Vulnerabilities > CVE-2009-3388 - Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
mozilla
CWE-399
critical
nessus

Summary

liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues."

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-878-1.NASL
    descriptionUSN-874-1 fixed vulnerabilities in Firefox and Xulrunner. The upstream changes introduced a regression when using NTLM authentication. This update fixes the problem and adds additional stability fixes. We apologize for the inconvenience. Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and David James discovered several flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3979, CVE-2009-3980, CVE-2009-3982, CVE-2009-3986) Takehiro Takahashi discovered flaws in the NTLM implementation in Firefox. If an NTLM authenticated user visited a malicious website, a remote attacker could send requests to other applications, authenticated as the user. (CVE-2009-3983) Jonathan Morgan discovered that Firefox did not properly display SSL indicators under certain circumstances. This could be used by an attacker to spoof an encrypted page, such as in a phishing attack. (CVE-2009-3984) Jordi Chancel discovered that Firefox did not properly display invalid URLs for a blank page. If a user were tricked into accessing a malicious website, an attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2009-3985) David Keeler, Bob Clary, and Dan Kaminsky discovered several flaws in third party media libraries. If a user were tricked into opening a crafted media file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3388, CVE-2009-3389). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43824
    published2010-01-08
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43824
    titleUbuntu 9.10 : firefox-3.5, xulrunner-1.9.1 regression (USN-878-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-878-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(43824);
      script_version("1.18");
      script_cvs_date("Date: 2019/09/19 12:54:26");
    
      script_cve_id("CVE-2009-3388", "CVE-2009-3389", "CVE-2009-3979", "CVE-2009-3980", "CVE-2009-3982", "CVE-2009-3983", "CVE-2009-3984", "CVE-2009-3985", "CVE-2009-3986");
      script_bugtraq_id(37361, 37362, 37364, 37365, 37366, 37367, 37368, 37369, 37370);
      script_xref(name:"USN", value:"878-1");
    
      script_name(english:"Ubuntu 9.10 : firefox-3.5, xulrunner-1.9.1 regression (USN-878-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-874-1 fixed vulnerabilities in Firefox and Xulrunner. The upstream
    changes introduced a regression when using NTLM authentication. This
    update fixes the problem and adds additional stability fixes.
    
    We apologize for the inconvenience.
    
    Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay,
    and David James discovered several flaws in the browser and JavaScript
    engines of Firefox. If a user were tricked into viewing a malicious
    website, a remote attacker could cause a denial of service or possibly
    execute arbitrary code with the privileges of the user invoking the
    program. (CVE-2009-3979, CVE-2009-3980, CVE-2009-3982, CVE-2009-3986)
    
    Takehiro Takahashi discovered flaws in the NTLM
    implementation in Firefox. If an NTLM authenticated user
    visited a malicious website, a remote attacker could send
    requests to other applications, authenticated as the user.
    (CVE-2009-3983)
    
    Jonathan Morgan discovered that Firefox did not properly
    display SSL indicators under certain circumstances. This
    could be used by an attacker to spoof an encrypted page,
    such as in a phishing attack. (CVE-2009-3984)
    
    Jordi Chancel discovered that Firefox did not properly
    display invalid URLs for a blank page. If a user were
    tricked into accessing a malicious website, an attacker
    could exploit this to spoof the location bar, such as in a
    phishing attack. (CVE-2009-3985)
    
    David Keeler, Bob Clary, and Dan Kaminsky discovered several
    flaws in third party media libraries. If a user were tricked
    into opening a crafted media file, a remote attacker could
    cause a denial of service or possibly execute arbitrary code
    with the privileges of the user invoking the program.
    (CVE-2009-3388, CVE-2009-3389).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/878-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(94, 189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0-branding");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.1-branding");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.5-branding");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-branding");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-gnome-support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-venkman");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-branding");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-gnome-support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-branding");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-gnome-support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-gnome-support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-testsuite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-testsuite-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-dev");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/12/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/01/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(9\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 9.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"9.10", pkgname:"abrowser", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"abrowser-3.0", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"abrowser-3.0-branding", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"abrowser-3.1", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"abrowser-3.1-branding", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"abrowser-3.5", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"abrowser-3.5-branding", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.0", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.0-branding", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.0-dev", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.0-dom-inspector", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.0-gnome-support", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.0-venkman", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.1", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.1-branding", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.1-dbg", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.1-dev", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.1-gnome-support", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.5", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.5-branding", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.5-dbg", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.5-dev", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.5-gnome-support", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-dom-inspector", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-gnome-support", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.1", pkgver:"1.9.1.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.1-dbg", pkgver:"1.9.1.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.1-dev", pkgver:"1.9.1.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.1-gnome-support", pkgver:"1.9.1.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.1-testsuite", pkgver:"1.9.1.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.1-testsuite-dev", pkgver:"1.9.1.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-dev", pkgver:"1.9.1.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "abrowser / abrowser-3.0 / abrowser-3.0-branding / abrowser-3.1 / etc");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-338.NASL
    descriptionSecurity issues were identified and fixed in firefox 3.5.x : liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to memory safety issues. (CVE-2009-3388) Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions (CVE-2009-3389). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3979). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3980). Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3982). Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user (CVE-2009-3983). Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body (CVE-2009-3984). Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654 (CVE-2009-3985). Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property (CVE-2009-3986). The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects (CVE-2009-3987). Additionally, some packages which require so, have been rebuilt and are being provided as updates.
    last seen2020-06-01
    modified2020-06-02
    plugin id48162
    published2010-07-30
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/48162
    titleMandriva Linux Security Advisory : firefox (MDVSA-2009:338)
  • NASL familyWindows
    NASL idSEAMONKEY_201.NASL
    descriptionThe installed version of SeaMonkey is earlier than 2.0.1. Such versions are potentially affected by the following security issues : - Multiple crashes can result in arbitrary code execution. (MFSA 2009-65) - Multiple vulnerabilities in
    last seen2020-06-01
    modified2020-06-02
    plugin id43175
    published2009-12-16
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43175
    titleSeaMonkey < 2.0.1 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_MOZILLAFIREFOX-091217.NASL
    descriptionThe Mozilla Firefox was updated to version 3.5.6, fixing lots of bugs and various security issues. The following issues were fixed : - Crashes with evidence of memory corruption (rv:1.9.1.6). (MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3980 / CVE-2009-3982) - (bmo#504843,bmo#523816) Memory safety fixes in liboggplay media library. (MFSA 2009-66 / CVE-2009-3388) - (bmo#515882,bmo#504613) Integer overflow, crash in libtheora video library. (MFSA 2009-67 / CVE-2009-3389) - (bmo#487872) NTLM reflection vulnerability. (MFSA 2009-68 / CVE-2009-3983) - (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities. (MFSA 2009-69 / CVE-2009-3984 / CVE-2009-3985) - (bmo#522430) Privilege escalation via chrome window.opener. (MFSA 2009-70 / CVE-2009-3986)
    last seen2020-06-01
    modified2020-06-02
    plugin id43386
    published2009-12-22
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43386
    titleSuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 1709)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-13366.NASL
    descriptionUpdate to new upstream Firefox version 3.5.6, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox35.html#firefox3.5.6 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. CVE-2009-3979 CVE-2009-3980 CVE-2009-3982 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3986 CVE-2009-3388 CVE-2009-3389 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43339
    published2009-12-18
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43339
    titleFedora 12 : Miro-2.5.2-7.fc12 / blam-1.8.5-21.fc12 / firefox-3.5.6-1.fc12 / galeon-2.0.7-19.fc12 / etc (2009-13366)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_SEAMONKEY-091223.NASL
    descriptionThe Mozilla SeaMonkey browser suite was updated to version 2.0.1, fixing lots of bugs and various security issues. The following issues were fixed : - MFSA 2009-65/CVE-2009-3979/CVE-2009-3981 Crashes with evidence of memory corruption (1.9.0.16) - MFSA 2009-68/CVE-2009-3983 (bmo#487872) NTLM reflection vulnerability - MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities - MFSA 2009-70/CVE-2009-3986 (bmo#522430) Privilege escalation via chrome window.opener - MFSA 2009-71/CVE-2009-3987: COM object enumeration only affects Windows operating systems.
    last seen2020-06-01
    modified2020-06-02
    plugin id43619
    published2010-01-03
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43619
    titleopenSUSE Security Update : seamonkey (seamonkey-1738)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-874-1.NASL
    descriptionJesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and David James discovered several flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3979, CVE-2009-3980, CVE-2009-3982, CVE-2009-3986) Takehiro Takahashi discovered flaws in the NTLM implementation in Firefox. If an NTLM authenticated user visited a malicious website, a remote attacker could send requests to other applications, authenticated as the user. (CVE-2009-3983) Jonathan Morgan discovered that Firefox did not properly display SSL indicators under certain circumstances. This could be used by an attacker to spoof an encrypted page, such as in a phishing attack. (CVE-2009-3984) Jordi Chancel discovered that Firefox did not properly display invalid URLs for a blank page. If a user were tricked into accessing a malicious website, an attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2009-3985) David Keeler, Bob Clary, and Dan Kaminsky discovered several flaws in third party media libraries. If a user were tricked into opening a crafted media file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3388, CVE-2009-3389). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43367
    published2009-12-21
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43367
    titleUbuntu 9.10 : firefox-3.5, xulrunner-1.9.1 vulnerabilities (USN-874-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-6735.NASL
    descriptionThe Mozilla Firefox was updated to version 3.5.6, fixing lots of bugs and various security issues. The following issues were fixed : - Crashes with evidence of memory corruption (rv:1.9.1.6). (MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3980 / CVE-2009-3982) - (bmo#504843,bmo#523816) Memory safety fixes in liboggplay media library. (MFSA 2009-66 / CVE-2009-3388) - (bmo#515882,bmo#504613) Integer overflow, crash in libtheora video library. (MFSA 2009-67 / CVE-2009-3389) - (bmo#487872) NTLM reflection vulnerability. (MFSA 2009-68 / CVE-2009-3983) - (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities. (MFSA 2009-69 / CVE-2009-3984 / CVE-2009-3985) - (bmo#522430) Privilege escalation via chrome window.opener. (MFSA 2009-70 / CVE-2009-3986)
    last seen2020-06-01
    modified2020-06-02
    plugin id49889
    published2010-10-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49889
    titleSuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6735)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-13333.NASL
    descriptionUpdate to new upstream Firefox version 3.5.6, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox35.html#firefox3.5.6 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. CVE-2009-3979 CVE-2009-3980 CVE-2009-3982 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3986 CVE-2009-3388 CVE-2009-3389 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43334
    published2009-12-18
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43334
    titleFedora 11 : Miro-2.5.2-7.fc11 / blam-1.8.5-17.fc11 / chmsee-1.0.1-14.fc11 / epiphany-2.26.3-7.fc11 / etc (2009-13333)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-6733.NASL
    descriptionThe Mozilla Firefox was updated to version 3.5.6, fixing lots of bugs and various security issues. The following issues were fixed : - Crashes with evidence of memory corruption (rv:1.9.1.6). (MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3980 / CVE-2009-3982) - (bmo#504843,bmo#523816) Memory safety fixes in liboggplay media library. (MFSA 2009-66 / CVE-2009-3388) - (bmo#515882,bmo#504613) Integer overflow, crash in libtheora video library. (MFSA 2009-67 / CVE-2009-3389) - (bmo#487872) NTLM reflection vulnerability. (MFSA 2009-68 / CVE-2009-3983) - (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities. (MFSA 2009-69 / CVE-2009-3984 / CVE-2009-3985) - (bmo#522430) Privilege escalation via chrome window.opener. (MFSA 2009-70 / CVE-2009-3986)
    last seen2020-06-01
    modified2020-06-02
    plugin id43397
    published2009-12-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43397
    titleSuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6733)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_356.NASL
    descriptionThe installed version of Firefox is 3.5.x earlier than 3.5.6. Such versions are potentially affected by the following security issues : - Multiple crashes can result in arbitrary code execution. (MFSA 2009-65) - Multiple vulnerabilities in
    last seen2020-06-01
    modified2020-06-02
    plugin id43174
    published2009-12-16
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43174
    titleFirefox 3.5 < 3.5.6 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_MOZILLATHUNDERBIRD-100305.NASL
    descriptionMozilla Thunderbird was upgraded to version 3.0.3, fixing various bugs and security issues. Following security issues have been fixed: MFSA 2010-01 / CVE-2010-0159: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-03 / CVE-2009-1571: Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called. MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3980 / CVE-2009-3982: Crashes with evidence of memory corruption were fixed. (rv:1.9.1.6) MFSA 2009-66 / CVE-2009-3388 (bmo#504843,bmo#523816): Memory safety fixes in liboggplay media library were added. MFSA 2009-67 / CVE-2009-3389 (bmo#515882,bmo#504613): An Integer overflow, crash in libtheora video library was fixed.
    last seen2020-06-01
    modified2020-06-02
    plugin id45034
    published2010-03-11
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45034
    titleSuSE 11.2 Security Update: MozillaThunderbird (2010-03-05)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1673.NASL
    descriptionFrom Red Hat Security Advisory 2009:1673 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3979) A flaw was found in the SeaMonkey NT Lan Manager (NTLM) authentication protocol implementation. If an attacker could trick a local user that has NTLM credentials into visiting a specially crafted web page, they could send arbitrary requests, authenticated with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id67974
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67974
    titleOracle Linux 3 / 4 : seamonkey (ELSA-2009-1673)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201301-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id63402
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63402
    titleGLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-13362.NASL
    descriptionUpdate to new upstream SeaMonkey version 2.0.1, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/seamonkey20.html#seamonkey2.0.1 CVE-2009-3979 CVE-2009-3980 CVE-2009-3982 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3986 CVE-2009-3388 CVE-2009-3389 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43336
    published2009-12-18
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43336
    titleFedora 12 : seamonkey-2.0.1-1.fc12 (2009-13362)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_MOZILLAFIREFOX-091217.NASL
    descriptionThe Mozilla Firefox was updated to version 3.5.6, fixing lots of bugs and various security issues. The following issues were fixed : - MFSA 2009-65/CVE-2009-3979/CVE-2009-3980/CVE-2009-3982 Crashes with evidence of memory corruption (rv:1.9.1.6) - MFSA 2009-66/CVE-2009-3388 (bmo#504843,bmo#523816) Memory safety fixes in liboggplay media library - MFSA 2009-67/CVE-2009-3389 (bmo#515882,bmo#504613) Integer overflow, crash in libtheora video library - MFSA 2009-68/CVE-2009-3983 (bmo#487872) NTLM reflection vulnerability - MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities - MFSA 2009-70/CVE-2009-3986 (bmo#522430) Privilege escalation via chrome window.opener
    last seen2020-06-01
    modified2020-06-02
    plugin id43383
    published2009-12-22
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43383
    titleopenSUSE Security Update : MozillaFirefox (MozillaFirefox-1708)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_301.NASL
    descriptionThe installed version of Thunderbird is earlier than 3.0.1. Such versions are potentially affected by the following security issues : - Multiple crashes can result in arbitrary code execution. (MFSA 2009-65) - Multiple vulnerabilities in
    last seen2020-06-01
    modified2020-06-02
    plugin id44111
    published2010-01-22
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44111
    titleMozilla Thunderbird < 3.0.1 Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1673.NASL
    descriptionUpdated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3979) A flaw was found in the SeaMonkey NT Lan Manager (NTLM) authentication protocol implementation. If an attacker could trick a local user that has NTLM credentials into visiting a specially crafted web page, they could send arbitrary requests, authenticated with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id43170
    published2009-12-16
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43170
    titleRHEL 3 / 4 : seamonkey (RHSA-2009:1673)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1673.NASL
    descriptionUpdated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3979) A flaw was found in the SeaMonkey NT Lan Manager (NTLM) authentication protocol implementation. If an attacker could trick a local user that has NTLM credentials into visiting a specially crafted web page, they could send arbitrary requests, authenticated with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id43355
    published2009-12-21
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43355
    titleCentOS 4 : seamonkey (CESA-2009:1673)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_01C57D20EA2611DEBD3900248C9B4BE7.NASL
    descriptionMozilla Project reports : MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects MFSA 2009-70 Privilege escalation via chrome window.opener MFSA 2009-69 Location bar spoofing vulnerabilities MFSA 2009-68 NTLM reflection vulnerability MFSA 2009-67 Integer overflow, crash in libtheora video library MFSA 2009-66 Memory safety fixes in liboggplay media library MFSA 2009-65 Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16)
    last seen2020-06-01
    modified2020-06-02
    plugin id43176
    published2009-12-17
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43176
    titleFreeBSD : mozilla -- multiple vulnerabilities (01c57d20-ea26-11de-bd39-00248c9b4be7)

Oval

accepted2014-10-06T04:04:35.566-04:00
classvulnerability
contributors
  • nameJ. Daniel Brown
    organizationDTCC
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
definition_extensions
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Seamonkey is installed
    ovaloval:org.mitre.oval:def:6372
descriptionliboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues."
familywindows
idoval:org.mitre.oval:def:8009
statusaccepted
submitted2010-01-07T17:30:00.000-05:00
titleMozilla Firefox and SeaMonkey 'liboggplay' Media Library Remote Memory Corruption Vulnerabilities
version31