500", "CVE-2008-5501", "CVE-2008-5502", "CVE-2008-5505", "CVE-2008-5506", "CVE-2008-5507", "CVE-2008-5508", "CVE-2008-5510", "CVE-2008-5511", "CVE-2008-5512", "CVE-2008-5513");
    
      script_name(english:"Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several flaws were found in the processing of malformed web content. A
    web page containing malicious content could cause Firefox to crash or,
    potentially, execute arbitrary code as the user running Firefox.
    (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511,
    CVE-2008-5512, CVE-2008-5513)
    
    Several flaws were found in the way malformed content was processed. A
    website containing specially crafted content could potentially trick a
    Firefox user into surrendering sensitive information. (CVE-2008-5506,
    CVE-2008-5507)
    
    A flaw was found in the way Firefox stored attributes in XML User
    Interface Language (XUL) elements. A website could use this flaw to
    track users across browser sessions, even if users did not allow the
    site to store cookies in the victim's browser. (CVE-2008-5505)
    
    A flaw was found in the way malformed URLs were processed by Firefox.
    This flaw could prevent various URL sanitization mechanisms from
    properly parsing a malicious URL. (CVE-2008-5508)
    
    A flaw was found in Firefox's CSS parser. A malicious web page could
    inject NULL characters into a CSS input string, possibly bypassing an
    application's script sanitization routines. (CVE-2008-5510)
    
    For technical details regarding these flaws, please see the Mozilla
    security advisories for Firefox 3.0.5. You can find a link to the
    Mozilla advisories in the References section.
    
    Note: after the errata packages are installed, Firefox must be
    restarted for the update to take effect."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0812&L=scientific-linux-errata&T=0&P=1263
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?012cdd0a"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(20, 79, 200, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/12/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/12/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL4", reference:"firefox-3.0.5-1.el4")) flag++;
    if (rpm_check(release:"SL4", reference:"nspr-4.7.3-1.el4")) flag++;
    if (rpm_check(release:"SL4", reference:"nspr-devel-4.7.3-1.el4")) flag++;
    if (rpm_check(release:"SL4", reference:"nss-3.12.2.0-1.el4")) flag++;
    if (rpm_check(release:"SL4", reference:"nss-devel-3.12.2.0-1.el4")) flag++;
    
    if (rpm_check(release:"SL5", reference:"firefox-3.0.5-1.el5_2")) flag++;
    if (rpm_check(release:"SL5", reference:"nspr-4.7.3-2.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"nspr-devel-4.7.3-2.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"nss-3.12.2.0-2.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"nss-devel-3.12.2.0-2.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"nss-pkcs11-devel-3.12.2.0-2.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"nss-tools-3.12.2.0-2.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"xulrunner-1.9.0.5-1.el5_2")) flag++;
    if (rpm_check(release:"SL5", reference:"xulrunner-devel-1.9.0.5-1.el5_2")) flag++;
    if (rpm_check(release:"SL5", reference:"xulrunner-devel-unstable-1.9.0.5-1.el5_2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-690-1.NASL
    descriptionSeveral flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502) It was discovered that Firefox did not properly handle persistent cookie data. If a user were tricked into opening a malicious website, an attacker could write persistent data in the user
    last seen2020-06-01
    modified2020-06-02
    plugin id36262
    published2009-04-23
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36262
    titleUbuntu 8.04 LTS / 8.10 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-690-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-690-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(36262);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:33:02");
    
      script_cve_id("CVE-2008-5500", "CVE-2008-5501", "CVE-2008-5502", "CVE-2008-5505", "CVE-2008-5506", "CVE-2008-5507", "CVE-2008-5508", "CVE-2008-5510", "CVE-2008-5511", "CVE-2008-5512", "CVE-2008-5513");
      script_bugtraq_id(32882);
      script_xref(name:"USN", value:"690-1");
    
      script_name(english:"Ubuntu 8.04 LTS / 8.10 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-690-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several flaws were discovered in the browser engine. These problems
    could allow an attacker to crash the browser and possibly execute
    arbitrary code with user privileges. (CVE-2008-5500, CVE-2008-5501,
    CVE-2008-5502)
    
    It was discovered that Firefox did not properly handle persistent
    cookie data. If a user were tricked into opening a malicious website,
    an attacker could write persistent data in the user's browser and
    track the user across browsing sessions. (CVE-2008-5505)
    
    Marius Schilder discovered that Firefox did not properly handle
    redirects to an outside domain when an XMLHttpRequest was made to a
    same-origin resource. It's possible that sensitive information could
    be revealed in the XMLHttpRequest response. (CVE-2008-5506)
    
    Chris Evans discovered that Firefox did not properly protect a user's
    data when accessing a same-domain JavaScript URL that is redirected to
    an unparsable JavaScript off-site resource. If a user were tricked
    into opening a malicious website, an attacker may be able to steal a
    limited amount of private data. (CVE-2008-5507)
    
    Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered
    Firefox did not properly parse URLs when processing certain control
    characters. (CVE-2008-5508)
    
    Kojima Hajime discovered that Firefox did not properly handle an
    escaped null character. An attacker may be able to exploit this flaw
    to bypass script sanitization. (CVE-2008-5510)
    
    Several flaws were discovered in the JavaScript engine. If a user were
    tricked into opening a malicious website, an attacker could exploit
    this to execute arbitrary JavaScript code within the context of
    another website or with chrome privileges. (CVE-2008-5511,
    CVE-2008-5512)
    
    Flaws were discovered in the session-restore feature of Firefox. If a
    user were tricked into opening a malicious website, an attacker could
    exploit this to perform cross-site scripting attacks or execute
    arbitrary JavaScript code with chrome privileges. (CVE-2008-5513).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/690-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 79, 200, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0-branding");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-branding");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-gnome-support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-venkman");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-gnome-support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-libthai");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-gnome-support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-venkman");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-gnome-support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-venkman");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-dev");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/12/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(8\.04|8\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 8.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"8.04", pkgname:"firefox", pkgver:"3.0.5+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-3.0", pkgver:"3.0.5+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-3.0-dev", pkgver:"3.0.5+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-3.0-dom-inspector", pkgver:"3.0.5+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-3.0-gnome-support", pkgver:"3.0.5+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-3.0-venkman", pkgver:"3.0.5+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-dev", pkgver:"3.0.5+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-dom-inspector", pkgver:"3.0.5+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-gnome-support", pkgver:"3.0.5+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-granparadiso", pkgver:"3.0.5+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-granparadiso-dev", pkgver:"3.0.5+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-granparadiso-dom-inspector", pkgver:"3.0.5+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-granparadiso-gnome-support", pkgver:"3.0.5+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-libthai", pkgver:"3.0.5+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-trunk", pkgver:"3.0.5+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-trunk-dev", pkgver:"3.0.5+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-trunk-dom-inspector", pkgver:"3.0.5+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-trunk-gnome-support", pkgver:"3.0.5+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-trunk-venkman", pkgver:"3.0.5+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9", pkgver:"1.9.0.5+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9-dev", pkgver:"1.9.0.5+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9-dom-inspector", pkgver:"1.9.0.5+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9-gnome-support", pkgver:"1.9.0.5+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9-venkman", pkgver:"1.9.0.5+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"abrowser", pkgver:"3.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"abrowser-3.0-branding", pkgver:"3.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"firefox", pkgver:"3.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"firefox-3.0", pkgver:"3.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"firefox-3.0-branding", pkgver:"3.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"firefox-3.0-dev", pkgver:"3.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"firefox-3.0-dom-inspector", pkgver:"3.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"firefox-3.0-gnome-support", pkgver:"3.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"firefox-3.0-venkman", pkgver:"3.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"firefox-dev", pkgver:"3.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"firefox-dom-inspector", pkgver:"3.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"firefox-gnome-support", pkgver:"3.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"firefox-granparadiso", pkgver:"3.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"firefox-granparadiso-dev", pkgver:"3.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"firefox-granparadiso-dom-inspector", pkgver:"3.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"firefox-granparadiso-gnome-support", pkgver:"3.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"firefox-libthai", pkgver:"3.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"firefox-trunk", pkgver:"3.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"firefox-trunk-dev", pkgver:"3.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"firefox-trunk-dom-inspector", pkgver:"3.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"firefox-trunk-gnome-support", pkgver:"3.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"firefox-trunk-venkman", pkgver:"3.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"xulrunner-1.9", pkgver:"1.9.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"xulrunner-1.9-dev", pkgver:"1.9.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"xulrunner-1.9-dom-inspector", pkgver:"1.9.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"xulrunner-1.9-gnome-support", pkgver:"1.9.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"xulrunner-1.9-venkman", pkgver:"1.9.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"xulrunner-dev", pkgver:"1.9.0.5+nobinonly-0ubuntu0.8.10.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "abrowser / abrowser-3.0-branding / firefox / firefox-3.0 / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_MOZILLAFIREFOX-081218.NASL
    descriptionThe Mozilla Firefox browser was updated to version 3.0.5, fixing various security issues and stability problems. The following security issues were fixed : MFSA 2008-69 / CVE-2008-5513: Mozilla security researcher moz_bug_r_a4 reported vulnerabilities in the session-restore feature by which content could be injected into an incorrect document storage location, including storage locations for other domains. An attacker could utilize these issues to violate the browser
    last seen2020-06-01
    modified2020-06-02
    plugin id39885
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39885
    titleopenSUSE Security Update : MozillaFirefox (MozillaFirefox-381)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update MozillaFirefox-381.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(39885);
      script_version("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:31");
    
      script_cve_id("CVE-2008-5500", "CVE-2008-5501", "CVE-2008-5502", "CVE-2008-5505", "CVE-2008-5506", "CVE-2008-5507", "CVE-2008-5508", "CVE-2008-5510", "CVE-2008-5511", "CVE-2008-5512", "CVE-2008-5513");
    
      script_name(english:"openSUSE Security Update : MozillaFirefox (MozillaFirefox-381)");
      script_summary(english:"Check for the MozillaFirefox-381 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Mozilla Firefox browser was updated to version 3.0.5, fixing
    various security issues and stability problems.
    
    The following security issues were fixed :
    
    MFSA 2008-69 / CVE-2008-5513: Mozilla security researcher moz_bug_r_a4
    reported vulnerabilities in the session-restore feature by which
    content could be injected into an incorrect document storage location,
    including storage locations for other domains. An attacker could
    utilize these issues to violate the browser's same-origin policy and
    perform an XSS attack while SessionStore data is being restored.
    moz_bug_r_a4 also reported that one variant could be used by an
    attacker to run arbitrary JavaScript with chrome privileges.
    
    MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security
    researcher moz_bug_r_a4 reported that an XBL binding, when attached to
    an unloaded document, can be used to violate the same-origin policy
    and execute arbitrary JavaScript within the context of a different
    website. moz_bug_r_a4 also reported two vulnerabilities by which page
    content can pollute XPCNativeWrappers and run arbitary JavaScript with
    chrome priviliges. Thunderbird shares the browser engine with Firefox
    and could be vulnerable if JavaScript were to be enabled in mail. This
    is not the default setting and we strongly discourage users from
    running JavaScript in mail. Workaround Disable JavaScript until a
    version containing these fixes can be installed.
    
    MFSA 2008-67 / CVE-2008-5510: Kojima Hajime reported that unlike
    literal null characters which were handled correctly, the escaped form
    '\0' was ignored by the CSS parser and treated as if it was not
    present in the CSS input string. This issue could potentially be used
    to bypass script sanitization routines in web applications. The
    severity of this issue was determined to be low.
    
    MFSA 2008-66 / CVE-2008-5508: Perl developer Chip Salzenberg reported
    that certain control characters, when placed at the beginning of a
    URL, would lead to incorrect parsing resulting in a malformed URL
    being output by the parser. IBM researchers Justin Schuh, Tom Cross,
    and Peter William also reported a related symptom as part of their
    research that resulted in MFSA 2008-37. There was no direct security
    impact from this issue and its effect was limited to the improper
    rendering of hyperlinks containing specific characters. The severity
    of this issue was determined to be low.
    
    MFSA 2008-65 / CVE-2008-5507: Google security researcher Chris Evans
    reported that a website could access a limited amount of data from a
    different domain by loading a same-domain JavaScript URL which
    redirects to an off-domain target resource containing data which is
    not parsable as JavaScript. Upon attempting to load the data as
    JavaScript a syntax error is generated that can reveal some of the
    file context via the window.onerror DOM API. This issue could be used
    by a malicious website to steal private data from users who are
    authenticated on the redirected website. How much data could be at
    risk would depend on the format of the data and how the JavaScript
    parser attempts to interpret it. For most files the amount of data
    that can be recovered would be limited to the first word or two. Some
    data files might allow deeper probing with repeated loads. Thunderbird
    shares the browser engine with Firefox and could be vulnerable if
    JavaScript were to be enabled in mail. This is not the default setting
    and we strongly discourage users from running JavaScript in mail.
    Workaround Disable JavaScript until a version containing these fixes
    can be installed.
    
    MFSA 2008-64 / CVE-2008-5506: Marius Schilder of Google Security
    reported that when a XMLHttpRequest is made to a same-origin resource
    which 302 redirects to a resource in a different domain, the response
    from the cross-domain resource is readable by the site issuing the
    XHR. Cookies marked HttpOnly were not readable, but other potentially
    sensitive data could be revealed in the XHR response including URL
    parameters and content in the response body. Thunderbird shares the
    browser engine with Firefox and could be vulnerable if JavaScript were
    to be enabled in mail. This is not the default setting and we strongly
    discourage users from running JavaScript in mail. Workaround Disable
    JavaScript until a version containing these fixes can be installed.
    
    MFSA 2008-63 / CVE-2008-5505: Security researcher Hish reported that
    the persist attribute in XUL elements can be used to store cookie-like
    information on a user's computer which could later be read by a
    website. This creates a privacy issue for users who have a
    non-standard cookie preference and wish to prevent sites from setting
    cookies on their machine. Even with cookies turned off, this issue
    could be used by a website to write persistent data in a user's
    browser and track the user across browsing sessions. Additionally,
    this issue could allow a website to bypass the limits normally placed
    on cookie size and number.
    
    MFSA 2008-60 / CVE-2008-5502 / CVE-2008-5501 / CVE-2008-5500: Mozilla
    developers identified and fixed several stability bugs in the browser
    engine used in Firefox and other Mozilla-based products. Some of these
    crashes showed evidence of memory corruption under certain
    circumstances and we presume that with enough effort at least some of
    these could be exploited to run arbitrary code. Thunderbird shares the
    browser engine with Firefox and could be vulnerable if JavaScript were
    to be enabled in mail. This is not the default setting and we strongly
    discourage users from running JavaScript in mail. Without further
    investigation we cannot rule out the possibility that for some of
    these an attacker might be able to prepare memory for exploitation
    through some means other than JavaScript such as large images.
    Workaround Disable JavaScript until a version containing these fixes
    can be installed."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=455804"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected MozillaFirefox packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(20, 79, 200, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/12/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.0", reference:"MozillaFirefox-3.0.5-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"MozillaFirefox-translations-3.0.5-0.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-11551.NASL
    descriptionUpdate to the new upstream Firefox release 2.0.0.19 fixing multiple security issues: http://www.mozilla.org/security/known- vulnerabilities/firefox20.html#firefox2.0.0.19 This update also contains new builds of all applications depending on Gecko libraries, built against the new version. Note: after the updated packages are installed, Firefox must be restarted for the update to take effect. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id35233
    published2008-12-21
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35233
    titleFedora 8 : Miro-1.2.7-3.fc8 / blam-1.8.3-20.fc8 / cairo-dock-1.6.3.1-1.fc8.2 / chmsee-1.0.0-6.31.fc8 / etc (2008-11551)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-11511.NASL
    descriptionUpdate to the new upstream Firefox 3.0.5 / XULRunner 1.9.0.5 fixing multiple security issues: http://www.mozilla.org/security/known- vulnerabilities/firefox30.html#firefox3.0.5 This update also contains new builds of all applications depending on Gecko libraries, built against new version. Note: after the updated packages are installed, Firefox must be restarted for the update to take effect. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37149
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37149
    titleFedora 10 : Miro-1.2.7-3.fc10 / blam-1.8.5-5.fc10 / devhelp-0.22-2.fc10 / epiphany-2.24.1-3.fc10 / etc (2008-11511)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-690-2.NASL
    descriptionSeveral flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. (CVE-2008-5500) Boris Zbarsky discovered that the same-origin check in Firefox could be bypassed by utilizing XBL-bindings. An attacker could exploit this to read data from other domains. (CVE-2008-5503) Several problems were discovered in the JavaScript engine. An attacker could exploit feed preview vulnerabilities to execute scripts from page content with chrome privileges. (CVE-2008-5504) Marius Schilder discovered that Firefox did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. It
    last seen2020-06-01
    modified2020-06-02
    plugin id36225
    published2009-04-23
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36225
    titleUbuntu 7.10 : firefox vulnerabilities (USN-690-2)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-1036.NASL
    descriptionAn updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-5506, CVE-2008-5507) A flaw was found in the way Firefox stored attributes in XML User Interface Language (XUL) elements. A website could use this flaw to track users across browser sessions, even if users did not allow the site to store cookies in the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id43721
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43721
    titleCentOS 4 / 5 : firefox (CESA-2008:1036)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1707.NASL
    descriptionSeveral remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. (MFSA 2008-60) - CVE-2008-5503 Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. (MFSA 2008-61) - CVE-2008-5504 It was discovered that attackers could run arbitrary JavaScript with chrome privileges via vectors related to the feed preview. (MFSA 2008-62) - CVE-2008-5506 Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. (MFSA 2008-64) - CVE-2008-5507 Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. (MFSA 2008-65) - CVE-2008-5508 Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. (MFSA 2008-66) - CVE-2008-5510 Kojima Hajime and Jun Muto discovered that escaped null characters were ignored by the CSS parser and could lead to the bypass of protection mechanisms (MFSA 2008-67) - CVE-2008-5511 It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an
    last seen2020-06-01
    modified2020-06-02
    plugin id35384
    published2009-01-16
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35384
    titleDebian DSA-1707-1 : iceweasel - several vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20081216_SEAMONKEY_ON_SL3_X.NASL
    descriptionSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5504, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-5503, CVE-2008-5506, CVE-2008-5507) A flaw was found in the way malformed URLs were processed by SeaMonkey. This flaw could prevent various URL sanitization mechanisms from properly parsing a malicious URL. (CVE-2008-5508) Note: after the errata packages are installed, SeaMonkey must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id60509
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60509
    titleScientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090107_THUNDERBIRD_ON_SL4_X.NASL
    descriptionSeveral flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513) Several flaws were found in the way malformed content was processed. An HTML mail message containing specially crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2008-5503, CVE-2008-5506, CVE-2008-5507) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. A flaw was found in the way malformed URLs were processed by Thunderbird. This flaw could prevent various URL sanitization mechanisms from properly parsing a malicious URL. (CVE-2008-5508) All running instances of Thunderbird must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id60514
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60514
    titleScientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-1037.NASL
    descriptionUpdated SeaMonkey packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3, and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5504, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-5503, CVE-2008-5506, CVE-2008-5507) A flaw was found in the way malformed URLs were processed by SeaMonkey. This flaw could prevent various URL sanitization mechanisms from properly parsing a malicious URL. (CVE-2008-5508) Note: after the errata packages are installed, SeaMonkey must be restarted for the update to take effect. All SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id35192
    published2008-12-17
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35192
    titleRHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:1037)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-1037.NASL
    descriptionUpdated SeaMonkey packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3, and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5504, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-5503, CVE-2008-5506, CVE-2008-5507) A flaw was found in the way malformed URLs were processed by SeaMonkey. This flaw could prevent various URL sanitization mechanisms from properly parsing a malicious URL. (CVE-2008-5508) Note: after the errata packages are installed, SeaMonkey must be restarted for the update to take effect. All SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id35187
    published2008-12-17
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35187
    titleCentOS 3 / 4 : seamonkey (CESA-2008:1037)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_20019.NASL
    descriptionThe installed version of Firefox is earlier than 2.0.0.19. Such versions are potentially affected by the following security issues : - There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption. (MFSA 2008-60) - XBL bindings can be used to read data from other domains. (MFSA 2008-61) - The feed preview still allows for JavaScript privilege escalation. (MFSA 2008-62) - Sensitive data may be disclosed in an XHR response when an XMLHttpRequest is made to a same-origin resource, which 302 redirects to a resource in a different domain. (MFSA 2008-64) - A website may be able to access a limited amount of data from a different domain by loading a same-domain JavaScript URL which redirects to an off-domain target resource containing data which is not parsable as JavaScript. (MFSA 2008-65) - Errors arise when parsing URLs with leading whitespace and control characters. (MFSA 2008-66) - An escaped null byte is ignored by the CSS parser and treated as if it was not present in the CSS input string. (MFSA 2008-67) - Cross-site scripting and JavaScript privilege escalation are possible. (MFSA 2008-68) - Cross-site scripting vulnerabilities in SessionStore may allow for violating the browser
    last seen2020-06-01
    modified2020-06-02
    plugin id35218
    published2008-12-17
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35218
    titleFirefox < 2.0.0.19 / 3.0.5 Multiple Vulnerabilities
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_305.NASL
    descriptionThe installed version of Firefox 3.0 is earlier than 3.0.5. Such versions are potentially affected by the following security issues : - There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption. (MFSA 2008-60) - The
    last seen2020-06-01
    modified2020-06-02
    plugin id35219
    published2008-12-17
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35219
    titleFirefox 3.0.x < 3.0.5 Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-1036.NASL
    descriptionAn updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-5506, CVE-2008-5507) A flaw was found in the way Firefox stored attributes in XML User Interface Language (XUL) elements. A website could use this flaw to track users across browser sessions, even if users did not allow the site to store cookies in the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id35191
    published2008-12-17
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35191
    titleRHEL 4 / 5 : firefox (RHSA-2008:1036)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-0002.NASL
    descriptionUpdated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513) Several flaws were found in the way malformed content was processed. An HTML mail message containing specially crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2008-5503, CVE-2008-5506, CVE-2008-5507) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. A flaw was found in the way malformed URLs were processed by Thunderbird. This flaw could prevent various URL sanitization mechanisms from properly parsing a malicious URL. (CVE-2008-5508) All Thunderbird users should upgrade to these updated packages, which resolve these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id43722
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43722
    titleCentOS 4 / 5 : thunderbird (CESA-2009:0002)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-0002.NASL
    descriptionFrom Red Hat Security Advisory 2009:0002 : Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513) Several flaws were found in the way malformed content was processed. An HTML mail message containing specially crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2008-5503, CVE-2008-5506, CVE-2008-5507) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. A flaw was found in the way malformed URLs were processed by Thunderbird. This flaw could prevent various URL sanitization mechanisms from properly parsing a malicious URL. (CVE-2008-5508) All Thunderbird users should upgrade to these updated packages, which resolve these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id67781
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67781
    titleOracle Linux 4 : thunderbird (ELSA-2009-0002)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-5890.NASL
    descriptionThe Mozilla Firefox browser was updated to version 2.0.0.19, fixing various security issues and stability problems. The following security issues were fixed : - Mozilla security researcher moz_bug_r_a4 reported vulnerabilities in the session-restore feature by which content could be injected into an incorrect document storage location, including storage locations for other domains. An attacker could utilize these issues to violate the browser
    last seen2020-06-01
    modified2020-06-02
    plugin id41466
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/41466
    titleSuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5890)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-1037.NASL
    descriptionFrom Red Hat Security Advisory 2008:1037 : Updated SeaMonkey packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3, and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5504, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-5503, CVE-2008-5506, CVE-2008-5507) A flaw was found in the way malformed URLs were processed by SeaMonkey. This flaw could prevent various URL sanitization mechanisms from properly parsing a malicious URL. (CVE-2008-5508) Note: after the errata packages are installed, SeaMonkey must be restarted for the update to take effect. All SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67778
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67778
    titleOracle Linux 3 / 4 : seamonkey (ELSA-2008-1037)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_MOZILLAFIREFOX-081218.NASL
    descriptionThe Mozilla Firefox browser was updated to version 3.0.5, fixing various security issues and stability problems. The following security issues were fixed : MFSA 2008-69 / CVE-2008-5513: Mozilla security researcher moz_bug_r_a4 reported vulnerabilities in the session-restore feature by which content could be injected into an incorrect document storage location, including storage locations for other domains. An attacker could utilize these issues to violate the browser
    last seen2020-06-01
    modified2020-06-02
    plugin id40168
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40168
    titleopenSUSE Security Update : MozillaFirefox (MozillaFirefox-381)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-245.NASL
    descriptionSecurity vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 3.x, version 3.0.5 (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5505, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513). This update provides the latest Mozilla Firefox 3.x to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36473
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36473
    titleMandriva Linux Security Advisory : firefox (MDVSA-2008:245)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201301-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id63402
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63402
    titleGLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-5885.NASL
    descriptionThe Mozilla Firefox browser was updated to version 2.0.0.19, fixing various security issues and stability problems. The following security issues were fixed : MFSA 2008-69 / CVE-2008-5513: Mozilla security researcher moz_bug_r_a4 reported vulnerabilities in the session-restore feature by which content could be injected into an incorrect document storage location, including storage locations for other domains. An attacker could utilize these issues to violate the browser
    last seen2020-06-01
    modified2020-06-02
    plugin id35303
    published2009-01-07
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35303
    titleopenSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-5885)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-11598.NASL
    descriptionUpdate to the new upstream Firefox 3.0.5 / XULRunner 1.9.0.5 fixing multiple security issues: http://www.mozilla.org/security/known- vulnerabilities/firefox30.html#firefox3.0.5 This update also contains new builds of all applications depending on Gecko libraries, built against thenew version. Note: after the updated packages are installed, Firefox must be restarted for the update to take effect. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id35238
    published2008-12-21
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35238
    titleFedora 9 : Miro-1.2.7-3.fc9 / blam-1.8.5-4.fc9.1 / cairo-dock-1.6.3.1-1.fc9.2 / chmsee-1.0.1-7.fc9 / etc (2008-11598)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-244.NASL
    descriptionSecurity vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 2.x, version 2.0.0.19 (CVE-2008-5500, CVE-2008-5503, CVE-2008-5504, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513). This update provides the latest Mozilla Firefox 2.x to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36462
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36462
    titleMandriva Linux Security Advisory : mozilla-firefox (MDVSA-2008:244)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_29F5BFC5CE0411DDA7210030843D3802.NASL
    descriptionThe Mozilla Foundation reports : MFSA 2008-69 XSS vulnerabilities in SessionStore MFSA 2008-68 XSS and JavaScript privilege escalation MFSA 2008-67 Escaped null characters ignored by CSS parser MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters MFSA 2008-65 Cross-domain data theft via script redirect error message MFSA 2008-64 XMLHttpRequest 302 response disclosure MFSA 2008-62 Additional XSS attack vectors in feed preview MFSA 2008-61 Information stealing via loadBindingDocument MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
    last seen2020-06-01
    modified2020-06-02
    plugin id35241
    published2008-12-21
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35241
    titleFreeBSD : mozilla -- multiple vulnerabilities (29f5bfc5-ce04-11dd-a721-0030843d3802)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-1036.NASL
    descriptionFrom Red Hat Security Advisory 2008:1036 : An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-5506, CVE-2008-5507) A flaw was found in the way Firefox stored attributes in XML User Interface Language (XUL) elements. A website could use this flaw to track users across browser sessions, even if users did not allow the site to store cookies in the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id67777
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67777
    titleOracle Linux 4 / 5 : firefox (ELSA-2008-1036)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-690-3.NASL
    descriptionSeveral flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. (CVE-2008-5500) Boris Zbarsky discovered that the same-origin check in Firefox could be bypassed by utilizing XBL-bindings. An attacker could exploit this to read data from other domains. (CVE-2008-5503) Marius Schilder discovered that Firefox did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. It
    last seen2020-06-01
    modified2020-06-02
    plugin id65111
    published2013-03-09
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/65111
    titleUbuntu 6.06 LTS : firefox vulnerabilities (USN-690-3)

Oval

accepted2013-04-29T04:05:14.578-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionUnspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data.
familyunix
idoval:org.mitre.oval:def:10389
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleUnspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data.
version27

Redhat

advisories
  • bugzilla
    id476289
    titleCVE-2008-5513 Firefox XSS vulnerabilities in SessionStore
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commentfirefox is earlier than 0:3.0.5-1.el4
            ovaloval:com.redhat.rhsa:tst:20081036001
          • commentfirefox is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060200002
        • AND
          • commentnss is earlier than 0:3.12.2.0-1.el4
            ovaloval:com.redhat.rhsa:tst:20081036003
          • commentnss is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20080978004
        • AND
          • commentnss-devel is earlier than 0:3.12.2.0-1.el4
            ovaloval:com.redhat.rhsa:tst:20081036005
          • commentnss-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20080978006
        • AND
          • commentnspr is earlier than 0:4.7.3-1.el4
            ovaloval:com.redhat.rhsa:tst:20081036007
          • commentnspr is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20081036008
        • AND
          • commentnspr-devel is earlier than 0:4.7.3-1.el4
            ovaloval:com.redhat.rhsa:tst:20081036009
          • commentnspr-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20081036010
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentfirefox is earlier than 0:3.0.5-1.el5_2
            ovaloval:com.redhat.rhsa:tst:20081036012
          • commentfirefox is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070097008
        • AND
          • commentxulrunner-devel is earlier than 0:1.9.0.5-1.el5_2
            ovaloval:com.redhat.rhsa:tst:20081036014
          • commentxulrunner-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20080569006
        • AND
          • commentxulrunner-devel-unstable is earlier than 0:1.9.0.5-1.el5_2
            ovaloval:com.redhat.rhsa:tst:20081036016
          • commentxulrunner-devel-unstable is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20080569002
        • AND
          • commentxulrunner is earlier than 0:1.9.0.5-1.el5_2
            ovaloval:com.redhat.rhsa:tst:20081036018
          • commentxulrunner is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20080569004
        • AND
          • commentnspr-devel is earlier than 0:4.7.3-2.el5
            ovaloval:com.redhat.rhsa:tst:20081036020
          • commentnspr-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20150925002
        • AND
          • commentnspr is earlier than 0:4.7.3-2.el5
            ovaloval:com.redhat.rhsa:tst:20081036022
          • commentnspr is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20150925004
        • AND
          • commentnss is earlier than 0:3.12.2.0-2.el5
            ovaloval:com.redhat.rhsa:tst:20081036024
          • commentnss is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20150925010
        • AND
          • commentnss-pkcs11-devel is earlier than 0:3.12.2.0-2.el5
            ovaloval:com.redhat.rhsa:tst:20081036026
          • commentnss-pkcs11-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20150925008
        • AND
          • commentnss-tools is earlier than 0:3.12.2.0-2.el5
            ovaloval:com.redhat.rhsa:tst:20081036028
          • commentnss-tools is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20150925012
        • AND
          • commentnss-devel is earlier than 0:3.12.2.0-2.el5
            ovaloval:com.redhat.rhsa:tst:20081036030
          • commentnss-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20150925006
    rhsa
    idRHSA-2008:1036
    released2008-12-16
    severityCritical
    titleRHSA-2008:1036: firefox security update (Critical)
  • bugzilla
    id476289
    titleCVE-2008-5513 Firefox XSS vulnerabilities in SessionStore
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commentseamonkey-js-debugger is earlier than 0:1.0.9-32.el4
            ovaloval:com.redhat.rhsa:tst:20081037001
          • commentseamonkey-js-debugger is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609002
        • AND
          • commentseamonkey-dom-inspector is earlier than 0:1.0.9-32.el4
            ovaloval:com.redhat.rhsa:tst:20081037003
          • commentseamonkey-dom-inspector is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609008
        • AND
          • commentseamonkey-devel is earlier than 0:1.0.9-32.el4
            ovaloval:com.redhat.rhsa:tst:20081037005
          • commentseamonkey-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609010
        • AND
          • commentseamonkey-mail is earlier than 0:1.0.9-32.el4
            ovaloval:com.redhat.rhsa:tst:20081037007
          • commentseamonkey-mail is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609012
        • AND
          • commentseamonkey is earlier than 0:1.0.9-32.el4
            ovaloval:com.redhat.rhsa:tst:20081037009
          • commentseamonkey is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609006
        • AND
          • commentseamonkey-chat is earlier than 0:1.0.9-32.el4
            ovaloval:com.redhat.rhsa:tst:20081037011
          • commentseamonkey-chat is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609004
    rhsa
    idRHSA-2008:1037
    released2008-12-16
    severityCritical
    titleRHSA-2008:1037: seamonkey security update (Critical)
  • bugzilla
    id476289
    titleCVE-2008-5513 Firefox XSS vulnerabilities in SessionStore
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • commentthunderbird is earlier than 0:1.5.0.12-18.el4
        ovaloval:com.redhat.rhsa:tst:20090002001
      • commentthunderbird is signed with Red Hat master key
        ovaloval:com.redhat.rhsa:tst:20060330002
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • commentthunderbird is earlier than 0:2.0.0.19-1.el5_2
        ovaloval:com.redhat.rhsa:tst:20090002004
      • commentthunderbird is signed with Red Hat redhatrelease key
        ovaloval:com.redhat.rhsa:tst:20070108002
    rhsa
    idRHSA-2009:0002
    released2009-01-07
    severityModerate
    titleRHSA-2009:0002: thunderbird security update (Moderate)
rpms
  • firefox-0:3.0.5-1.el4
  • firefox-0:3.0.5-1.el5_2
  • firefox-debuginfo-0:3.0.5-1.el4
  • firefox-debuginfo-0:3.0.5-1.el5_2
  • nspr-0:4.7.3-1.el4
  • nspr-0:4.7.3-2.el5
  • nspr-debuginfo-0:4.7.3-1.el4
  • nspr-debuginfo-0:4.7.3-2.el5
  • nspr-devel-0:4.7.3-1.el4
  • nspr-devel-0:4.7.3-2.el5
  • nss-0:3.12.2.0-1.el4
  • nss-0:3.12.2.0-2.el5
  • nss-debuginfo-0:3.12.2.0-1.el4
  • nss-debuginfo-0:3.12.2.0-2.el5
  • nss-devel-0:3.12.2.0-1.el4
  • nss-devel-0:3.12.2.0-2.el5
  • nss-pkcs11-devel-0:3.12.2.0-2.el5
  • nss-tools-0:3.12.2.0-2.el5
  • xulrunner-0:1.9.0.5-1.el5_2
  • xulrunner-debuginfo-0:1.9.0.5-1.el5_2
  • xulrunner-devel-0:1.9.0.5-1.el5_2
  • xulrunner-devel-unstable-0:1.9.0.5-1.el5_2
  • seamonkey-0:1.0.9-0.25.el2
  • seamonkey-0:1.0.9-0.29.el3
  • seamonkey-0:1.0.9-32.el4
  • seamonkey-chat-0:1.0.9-0.25.el2
  • seamonkey-chat-0:1.0.9-0.29.el3
  • seamonkey-chat-0:1.0.9-32.el4
  • seamonkey-debuginfo-0:1.0.9-0.29.el3
  • seamonkey-debuginfo-0:1.0.9-32.el4
  • seamonkey-devel-0:1.0.9-0.25.el2
  • seamonkey-devel-0:1.0.9-0.29.el3
  • seamonkey-devel-0:1.0.9-32.el4
  • seamonkey-dom-inspector-0:1.0.9-0.25.el2
  • seamonkey-dom-inspector-0:1.0.9-0.29.el3
  • seamonkey-dom-inspector-0:1.0.9-32.el4
  • seamonkey-js-debugger-0:1.0.9-0.25.el2
  • seamonkey-js-debugger-0:1.0.9-0.29.el3
  • seamonkey-js-debugger-0:1.0.9-32.el4
  • seamonkey-mail-0:1.0.9-0.25.el2
  • seamonkey-mail-0:1.0.9-0.29.el3
  • seamonkey-mail-0:1.0.9-32.el4
  • seamonkey-nspr-0:1.0.9-0.25.el2
  • seamonkey-nspr-0:1.0.9-0.29.el3
  • seamonkey-nspr-devel-0:1.0.9-0.25.el2
  • seamonkey-nspr-devel-0:1.0.9-0.29.el3
  • seamonkey-nss-0:1.0.9-0.25.el2
  • seamonkey-nss-0:1.0.9-0.29.el3
  • seamonkey-nss-devel-0:1.0.9-0.25.el2
  • seamonkey-nss-devel-0:1.0.9-0.29.el3
  • thunderbird-0:1.5.0.12-18.el4
  • thunderbird-0:2.0.0.19-1.el5_2
  • thunderbird-debuginfo-0:1.5.0.12-18.el4
  • thunderbird-debuginfo-0:2.0.0.19-1.el5_2