Vulnerabilities > CVE-2009-1304 - Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_1_MOZILLATHUNDERBIRD-090710.NASL description Mozilla Thunderbird was updated to the 2.0.0.22 security release. It fixes various bugs and security issues : - MFSA-2009-14/CVE-2009-1302/CVE-2009-1303/CVE-2009-1304 CVE-2009-1305 Crashes with evidence of memory corruption (rv:1.9.0.9) - MFSA 2009-17/CVE-2009-1307 (bmo#481342) Same-origin violations when Adobe Flash loaded via view-source: scheme - MFSA 2009-24/CVE-2009-1392/CVE-2009-1832/CVE-2009-1833 Crashes with evidence of memory corruption (rv:1.9.0.11) - MFSA 2009-27/CVE-2009-1836 (bmo#479880) SSL tampering via non-200 responses to proxy CONNECT requests - MFSA 2009-29/CVE-2009-1838 (bmo#489131) Arbitrary code execution using event listeners attached to an element whose owner document is null - MFSA 2009-32/CVE-2009-1841 (bmo#479560) JavaScript chrome privilege escalation - MFSA 2009-33 (bmo#495057) Crash viewing multipart/alternative message with text/enhanced part last seen 2020-06-01 modified 2020-06-02 plugin id 40176 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40176 title openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-1091) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update MozillaThunderbird-1091. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(40176); script_version("1.18"); script_cvs_date("Date: 2019/10/25 13:36:34"); script_cve_id("CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305", "CVE-2009-1307", "CVE-2009-1392", "CVE-2009-1832", "CVE-2009-1833", "CVE-2009-1836", "CVE-2009-1838", "CVE-2009-1841"); script_name(english:"openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-1091)"); script_summary(english:"Check for the MozillaThunderbird-1091 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Mozilla Thunderbird was updated to the 2.0.0.22 security release. It fixes various bugs and security issues : - MFSA-2009-14/CVE-2009-1302/CVE-2009-1303/CVE-2009-1304 CVE-2009-1305 Crashes with evidence of memory corruption (rv:1.9.0.9) - MFSA 2009-17/CVE-2009-1307 (bmo#481342) Same-origin violations when Adobe Flash loaded via view-source: scheme - MFSA 2009-24/CVE-2009-1392/CVE-2009-1832/CVE-2009-1833 Crashes with evidence of memory corruption (rv:1.9.0.11) - MFSA 2009-27/CVE-2009-1836 (bmo#479880) SSL tampering via non-200 responses to proxy CONNECT requests - MFSA 2009-29/CVE-2009-1838 (bmo#489131) Arbitrary code execution using event listeners attached to an element whose owner document is null - MFSA 2009-32/CVE-2009-1841 (bmo#479560) JavaScript chrome privilege escalation - MFSA 2009-33 (bmo#495057) Crash viewing multipart/alternative message with text/enhanced part" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=515950" ); script_set_attribute( attribute:"solution", value:"Update the affected MozillaThunderbird packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(16, 20, 94, 287, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/04/22"); script_set_attribute(attribute:"patch_publication_date", value:"2009/07/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.1", reference:"MozillaThunderbird-2.0.0.22-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"MozillaThunderbird-devel-2.0.0.22-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"MozillaThunderbird-translations-2.0.0.22-0.1.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaThunderbird"); }
NASL family SuSE Local Security Checks NASL id SUSE_11_MOZILLAFIREFOX-090427.NASL description Firefox version upgrade to 3.0.9 to fix various security bugs. (CVE-2009-1302 / CVE-2009-1303 / CVE-2009-1304 / CVE-2009-1305 / CVE-2009-1306 / CVE-2009-1307 / CVE-2009-1308 / CVE-2009-1309 / CVE-2009-1310 / CVE-2009-1311 / CVE-2009-1312 / CVE-2009-0652) last seen 2020-06-01 modified 2020-06-02 plugin id 41354 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/41354 title SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 835) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(41354); script_version("1.17"); script_cvs_date("Date: 2019/10/25 13:36:35"); script_cve_id("CVE-2009-0652", "CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305", "CVE-2009-1307", "CVE-2009-1308", "CVE-2009-1309", "CVE-2009-1311", "CVE-2009-1312"); script_name(english:"SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 835)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Firefox version upgrade to 3.0.9 to fix various security bugs. (CVE-2009-1302 / CVE-2009-1303 / CVE-2009-1304 / CVE-2009-1305 / CVE-2009-1306 / CVE-2009-1307 / CVE-2009-1308 / CVE-2009-1309 / CVE-2009-1310 / CVE-2009-1311 / CVE-2009-1312 / CVE-2009-0652)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=495473" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-0652.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1302.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1303.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1304.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1305.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1307.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1308.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1309.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1311.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1312.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 835."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(16, 20, 79, 200, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2009/04/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (pl) audit(AUDIT_OS_NOT, "SuSE 11.0"); flag = 0; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"MozillaFirefox-3.0.9-0.1.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"MozillaFirefox-translations-3.0.9-0.1.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"MozillaFirefox-3.0.9-0.1.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"MozillaFirefox-translations-3.0.9-0.1.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"MozillaFirefox-3.0.9-0.1.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"MozillaFirefox-translations-3.0.9-0.1.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2009-178-01.NASL description New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 39560 published 2009-06-28 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39560 title Slackware 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / current : mozilla-thunderbird (SSA:2009-178-01) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2009-178-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(39560); script_version("1.16"); script_cvs_date("Date: 2019/10/25 13:36:21"); script_cve_id("CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305", "CVE-2009-1307", "CVE-2009-1392", "CVE-2009-1832", "CVE-2009-1833", "CVE-2009-1836", "CVE-2009-1838", "CVE-2009-1841", "CVE-2009-2210"); script_bugtraq_id(35370, 35371, 35372, 35373, 35380, 35383, 35461); script_xref(name:"SSA", value:"2009-178-01"); script_name(english:"Slackware 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / current : mozilla-thunderbird (SSA:2009-178-01)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix security issues." ); # http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?280be806" ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bbb7a0f0" ); script_set_attribute( attribute:"solution", value:"Update the affected mozilla-thunderbird package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(16, 20, 94, 287, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:mozilla-thunderbird"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:11.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/04/22"); script_set_attribute(attribute:"patch_publication_date", value:"2009/06/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"10.2", pkgname:"mozilla-thunderbird", pkgver:"2.0.0.22", pkgarch:"i686", pkgnum:"1")) flag++; if (slackware_check(osver:"11.0", pkgname:"mozilla-thunderbird", pkgver:"2.0.0.22", pkgarch:"i686", pkgnum:"1")) flag++; if (slackware_check(osver:"12.0", pkgname:"mozilla-thunderbird", pkgver:"2.0.0.22", pkgarch:"i686", pkgnum:"1")) flag++; if (slackware_check(osver:"12.1", pkgname:"mozilla-thunderbird", pkgver:"2.0.0.22", pkgarch:"i686", pkgnum:"1")) flag++; if (slackware_check(osver:"12.2", pkgname:"mozilla-thunderbird", pkgver:"2.0.0.22", pkgarch:"i686", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"mozilla-thunderbird", pkgver:"2.0.0.22", pkgarch:"i686", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"mozilla-thunderbird", pkgver:"2.0.0.22", pkgarch:"x86_64", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-0436.NASL description From Red Hat Security Advisory 2009:0436 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305) Several flaws were found in the way malformed web content was processed. A web page containing malicious content could execute arbitrary JavaScript in the context of the site, possibly presenting misleading data to a user, or stealing sensitive information such as login credentials. (CVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1312) A flaw was found in the way Firefox saved certain web pages to a local file. If a user saved the inner frame of a web page containing POST data, the POST data could be revealed to the inner frame, possibly surrendering sensitive information such as login credentials. (CVE-2009-1311) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.9. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.9, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 67847 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67847 title Oracle Linux 4 / 5 : firefox (ELSA-2009-0436) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:0436 and # Oracle Linux Security Advisory ELSA-2009-0436 respectively. # include("compat.inc"); if (description) { script_id(67847); script_version("1.12"); script_cvs_date("Date: 2019/10/25 13:36:08"); script_cve_id("CVE-2009-0652", "CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305", "CVE-2009-1306", "CVE-2009-1307", "CVE-2009-1308", "CVE-2009-1309", "CVE-2009-1310", "CVE-2009-1311", "CVE-2009-1312"); script_xref(name:"RHSA", value:"2009:0436"); script_name(english:"Oracle Linux 4 / 5 : firefox (ELSA-2009-0436)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2009:0436 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305) Several flaws were found in the way malformed web content was processed. A web page containing malicious content could execute arbitrary JavaScript in the context of the site, possibly presenting misleading data to a user, or stealing sensitive information such as login credentials. (CVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1312) A flaw was found in the way Firefox saved certain web pages to a local file. If a user saved the inner frame of a web page containing POST data, the POST data could be revealed to the inner frame, possibly surrendering sensitive information such as login credentials. (CVE-2009-1311) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.9. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.9, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2009-April/000981.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2009-April/000983.html" ); script_set_attribute( attribute:"solution", value:"Update the affected firefox packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(16, 20, 79, 200, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:xulrunner"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:xulrunner-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:xulrunner-devel-unstable"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/02/20"); script_set_attribute(attribute:"patch_publication_date", value:"2009/04/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4 / 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL4", reference:"firefox-3.0.9-1.0.1.el4")) flag++; if (rpm_check(release:"EL5", reference:"firefox-3.0.9-1.0.1.el5")) flag++; if (rpm_check(release:"EL5", reference:"xulrunner-1.9.0.9-1.0.1.el5")) flag++; if (rpm_check(release:"EL5", reference:"xulrunner-devel-1.9.0.9-1.0.1.el5")) flag++; if (rpm_check(release:"EL5", reference:"xulrunner-devel-unstable-1.9.0.9-1.0.1.el5")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / xulrunner / xulrunner-devel / xulrunner-devel-unstable"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-764-1.NASL description Several flaws were discovered in the browser engine. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305) It was discovered that Firefox displayed certain Unicode characters which could be visually confused with punctuation in valid web addresses in the location bar. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2009-0652) Several flaws were discovered in the way Firefox processed malformed URI schemes. If a user were tricked into viewing a malicious website, a remote attacker could execute arbitrary JavaScript or steal private data. (CVE-2009-1306, CVE-2009-1307, CVE-2009-1309, CVE-2009-1310, CVE-2009-1312) Cefn Hoile discovered Firefox did not adequately protect against embedded third-party stylesheets. An attacker could exploit this to perform script injection attacks using XBL bindings. (CVE-2009-1308) Paolo Amadini discovered that Firefox would submit POST data when reloading an inner frame of a web page. If a user were tricked into viewing a malicious website, a remote attacker could steal private data. (CVE-2009-1311). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36228 published 2009-04-23 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36228 title Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-764-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-764-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(36228); script_version("1.19"); script_cvs_date("Date: 2019/10/16 10:34:22"); script_cve_id("CVE-2009-0652", "CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305", "CVE-2009-1306", "CVE-2009-1307", "CVE-2009-1308", "CVE-2009-1309", "CVE-2009-1310", "CVE-2009-1311", "CVE-2009-1312"); script_xref(name:"USN", value:"764-1"); script_name(english:"Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-764-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Several flaws were discovered in the browser engine. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305) It was discovered that Firefox displayed certain Unicode characters which could be visually confused with punctuation in valid web addresses in the location bar. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2009-0652) Several flaws were discovered in the way Firefox processed malformed URI schemes. If a user were tricked into viewing a malicious website, a remote attacker could execute arbitrary JavaScript or steal private data. (CVE-2009-1306, CVE-2009-1307, CVE-2009-1309, CVE-2009-1310, CVE-2009-1312) Cefn Hoile discovered Firefox did not adequately protect against embedded third-party stylesheets. An attacker could exploit this to perform script injection attacks using XBL bindings. (CVE-2009-1308) Paolo Amadini discovered that Firefox would submit POST data when reloading an inner frame of a web page. If a user were tricked into viewing a malicious website, a remote attacker could steal private data. (CVE-2009-1311). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/764-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(16, 20, 79, 200, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0-branding"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-branding"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-gnome-support"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-venkman"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-gnome-support"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-libthai"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-gnome-support"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-venkman"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-gnome-support"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-venkman"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-dev"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04"); script_set_attribute(attribute:"patch_publication_date", value:"2009/04/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(8\.04|8\.10|9\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 8.10 / 9.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"8.04", pkgname:"firefox", pkgver:"3.0.9+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-3.0", pkgver:"3.0.9+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-3.0-dev", pkgver:"3.0.9+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-3.0-dom-inspector", pkgver:"3.0.9+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-3.0-gnome-support", pkgver:"3.0.9+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-3.0-venkman", pkgver:"3.0.9+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-dev", pkgver:"3.0.9+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-dom-inspector", pkgver:"3.0.9+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-gnome-support", pkgver:"3.0.9+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-granparadiso", pkgver:"3.0.9+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-granparadiso-dev", pkgver:"3.0.9+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-granparadiso-dom-inspector", pkgver:"3.0.9+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-granparadiso-gnome-support", pkgver:"3.0.9+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-libthai", pkgver:"3.0.9+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-trunk", pkgver:"3.0.9+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-trunk-dev", pkgver:"3.0.9+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-trunk-dom-inspector", pkgver:"3.0.9+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-trunk-gnome-support", pkgver:"3.0.9+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-trunk-venkman", pkgver:"3.0.9+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9", pkgver:"1.9.0.9+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9-dev", pkgver:"1.9.0.9+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9-dom-inspector", pkgver:"1.9.0.9+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9-gnome-support", pkgver:"1.9.0.9+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9-venkman", pkgver:"1.9.0.9+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"abrowser", pkgver:"3.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"abrowser-3.0-branding", pkgver:"3.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"firefox", pkgver:"3.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"firefox-3.0", pkgver:"3.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"firefox-3.0-branding", pkgver:"3.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"firefox-3.0-dev", pkgver:"3.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"firefox-3.0-dom-inspector", pkgver:"3.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"firefox-3.0-gnome-support", pkgver:"3.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"firefox-3.0-venkman", pkgver:"3.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"firefox-dev", pkgver:"3.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"firefox-dom-inspector", pkgver:"3.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"firefox-gnome-support", pkgver:"3.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"firefox-granparadiso", pkgver:"3.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"firefox-granparadiso-dev", pkgver:"3.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"firefox-granparadiso-dom-inspector", pkgver:"3.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"firefox-granparadiso-gnome-support", pkgver:"3.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"firefox-libthai", pkgver:"3.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"firefox-trunk", pkgver:"3.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"firefox-trunk-dev", pkgver:"3.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"firefox-trunk-dom-inspector", pkgver:"3.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"firefox-trunk-gnome-support", pkgver:"3.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"firefox-trunk-venkman", pkgver:"3.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"xulrunner-1.9", pkgver:"1.9.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"xulrunner-1.9-dev", pkgver:"1.9.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"xulrunner-1.9-dom-inspector", pkgver:"1.9.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"xulrunner-1.9-gnome-support", pkgver:"1.9.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"xulrunner-1.9-venkman", pkgver:"1.9.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"xulrunner-dev", pkgver:"1.9.0.9+nobinonly-0ubuntu0.8.10.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"abrowser", pkgver:"3.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"abrowser-3.0-branding", pkgver:"3.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox", pkgver:"3.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-3.0", pkgver:"3.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-3.0-branding", pkgver:"3.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-3.0-dev", pkgver:"3.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-3.0-dom-inspector", pkgver:"3.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-3.0-gnome-support", pkgver:"3.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-3.0-venkman", pkgver:"3.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-dev", pkgver:"3.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-dom-inspector", pkgver:"3.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-gnome-support", pkgver:"3.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-granparadiso", pkgver:"3.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-granparadiso-dev", pkgver:"3.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-granparadiso-dom-inspector", pkgver:"3.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-granparadiso-gnome-support", pkgver:"3.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-libthai", pkgver:"3.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-trunk", pkgver:"3.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-trunk-dev", pkgver:"3.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-trunk-dom-inspector", pkgver:"3.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-trunk-gnome-support", pkgver:"3.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-trunk-venkman", pkgver:"3.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"xulrunner-1.9", pkgver:"1.9.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"xulrunner-1.9-dev", pkgver:"1.9.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"xulrunner-1.9-dom-inspector", pkgver:"1.9.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"xulrunner-1.9-gnome-support", pkgver:"1.9.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"xulrunner-1.9-venkman", pkgver:"1.9.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"xulrunner-dev", pkgver:"1.9.0.9+nobinonly-0ubuntu0.9.04.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "abrowser / abrowser-3.0-branding / firefox / firefox-3.0 / etc"); }
NASL family SuSE Local Security Checks NASL id SUSE_11_MOZILLA-XULRUNNER190-090427.NASL description Firefox version upgrade to 3.0.9 to fix various security bugs. (CVE-2009-1302 / CVE-2009-1303 / CVE-2009-1304 / CVE-2009-1305,CVE -2009-1306,CVE-2009-1307 / CVE-2009-1308 / CVE-2009-1309,CVE-200 9-1310,CVE-2009-1311 / CVE-2009-1312 / CVE-2009-0652) last seen 2020-06-01 modified 2020-06-02 plugin id 41437 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/41437 title SuSE 11 Security Update : Mozilla (SAT Patch Number 834) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(41437); script_version("1.17"); script_cvs_date("Date: 2019/10/25 13:36:35"); script_cve_id("CVE-2009-0652", "CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305", "CVE-2009-1307", "CVE-2009-1308", "CVE-2009-1309", "CVE-2009-1311", "CVE-2009-1312"); script_name(english:"SuSE 11 Security Update : Mozilla (SAT Patch Number 834)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Firefox version upgrade to 3.0.9 to fix various security bugs. (CVE-2009-1302 / CVE-2009-1303 / CVE-2009-1304 / CVE-2009-1305,CVE -2009-1306,CVE-2009-1307 / CVE-2009-1308 / CVE-2009-1309,CVE-200 9-1310,CVE-2009-1311 / CVE-2009-1312 / CVE-2009-0652)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=495473" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-0652.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1302.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1303.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1304.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1305.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1307.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1308.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1309.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1311.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1312.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 834."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(16, 20, 79, 200, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2009/04/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (pl) audit(AUDIT_OS_NOT, "SuSE 11.0"); flag = 0; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner190-1.9.0.9-0.1.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner190-gnomevfs-1.9.0.9-0.1.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner190-translations-1.9.0.9-0.1.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner190-1.9.0.9-0.1.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner190-32bit-1.9.0.9-0.1.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner190-gnomevfs-1.9.0.9-0.1.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.9-0.1.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner190-translations-1.9.0.9-0.1.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner190-translations-32bit-1.9.0.9-0.1.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner190-1.9.0.9-0.1.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner190-gnomevfs-1.9.0.9-0.1.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner190-translations-1.9.0.9-0.1.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"mozilla-xulrunner190-32bit-1.9.0.9-0.1.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner190-32bit-1.9.0.9-0.1.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2009-3875.NASL description http://www.mozilla.org/security/known- vulnerabilities/firefox30.html#firefox3.0.9 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37309 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37309 title Fedora 9 : Miro-2.0.3-3.fc9 / blam-1.8.5-8.fc9.1 / chmsee-1.0.1-11.fc9 / devhelp-0.19.1-11.fc9 / etc (2009-3875) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2009-3875. # include("compat.inc"); if (description) { script_id(37309); script_version ("1.23"); script_cvs_date("Date: 2019/10/16 10:34:21"); script_cve_id("CVE-2009-0652", "CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305", "CVE-2009-1306", "CVE-2009-1307", "CVE-2009-1308", "CVE-2009-1309", "CVE-2009-1310", "CVE-2009-1311", "CVE-2009-1312"); script_xref(name:"FEDORA", value:"2009-3875"); script_name(english:"Fedora 9 : Miro-2.0.3-3.fc9 / blam-1.8.5-8.fc9.1 / chmsee-1.0.1-11.fc9 / devhelp-0.19.1-11.fc9 / etc (2009-3875)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "http://www.mozilla.org/security/known- vulnerabilities/firefox30.html#firefox3.0.9 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://www.mozilla.org/security/known- script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/known-" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=486704" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=496252" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=496253" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=496255" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=496256" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=496262" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=496263" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=496266" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=496267" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=496270" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=496271" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=496274" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022628.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9aa2b83d" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022629.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6aaaa992" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022630.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?57ba0cab" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022631.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c452f848" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022632.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ed2bc550" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022633.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?de5ae17b" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022634.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9160c89c" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022635.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5a5e1487" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022636.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c51bc107" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022637.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5294cc4d" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022638.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?76e1bd03" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022639.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?746611a6" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022640.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ce5dd47a" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022641.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?59a05df6" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022642.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ee681e20" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022643.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1979407f" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022644.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?30f035ab" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022645.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?20bd9531" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022646.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f2e57fc3" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022647.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?95acaffc" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(16, 20, 79, 200, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:Miro"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:blam"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:chmsee"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:devhelp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:epiphany"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:epiphany-extensions"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:evolution-rss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:galeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnome-web-photo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:google-gadgets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gtkmozembedmm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kazehakase"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mozvoikko"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mugshot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-gnome2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:totem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xulrunner"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:yelp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:9"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/02/20"); script_set_attribute(attribute:"patch_publication_date", value:"2009/04/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 9.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC9", reference:"Miro-2.0.3-3.fc9")) flag++; if (rpm_check(release:"FC9", reference:"blam-1.8.5-8.fc9.1")) flag++; if (rpm_check(release:"FC9", reference:"chmsee-1.0.1-11.fc9")) flag++; if (rpm_check(release:"FC9", reference:"devhelp-0.19.1-11.fc9")) flag++; if (rpm_check(release:"FC9", reference:"epiphany-2.22.2-10.fc9")) flag++; if (rpm_check(release:"FC9", reference:"epiphany-extensions-2.22.1-10.fc9")) flag++; if (rpm_check(release:"FC9", reference:"evolution-rss-0.1.0-10.fc9")) flag++; if (rpm_check(release:"FC9", reference:"firefox-3.0.9-1.fc9")) flag++; if (rpm_check(release:"FC9", reference:"galeon-2.0.7-9.fc9")) flag++; if (rpm_check(release:"FC9", reference:"gnome-python2-extras-2.19.1-26.fc9")) flag++; if (rpm_check(release:"FC9", reference:"gnome-web-photo-0.3-20.fc9")) flag++; if (rpm_check(release:"FC9", reference:"google-gadgets-0.10.5-5.fc9")) flag++; if (rpm_check(release:"FC9", reference:"gtkmozembedmm-1.4.2.cvs20060817-28.fc9")) flag++; if (rpm_check(release:"FC9", reference:"kazehakase-0.5.6-4.fc9.1")) flag++; if (rpm_check(release:"FC9", reference:"mozvoikko-0.9.5-9.fc9")) flag++; if (rpm_check(release:"FC9", reference:"mugshot-1.2.2-8.fc9")) flag++; if (rpm_check(release:"FC9", reference:"ruby-gnome2-0.17.0-8.fc9")) flag++; if (rpm_check(release:"FC9", reference:"totem-2.23.2-14.fc9")) flag++; if (rpm_check(release:"FC9", reference:"xulrunner-1.9.0.9-1.fc9")) flag++; if (rpm_check(release:"FC9", reference:"yelp-2.22.1-11.fc9")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Miro / blam / chmsee / devhelp / epiphany / epiphany-extensions / etc"); }
NASL family SuSE Local Security Checks NASL id SUSE_11_1_MOZILLAFIREFOX-090427.NASL description Firefox version upgrade to 3.0.9 to fix various security bugs. (CVE-2009-1302,CVE-2009-1303,CVE-2009-1304,CVE-2009-1305,CVE -2009-1306,CVE-2009-1307,CVE-2009-1308,CVE-2009-1309,CVE-200 9-1310,CVE-2009-1311,CVE-2009-1312,CVE-2009-0652) last seen 2020-06-01 modified 2020-06-02 plugin id 40172 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40172 title openSUSE Security Update : MozillaFirefox (MozillaFirefox-833) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update MozillaFirefox-833. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(40172); script_version("1.18"); script_cvs_date("Date: 2019/10/25 13:36:34"); script_cve_id("CVE-2009-0652", "CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305", "CVE-2009-1307", "CVE-2009-1308", "CVE-2009-1309", "CVE-2009-1311", "CVE-2009-1312"); script_name(english:"openSUSE Security Update : MozillaFirefox (MozillaFirefox-833)"); script_summary(english:"Check for the MozillaFirefox-833 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Firefox version upgrade to 3.0.9 to fix various security bugs. (CVE-2009-1302,CVE-2009-1303,CVE-2009-1304,CVE-2009-1305,CVE -2009-1306,CVE-2009-1307,CVE-2009-1308,CVE-2009-1309,CVE-200 9-1310,CVE-2009-1311,CVE-2009-1312,CVE-2009-0652)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=495473" ); script_set_attribute( attribute:"solution", value:"Update the affected MozillaFirefox packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(16, 20, 79, 200, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/02/20"); script_set_attribute(attribute:"patch_publication_date", value:"2009/04/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.1", reference:"MozillaFirefox-3.0.9-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"MozillaFirefox-branding-upstream-3.0.9-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"MozillaFirefox-translations-3.0.9-0.1.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-upstream / etc"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2009-3893.NASL description http://www.mozilla.org/security/known- vulnerabilities/firefox30.html#firefox3.0.9 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 38160 published 2009-04-27 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38160 title Fedora 10 : Miro-2.0.3-3.fc10 / blam-1.8.5-9.fc10 / devhelp-0.22-7.fc10 / epiphany-2.24.3-5.fc10 / etc (2009-3893) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-0436.NASL description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305) Several flaws were found in the way malformed web content was processed. A web page containing malicious content could execute arbitrary JavaScript in the context of the site, possibly presenting misleading data to a user, or stealing sensitive information such as login credentials. (CVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1312) A flaw was found in the way Firefox saved certain web pages to a local file. If a user saved the inner frame of a web page containing POST data, the POST data could be revealed to the inner frame, possibly surrendering sensitive information such as login credentials. (CVE-2009-1311) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.9. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.9, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 36213 published 2009-04-22 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36213 title RHEL 4 / 5 : firefox (RHSA-2009:0436) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_3B18E2372F1511DE96720030843D3802.NASL description Mozilla Foundation reports : MFSA 2009-22: Firefox allows Refresh header to redirect to javascript: URIs MFSA 2009-21: POST data sent to wrong site when saving web page with embedded frame MFSA 2009-20: Malicious search plugins can inject code into arbitrary sites MFSA 2009-19: Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString MFSA 2009-18: XSS hazard using third-party stylesheets and XBL bindings MFSA 2009-17: Same-origin violations when Adobe Flash loaded via view-source: scheme MFSA 2009-16: jar: scheme ignores the content-disposition: header on the inner URI MFSA 2009-15: URL spoofing with box drawing character MFSA 2009-14 Crashes with evidence of memory corruption (rv:1.9.0.9) last seen 2020-06-01 modified 2020-06-02 plugin id 36212 published 2009-04-22 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36212 title FreeBSD : mozilla -- multiple vulnerabilities (3b18e237-2f15-11de-9672-0030843d3802) NASL family Scientific Linux Local Security Checks NASL id SL_20090421_FIREFOX_ON_SL4_X.NASL description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305) Several flaws were found in the way malformed web content was processed. A web page containing malicious content could execute arbitrary JavaScript in the context of the site, possibly presenting misleading data to a user, or stealing sensitive information such as login credentials. (CVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1312) A flaw was found in the way Firefox saved certain web pages to a local file. If a user saved the inner frame of a web page containing POST data, the POST data could be revealed to the inner frame, possibly surrendering sensitive information such as login credentials. (CVE-2009-1311) After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60572 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60572 title Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64 NASL family Windows NASL id SEAMONKEY_1116.NASL description The installed version of SeaMonkey is earlier than 1.1.16. Such versions are potentially affected by the following security issues : - An XSL transformation vulnerability can be leveraged with a specially crafted stylesheet to crash the browser or to execute arbitrary code. (MFSA 2009-12) - Multiple remote memory corruption vulnerabilities exist which can be exploited to execute arbitrary code in the context of the user running the affected application. (MFSA 2009-14) last seen 2020-06-01 modified 2020-06-02 plugin id 36130 published 2009-04-10 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36130 title SeaMonkey < 1.1.16 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_MOZILLATHUNDERBIRD-6347.NASL description Mozilla Thunderbird was updated to the 2.0.0.22 security release. It fixes various bugs and security issues : - MFSA-2009-14/CVE-2009-1302/CVE-2009-1303/CVE-2009-1304 CVE-2009-1305 Crashes with evidence of memory corruption (rv:1.9.0.9) - MFSA 2009-17/CVE-2009-1307 (bmo#481342) Same-origin violations when Adobe Flash loaded via view-source: scheme - MFSA 2009-24/CVE-2009-1392/CVE-2009-1832/CVE-2009-1833 Crashes with evidence of memory corruption (rv:1.9.0.11) - MFSA 2009-27/CVE-2009-1836 (bmo#479880) SSL tampering via non-200 responses to proxy CONNECT requests - MFSA 2009-29/CVE-2009-1838 (bmo#489131) Arbitrary code execution using event listeners attached to an element whose owner document is null - MFSA 2009-32/CVE-2009-1841 (bmo#479560) JavaScript chrome privilege escalation - MFSA 2009-33 (bmo#495057) Crash viewing multipart/alternative message with text/enhanced part last seen 2020-06-01 modified 2020-06-02 plugin id 41985 published 2009-10-06 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/41985 title openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-6347) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-111.NASL description Security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Firefox 3.x, version 3.0.10. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1311, CVE-2009-1312, CVE-2009-1313) This update provides the latest Mozilla Firefox 3.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates. Update : The recent Mozilla Firefox update missed the Firefox language packs for Mandriva Linux 2009. This update provides them, fixing the issue. last seen 2020-06-01 modified 2020-06-02 plugin id 38853 published 2009-05-13 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38853 title Mandriva Linux Security Advisory : firefox (MDVSA-2009:111-1) NASL family Windows NASL id MOZILLA_FIREFOX_309.NASL description The installed version of Firefox is earlier than 3.0.9. Such versions are potentially affected by the following security issues : - Multiple remote memory corruption vulnerabilities exist that can be exploited to execute arbitrary code in the context of the user running the affected application. (MFSA 2009-14) - A flaw may exist where Unicode box drawing characters are allowed in Internationalized Domain Names where they could be visually confused with punctuation used in valid web addresses. An attacker can leverage this to launch a phishing-type scam against a victim. (MFSA 2009-15) - A vulnerability exists when the last seen 2020-06-01 modified 2020-06-02 plugin id 36215 published 2009-04-22 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36215 title Firefox < 3.0.9 Multiple Vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-141.NASL description A number of security vulnerabilities have been discovered for Mozilla Thunderbird version 2.0.0.21 (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-2210, CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1838, CVE-2009-1836, CVE-2009-1840, CVE-2009-1841). This update provides the latest Thunderbird to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 39581 published 2009-06-28 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39581 title Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2009:141) NASL family Windows NASL id MOZILLA_THUNDERBIRD_20022.NASL description The installed version of Thunderbird is earlier than 2.0.0.22. Such versions are potentially affected by the following security issues : - Multiple memory corruption vulnerabilities could potentially be exploited to execute arbitrary code provided JavaScript is enabled in mail. (MFSA 2009-14) - When an Adobe Flash file is loaded via the last seen 2020-06-01 modified 2020-06-02 plugin id 39493 published 2009-06-23 reporter This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39493 title Mozilla Thunderbird < 2.0.0.22 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_0_MOZILLATHUNDERBIRD-090710.NASL description Mozilla Thunderbird was updated to the 2.0.0.22 security release. It fixes various bugs and security issues : - MFSA-2009-14/CVE-2009-1302/CVE-2009-1303/CVE-2009-1304 CVE-2009-1305 Crashes with evidence of memory corruption (rv:1.9.0.9) - MFSA 2009-17/CVE-2009-1307 (bmo#481342) Same-origin violations when Adobe Flash loaded via view-source: scheme - MFSA 2009-24/CVE-2009-1392/CVE-2009-1832/CVE-2009-1833 Crashes with evidence of memory corruption (rv:1.9.0.11) - MFSA 2009-27/CVE-2009-1836 (bmo#479880) SSL tampering via non-200 responses to proxy CONNECT requests - MFSA 2009-29/CVE-2009-1838 (bmo#489131) Arbitrary code execution using event listeners attached to an element whose owner document is null - MFSA 2009-32/CVE-2009-1841 (bmo#479560) JavaScript chrome privilege escalation - MFSA 2009-33 (bmo#495057) Crash viewing multipart/alternative message with text/enhanced part last seen 2020-06-01 modified 2020-06-02 plugin id 39896 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39896 title openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-1091) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201301-01.NASL description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 63402 published 2013-01-08 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63402 title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1797.NASL description Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0652 Moxie Marlinspike discovered that Unicode box drawing characters inside of internationalised domain names could be used for phishing attacks. - CVE-2009-1302 Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman and Gary Kwong reported crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2009-1303 Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman and Gary Kwong reported crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2009-1304 Igor Bukanov and Bob Clary discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. - CVE-2009-1305 Igor Bukanov and Bob Clary discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. - CVE-2009-1306 Daniel Veditz discovered that the Content-Disposition: header is ignored within the jar: URI scheme. - CVE-2009-1307 Gregory Fleischer discovered that the same-origin policy for Flash files is inproperly enforced for files loaded through the view-source scheme, which may result in bypass of cross-domain policy restrictions. - CVE-2009-1308 Cefn Hoile discovered that sites, which allow the embedding of third-party stylesheets are vulnerable to cross-site scripting attacks through XBL bindings. - CVE-2009-1309 last seen 2020-06-01 modified 2020-06-02 plugin id 38724 published 2009-05-11 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38724 title Debian DSA-1797-1 : xulrunner - several vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_1_MOZILLA-XULRUNNER190-090427.NASL description Firefox version upgrade to 3.0.9 to fix various security bugs. (CVE-2009-1302,CVE-2009-1303,CVE-2009-1304,CVE-2009-1305,CVE -2009-1306,CVE-2009-1307,CVE-2009-1308,CVE-2009-1309,CVE-200 9-1310,CVE-2009-1311,CVE-2009-1312,CVE-2009-0652) last seen 2020-06-01 modified 2020-06-02 plugin id 40280 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40280 title openSUSE Security Update : mozilla-xulrunner190 (mozilla-xulrunner190-832) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-0436.NASL description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305) Several flaws were found in the way malformed web content was processed. A web page containing malicious content could execute arbitrary JavaScript in the context of the site, possibly presenting misleading data to a user, or stealing sensitive information such as login credentials. (CVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1312) A flaw was found in the way Firefox saved certain web pages to a local file. If a user saved the inner frame of a web page containing POST data, the POST data could be revealed to the inner frame, possibly surrendering sensitive information such as login credentials. (CVE-2009-1311) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.9. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.9, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 43743 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43743 title CentOS 4 / 5 : firefox (CESA-2009:0436) NASL family SuSE Local Security Checks NASL id SUSE_11_0_MOZILLAFIREFOX-090427.NASL description Firefox version upgrade to 3.0.9 to fix various security bugs. (CVE-2009-1302,CVE-2009-1303,CVE-2009-1304,CVE-2009-1305,CVE -2009-1306,CVE-2009-1307,CVE-2009-1308,CVE-2009-1309,CVE-200 9-1310,CVE-2009-1311,CVE-2009-1312,CVE-2009-0652) last seen 2020-06-01 modified 2020-06-02 plugin id 39889 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39889 title openSUSE Security Update : MozillaFirefox (MozillaFirefox-833) NASL family SuSE Local Security Checks NASL id SUSE_11_0_MOZILLA-XULRUNNER190-090427.NASL description Firefox version upgrade to 3.0.9 to fix various security bugs. (CVE-2009-1302,CVE-2009-1303,CVE-2009-1304,CVE-2009-1305,CVE -2009-1306,CVE-2009-1307,CVE-2009-1308,CVE-2009-1309,CVE-200 9-1310,CVE-2009-1311,CVE-2009-1312,CVE-2009-0652) last seen 2020-06-01 modified 2020-06-02 plugin id 40076 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40076 title openSUSE Security Update : mozilla-xulrunner190 (mozilla-xulrunner190-832)
Oval
accepted 2009-07-06T04:00:19.411-04:00 class vulnerability contributors name Chandan S organization SecPod Technologies name Brendan Miles organization The MITRE Corporation name J. Daniel Brown organization DTCC name Shane Shaffer organization G2, Inc. name Richard Helbing organization baramundi software name Evgeniy Pavlov organization ALTX-SOFT name Evgeniy Pavlov organization ALTX-SOFT name Evgeniy Pavlov organization ALTX-SOFT
definition_extensions comment Microsoft Windows XP (x86) SP2 is installed oval oval:org.mitre.oval:def:754 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed oval oval:org.mitre.oval:def:4873 comment Microsoft Windows Server 2003 SP1 (x86) is installed oval oval:org.mitre.oval:def:565 comment Microsoft Windows Server 2003 SP2 (x86) is installed oval oval:org.mitre.oval:def:1935 comment Mozilla Thunderbird Mainline release is installed oval oval:org.mitre.oval:def:22093
description The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration. family windows id oval:org.mitre.oval:def:5319 status deprecated submitted 2009-04-30T09:45:11 title Mozilla Thunderbird Memory corruption Vulnerabilities version 26 accepted 2009-07-06T04:00:21.065-04:00 class vulnerability contributors name Chandan S organization SecPod Technologies name Brendan Miles organization The MITRE Corporation name J. Daniel Brown organization DTCC name Shane Shaffer organization G2, Inc.
definition_extensions comment Microsoft Windows XP (x86) SP2 is installed oval oval:org.mitre.oval:def:754 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed oval oval:org.mitre.oval:def:4873 comment Microsoft Windows Server 2003 SP1 (x86) is installed oval oval:org.mitre.oval:def:565 comment Microsoft Windows Server 2003 SP2 (x86) is installed oval oval:org.mitre.oval:def:1935
description The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration. family windows id oval:org.mitre.oval:def:5480 status deprecated submitted 2009-04-30T09:45:11 title Mozilla Seamonkey Memory corruption Vulnerabilities version 23 accepted 2009-07-06T04:00:32.834-04:00 class vulnerability contributors name Chandan S organization SecPod Technologies name Brendan Miles organization The MITRE Corporation name J. Daniel Brown organization DTCC name Sergey Artykhov organization ALTX-SOFT name Sergey Artykhov organization ALTX-SOFT
definition_extensions comment Microsoft Windows XP (x86) SP2 is installed oval oval:org.mitre.oval:def:754 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed oval oval:org.mitre.oval:def:4873 comment Microsoft Windows Server 2003 SP1 (x86) is installed oval oval:org.mitre.oval:def:565 comment Microsoft Windows Server 2003 SP2 (x86) is installed oval oval:org.mitre.oval:def:1935
description The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration. family windows id oval:org.mitre.oval:def:6015 status deprecated submitted 2009-04-30T09:45:11 title Mozilla Firefox Memory corruption Vulnerabilities version 23 accepted 2014-10-06T04:04:31.958-04:00 class vulnerability contributors name J. Daniel Brown organization DTCC name Sergey Artykhov organization ALTX-SOFT name Sergey Artykhov organization ALTX-SOFT name Shane Shaffer organization G2, Inc. name Maria Kedovskaya organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT name Richard Helbing organization baramundi software name Evgeniy Pavlov organization ALTX-SOFT name Evgeniy Pavlov organization ALTX-SOFT name Evgeniy Pavlov organization ALTX-SOFT
definition_extensions comment Mozilla Thunderbird Mainline release is installed oval oval:org.mitre.oval:def:22093 comment Mozilla Seamonkey is installed oval oval:org.mitre.oval:def:6372 comment Mozilla Firefox Mainline release is installed oval oval:org.mitre.oval:def:22259
description The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration. family windows id oval:org.mitre.oval:def:7516 status accepted submitted 2009-12-26T17:00:00.000-05:00 title Mozilla Firefox, Thunderbird and Seamonkey Memory corruption Vulnerabilities version 33 accepted 2013-04-29T04:20:04.698-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990 comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration. family unix id oval:org.mitre.oval:def:9535 status accepted submitted 2010-07-09T03:56:16-04:00 title The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration. version 27
Redhat
advisories |
| ||||
rpms |
|
References
- http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
- http://secunia.com/advisories/34758
- http://secunia.com/advisories/34780
- http://secunia.com/advisories/34843
- http://secunia.com/advisories/34894
- http://secunia.com/advisories/35042
- http://secunia.com/advisories/35065
- http://secunia.com/advisories/35602
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
- http://www.debian.org/security/2009/dsa-1797
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
- http://www.mozilla.org/security/announce/2009/mfsa2009-14.html
- http://www.redhat.com/support/errata/RHSA-2009-0436.html
- http://www.securityfocus.com/bid/34656
- http://www.securitytracker.com/id?1022090
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275
- http://www.vupen.com/english/advisories/2009/1125
- https://bugzilla.mozilla.org/show_bug.cgi?id=461158
- https://bugzilla.mozilla.org/show_bug.cgi?id=475971
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5319
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5480
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6015
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7516
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9535
- https://usn.ubuntu.com/764-1/
- https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html