Vulnerabilities > CVE-2010-2751 - Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Seamonkey

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and the history.back and history.forward JavaScript functions.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Accessing, Modifying or Executing Executable Files
    An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Blue Boxing
    This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.
  • Restful Privilege Elevation
    Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
  • Target Programs with Elevated Privileges
    This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-930-5.NASL
    descriptionUSN-930-4 fixed vulnerabilities in Firefox and Xulrunner on Ubuntu 9.04 and 9.10. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2. If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-1121) Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203) A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1198) An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196) Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199) Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. (CVE-2010-1125) Ilja van Sprundel discovered that the
    last seen2020-06-01
    modified2020-06-02
    plugin id47825
    published2010-07-26
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47825
    titleUbuntu 9.04 / 9.10 : ant, apturl, epiphany-browser, gluezilla, gnome-python-extras, liferea, mozvoikko, openjdk-6, packagekit, ubufox, webfav, yelp update (USN-930-5)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-930-5. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(47825);
      script_version("1.14");
      script_cvs_date("Date: 2019/09/19 12:54:26");
    
      script_cve_id("CVE-2008-5913", "CVE-2010-0654", "CVE-2010-1121", "CVE-2010-1125", "CVE-2010-1196", "CVE-2010-1197", "CVE-2010-1198", "CVE-2010-1199", "CVE-2010-1200", "CVE-2010-1201", "CVE-2010-1202", "CVE-2010-1203", "CVE-2010-1205", "CVE-2010-1206", "CVE-2010-1207", "CVE-2010-1208", "CVE-2010-1209", "CVE-2010-1210", "CVE-2010-1211", "CVE-2010-1212", "CVE-2010-1213", "CVE-2010-1214", "CVE-2010-1215", "CVE-2010-2751", "CVE-2010-2752", "CVE-2010-2753", "CVE-2010-2754");
      script_bugtraq_id(33276, 38952, 40701, 41055, 41082, 41087, 41090, 41093, 41094, 41099, 41102, 41103, 41174, 41842, 41845, 41849, 41852, 41853, 41859, 41860, 41866, 41871, 41872, 41878);
      script_xref(name:"USN", value:"930-5");
    
      script_name(english:"Ubuntu 9.04 / 9.10 : ant, apturl, epiphany-browser, gluezilla, gnome-python-extras, liferea, mozvoikko, openjdk-6, packagekit, ubufox, webfav, yelp update (USN-930-5)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-930-4 fixed vulnerabilities in Firefox and Xulrunner on Ubuntu
    9.04 and 9.10. This update provides updated packages for use with
    Firefox 3.6 and Xulrunner 1.9.2.
    
    If was discovered that Firefox could be made to access freed memory.
    If a user were tricked into viewing a malicious site, a remote
    attacker could cause a denial of service or possibly execute arbitrary
    code with the privileges of the user invoking the program. This issue
    only affected Ubuntu 8.04 LTS. (CVE-2010-1121)
    
    Several flaws were discovered in the browser engine of
    Firefox. If a user were tricked into viewing a malicious
    site, a remote attacker could cause a denial of service or
    possibly execute arbitrary code with the privileges of the
    user invoking the program. (CVE-2010-1200, CVE-2010-1201,
    CVE-2010-1202, CVE-2010-1203)
    
    A flaw was discovered in the way plugin instances
    interacted. An attacker could potentially exploit this and
    use one plugin to access freed memory from a second plugin
    to execute arbitrary code with the privileges of the user
    invoking the program. (CVE-2010-1198)
    
    An integer overflow was discovered in Firefox. If a user
    were tricked into viewing a malicious site, an attacker
    could overflow a buffer and cause a denial of service or
    possibly execute arbitrary code with the privileges of the
    user invoking the program. (CVE-2010-1196)
    
    Martin Barbella discovered an integer overflow in an XSLT
    node sorting routine. An attacker could exploit this to
    overflow a buffer and cause a denial of service or possibly
    execute arbitrary code with the privileges of the user
    invoking the program. (CVE-2010-1199)
    
    Michal Zalewski discovered that the focus behavior of
    Firefox could be subverted. If a user were tricked into
    viewing a malicious site, a remote attacker could use this
    to capture keystrokes. (CVE-2010-1125)
    
    Ilja van Sprundel discovered that the 'Content-Disposition:
    attachment' HTTP header was ignored when 'Content-Type:
    multipart' was also present. Under certain circumstances,
    this could potentially lead to cross-site scripting attacks.
    (CVE-2010-1197)
    
    Amit Klein discovered that Firefox did not seed its random
    number generator often enough. An attacker could exploit
    this to identify and track users across different websites.
    (CVE-2008-5913)
    
    Several flaws were discovered in the browser engine of
    Firefox. If a user were tricked into viewing a malicious
    site, a remote attacker could use this to crash the browser
    or possibly run arbitrary code as the user invoking the
    program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211,
    CVE-2010-1212)
    
    An integer overflow was discovered in how Firefox processed
    plugin parameters. An attacker could exploit this to crash
    the browser or possibly run arbitrary code as the user
    invoking the program. (CVE-2010-1214)
    
    A flaw was discovered in the Firefox JavaScript engine. If a
    user were tricked into viewing a malicious site, a remote
    attacker code execute arbitrary JavaScript with chrome
    privileges. (CVE-2010-1215)
    
    An integer overflow was discovered in how Firefox processed
    CSS values. An attacker could exploit this to crash the
    browser or possibly run arbitrary code as the user invoking
    the program. (CVE-2010-2752)
    
    An integer overflow was discovered in how Firefox
    interpreted the XUL <tree> element. If a user were tricked
    into viewing a malicious site, a remote attacker could use
    this to crash the browser or possibly run arbitrary code as
    the user invoking the program. (CVE-2010-2753)
    
    Aki Helin discovered that libpng did not properly handle
    certain malformed PNG images. If a user were tricked into
    opening a crafted PNG file, an attacker could cause a denial
    of service or possibly execute arbitrary code with the
    privileges of the user invoking the program. (CVE-2010-1205)
    
    Yosuke Hasegawa and Vladimir Vukicevic discovered that the
    same-origin check in Firefox could be bypassed by utilizing
    the importScripts Web Worker method. If a user were tricked
    into viewing a malicious website, an attacker could exploit
    this to read data from other domains. (CVE-2010-1213,
    CVE-2010-1207)
    
    O. Andersen that Firefox did not properly map undefined
    positions within certain 8 bit encodings. An attacker could
    utilize this to perform cross-site scripting attacks.
    (CVE-2010-1210)
    
    Michal Zalewski discovered flaws in how Firefox processed
    the HTTP 204 (no content) code. An attacker could exploit
    this to spoof the location bar, such as in a phishing
    attack. (CVE-2010-1206)
    
    Jordi Chancel discovered that Firefox did not properly
    handle when a server responds to an HTTPS request with
    plaintext and then processes JavaScript history events. An
    attacker could exploit this to spoof the location bar, such
    as in a phishing attack. (CVE-2010-2751)
    
    Chris Evans discovered that Firefox did not properly process
    improper CSS selectors. If a user were tricked into viewing
    a malicious website, an attacker could exploit this to read
    data from other domains. (CVE-2010-0654)
    
    Soroush Dalili discovered that Firefox did not properly
    handle script error output. An attacker could use this to
    access URL parameters from other domains. (CVE-2010-2754).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/930-5/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(94);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ant-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ant-gcj");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ant-optional");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ant-optional-gcj");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apturl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:epiphany-browser");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:epiphany-browser-data");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:epiphany-browser-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:epiphany-browser-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:epiphany-gecko");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gstreamer0.10-packagekit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgluezilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpackagekit-glib-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpackagekit-glib11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpackagekit-qt-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpackagekit-qt11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:liferea");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:liferea-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-packagekit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozvoikko");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:packagekit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:packagekit-backend-apt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:packagekit-backend-smart");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:packagekit-backend-yum");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-eggtrayicon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-gda");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-gdl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-gksu2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-gnome2-extras");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-gnome2-extras-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-gnome2-extras-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-gnome2-extras-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-gtkhtml2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-gtkhtml2-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-gtkmozembed");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-gtkspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-packagekit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ubufox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:webfav");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:yelp");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/01/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/07/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(9\.04|9\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 9.04 / 9.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"9.04", pkgname:"ant", pkgver:"1.7.1-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"ant-doc", pkgver:"1.7.1-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"ant-gcj", pkgver:"1.7.1-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"ant-optional", pkgver:"1.7.1-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"ant-optional-gcj", pkgver:"1.7.1-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"apturl", pkgver:"0.3.3ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"epiphany-browser", pkgver:"2.26.1-0ubuntu1.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"epiphany-browser-data", pkgver:"2.26.1-0ubuntu1.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"epiphany-browser-dbg", pkgver:"2.26.1-0ubuntu1.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"epiphany-browser-dev", pkgver:"2.26.1-0ubuntu1.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"epiphany-gecko", pkgver:"2.26.1-0ubuntu1.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"gstreamer0.10-packagekit", pkgver:"0.3.14-0ubuntu5.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"icedtea-6-jre-cacao", pkgver:"6b18-1.8-4ubuntu3~9.04.2")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"icedtea6-plugin", pkgver:"6b18-1.8-4ubuntu3~9.04.2")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libgluezilla", pkgver:"2.0-1ubuntu1.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libpackagekit-glib-dev", pkgver:"0.3.14-0ubuntu5.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libpackagekit-glib11", pkgver:"0.3.14-0ubuntu5.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libpackagekit-qt-dev", pkgver:"0.3.14-0ubuntu5.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libpackagekit-qt11", pkgver:"0.3.14-0ubuntu5.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"liferea", pkgver:"1.4.26-0ubuntu1.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"liferea-dbg", pkgver:"1.4.26-0ubuntu1.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"mozilla-packagekit", pkgver:"0.3.14-0ubuntu5.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"mozvoikko", pkgver:"0.9.5-1ubuntu2.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-dbg", pkgver:"6b18-1.8-4ubuntu3~9.04.2")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-demo", pkgver:"6b18-1.8-4ubuntu3~9.04.2")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-doc", pkgver:"6b18-1.8-4ubuntu3~9.04.2")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-jdk", pkgver:"6b18-1.8-4ubuntu3~9.04.2")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-jre", pkgver:"6b18-1.8-4ubuntu3~9.04.2")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-jre-headless", pkgver:"6b18-1.8-4ubuntu3~9.04.2")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-jre-lib", pkgver:"6b18-1.8-4ubuntu3~9.04.2")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-jre-zero", pkgver:"6b18-1.8-4ubuntu3~9.04.2")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-source", pkgver:"6b18-1.8-4ubuntu3~9.04.2")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"packagekit", pkgver:"0.3.14-0ubuntu5.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"packagekit-backend-apt", pkgver:"0.3.14-0ubuntu5.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"packagekit-backend-smart", pkgver:"0.3.14-0ubuntu5.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"packagekit-backend-yum", pkgver:"0.3.14-0ubuntu5.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"python-gnome2-extras", pkgver:"2.19.1-0ubuntu14.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"python-gnome2-extras-dbg", pkgver:"2.19.1-0ubuntu14.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"python-gnome2-extras-dev", pkgver:"2.19.1-0ubuntu14.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"python-gnome2-extras-doc", pkgver:"2.19.1-0ubuntu14.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"python-gtkhtml2", pkgver:"2.19.1-0ubuntu14.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"python-gtkhtml2-dbg", pkgver:"2.19.1-0ubuntu14.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"python-packagekit", pkgver:"0.3.14-0ubuntu5.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"ubufox", pkgver:"0.9~rc2-0ubuntu0.9.04.2")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"webfav", pkgver:"1.11-0ubuntu1.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"yelp", pkgver:"2.25.1-0ubuntu5.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"ant", pkgver:"1.7.1-4ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"ant-doc", pkgver:"1.7.1-4ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"ant-gcj", pkgver:"1.7.1-4ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"ant-optional", pkgver:"1.7.1-4ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"ant-optional-gcj", pkgver:"1.7.1-4ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"icedtea-6-jre-cacao", pkgver:"6b18-1.8-4ubuntu3~9.10.2")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"icedtea6-plugin", pkgver:"6b18-1.8-4ubuntu3~9.10.2")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"mozvoikko", pkgver:"1.0-1ubuntu3.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-dbg", pkgver:"6b18-1.8-4ubuntu3~9.10.2")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-demo", pkgver:"6b18-1.8-4ubuntu3~9.10.2")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-doc", pkgver:"6b18-1.8-4ubuntu3~9.10.2")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-jdk", pkgver:"6b18-1.8-4ubuntu3~9.10.2")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-jre", pkgver:"6b18-1.8-4ubuntu3~9.10.2")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-jre-headless", pkgver:"6b18-1.8-4ubuntu3~9.10.2")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-jre-lib", pkgver:"6b18-1.8-4ubuntu3~9.10.2")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-jre-zero", pkgver:"6b18-1.8-4ubuntu3~9.10.2")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-source", pkgver:"6b18-1.8-4ubuntu3~9.10.2")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"python-eggtrayicon", pkgver:"2.25.3-3ubuntu1.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"python-gda", pkgver:"2.25.3-3ubuntu1.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"python-gdl", pkgver:"2.25.3-3ubuntu1.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"python-gksu2", pkgver:"2.25.3-3ubuntu1.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"python-gnome2-extras", pkgver:"2.25.3-3ubuntu1.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"python-gnome2-extras-dbg", pkgver:"2.25.3-3ubuntu1.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"python-gnome2-extras-dev", pkgver:"2.25.3-3ubuntu1.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"python-gtkhtml2", pkgver:"2.25.3-3ubuntu1.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"python-gtkmozembed", pkgver:"2.25.3-3ubuntu1.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"python-gtkspell", pkgver:"2.25.3-3ubuntu1.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"ubufox", pkgver:"0.9~rc2-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"webfav", pkgver:"1.16-0ubuntu1.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"yelp", pkgver:"2.28.0-0ubuntu2.9.10.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ant / ant-doc / ant-gcj / ant-optional / ant-optional-gcj / apturl / etc");
    }
    
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_367.NASL
    descriptionThe installed version of Firefox 3.6.x is earlier than 3.6.7. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could result in memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-34) - An error in DOM attribute cloning could result in arbitrary code execution. (MFSA 2010-35) - An error in Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id47782
    published2010-07-22
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47782
    titleFirefox 3.6 < 3.6.7 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(47782);
      script_version("1.20");
      script_cvs_date("Date: 2018/07/16 14:09:14");
    
      script_cve_id(
        "CVE-2010-0654",
        "CVE-2010-1206",
        "CVE-2010-1207",
        "CVE-2010-1208",
        "CVE-2010-1209",
        "CVE-2010-1210",
        "CVE-2010-1211",
        "CVE-2010-1212",
        "CVE-2010-1213",
        "CVE-2010-1214",
        "CVE-2010-1215",
        "CVE-2010-2751",
        "CVE-2010-2752",
        "CVE-2010-2753",
        "CVE-2010-2754"
      );
      script_bugtraq_id(
        41842,
        41845,
        41849,
        41852,
        41853,
        41859,
        41860,
        41865,
        41866,
        41868,
        41871,
        41872,
        41878,
        41968
      );
      script_xref(name:"Secunia", value:"39925");
      script_xref(name:"Secunia", value:"40283");
    
      script_name(english:"Firefox 3.6 < 3.6.7 Multiple Vulnerabilities");
      script_summary(english:"Checks version of Firefox");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a web browser that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Firefox 3.6.x is earlier than 3.6.7.  Such
    versions are potentially affected by the following security issues :
    
      - Multiple memory safety bugs could result in memory
        corruption, potentially resulting in arbitrary code
        execution. (MFSA 2010-34)
    
      - An error in DOM attribute cloning could result in
        arbitrary code execution. (MFSA 2010-35)
    
      - An error in Mozilla's 'NodeIterator' implementation
        could lead to arbitrary code execution. (MFSA 2010-36)
    
      - An error in the code to store the names and values of
        plugin parameters could lead arbitrary code execution.
        (MFSA 2010-37)
    
      - It may be possible to run arbitrary JavaScript with
        chrome privileges using SJOW and fast native
        function. (MFSA 2010-38)
    
      - The array class used to store CSS values is affected
        by an integer overflow vulnerability. (MFSA 2010-39)
    
      - An integer overflow vulnerability exists in the
        'selection' attribute of XUL <tree> element.
        (MFSA 2010-40)
    
      - A buffer overflow vulnerability in Mozilla graphics
        code could lead to arbitrary code execution.
        (MFSA 2010-41)
    
      - It is possible to read and parse resources from other
        domains even when the content is not valid JavaScript
        leading to cross-domain data disclosure. (MFSA 2010-42)
    
      - The canvas element can be used to read data from another
        site leading to a same-origin bypass vulnerability.
        (MFSA 2010-43)
    
      - Characters mapped to U+FFFD in 8 bit encodings could
        cause subsequent characters to disappear, potentially
        contributing to cross-site scripting issues on certain
        websites. (MFSA 2010-44)
    
      - Multiple location bar spoofing vulnerabilities exist.
        (MFSA 2010-45)
    
      - It is possible to read data across domains by
        injecting bogus CSS selectors into a target site.
        (MFSA 2010-46)
    
      - Potentially sensitive URL parameters could be leaked
        across domains via script errors. (MFSA 2010-47)");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-34/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-35/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-36/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-37/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-38/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-39/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-40/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-41/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-42/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-43/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-44/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-45/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-46/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-47/");
    
     script_set_attribute(attribute:"solution", value:"Upgrade to Firefox 3.6.7 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
     script_cwe_id(94);
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/10/23"); # (MFSA 2010-46)
      script_set_attribute(attribute:"patch_publication_date", value:"2010/07/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/22");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Firefox/Version");
      exit(0);
    }
    
    include("mozilla_version.inc");
    port = get_kb_item_or_exit("SMB/transport"); 
    
    installs = get_kb_list("SMB/Mozilla/Firefox/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");
    
    mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'3.6.7', min:'3.6', severity:SECURITY_HOLE);
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_8C2EA875949911DF8E32000F20797EDE.NASL
    descriptionThe Mozilla Project reports : MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11) MFSA 2010-35 DOM attribute cloning remote code execution vulnerability MFSA 2010-36 Use-after-free error in NodeIterator MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability MFSA 2010-38 Arbitrary code execution using SJOW and fast native function MFSA 2010-39 nsCSSValue::Array index integer overflow MFSA 2010-40 nsTreeSelection dangling pointer remote code execution vulnerability MFSA 2010-41 Remote code execution using malformed PNG image MFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts MFSA 2010-43 Same-origin bypass using canvas context MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish MFSA 2010-45 Multiple location bar spoofing vulnerabilities MFSA 2010-46 Cross-domain data theft using CSS MFSA 2010-47 Cross-origin data leakage from script filename in error messages
    last seen2020-06-01
    modified2020-06-02
    plugin id47794
    published2010-07-22
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47794
    titleFreeBSD : mozilla -- multiple vulnerabilities (8c2ea875-9499-11df-8e32-000f20797ede)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(47794);
      script_version("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:40");
    
      script_cve_id("CVE-2010-0654", "CVE-2010-1205", "CVE-2010-1206", "CVE-2010-1207", "CVE-2010-1208", "CVE-2010-1209", "CVE-2010-1210", "CVE-2010-1211", "CVE-2010-1212", "CVE-2010-1213", "CVE-2010-1214", "CVE-2010-1215", "CVE-2010-2751", "CVE-2010-2752", "CVE-2010-2753", "CVE-2010-2754");
    
      script_name(english:"FreeBSD : mozilla -- multiple vulnerabilities (8c2ea875-9499-11df-8e32-000f20797ede)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Mozilla Project reports :
    
    MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/
    1.9.1.11)
    
    MFSA 2010-35 DOM attribute cloning remote code execution vulnerability
    
    MFSA 2010-36 Use-after-free error in NodeIterator
    
    MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code
    execution vulnerability
    
    MFSA 2010-38 Arbitrary code execution using SJOW and fast native
    function
    
    MFSA 2010-39 nsCSSValue::Array index integer overflow
    
    MFSA 2010-40 nsTreeSelection dangling pointer remote code execution
    vulnerability
    
    MFSA 2010-41 Remote code execution using malformed PNG image
    
    MFSA 2010-42 Cross-origin data disclosure via Web Workers and
    importScripts
    
    MFSA 2010-43 Same-origin bypass using canvas context
    
    MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause
    subsequent character to vanish
    
    MFSA 2010-45 Multiple location bar spoofing vulnerabilities
    
    MFSA 2010-46 Cross-domain data theft using CSS
    
    MFSA 2010-47 Cross-origin data leakage from script filename in error
    messages"
      );
      # http://www.mozilla.org/security/announce/2010/mfsa2010-34.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-34/"
      );
      # http://www.mozilla.org/security/announce/2010/mfsa2010-35.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-35/"
      );
      # http://www.mozilla.org/security/announce/2010/mfsa2010-36.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-36/"
      );
      # http://www.mozilla.org/security/announce/2010/mfsa2010-37.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-37/"
      );
      # http://www.mozilla.org/security/announce/2010/mfsa2010-38.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-38/"
      );
      # http://www.mozilla.org/security/announce/2010/mfsa2010-39.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-39/"
      );
      # http://www.mozilla.org/security/announce/2010/mfsa2010-40.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-40/"
      );
      # http://www.mozilla.org/security/announce/2010/mfsa2010-41.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-41/"
      );
      # http://www.mozilla.org/security/announce/2010/mfsa2010-42.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-42/"
      );
      # http://www.mozilla.org/security/announce/2010/mfsa2010-43.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-43/"
      );
      # http://www.mozilla.org/security/announce/2010/mfsa2010-44.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-44/"
      );
      # http://www.mozilla.org/security/announce/2010/mfsa2010-45.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-45/"
      );
      # http://www.mozilla.org/security/announce/2010/mfsa2010-46.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-46/"
      );
      # http://www.mozilla.org/security/announce/2010/mfsa2010-47.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-47/"
      );
      # https://vuxml.freebsd.org/freebsd/8c2ea875-9499-11df-8e32-000f20797ede.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?bc98ecc0"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(94);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-firefox-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:thunderbird");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/07/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/07/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"firefox>3.6.*,1<3.6.7,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"firefox>3.5.*,1<3.5.11,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-firefox<3.6.7,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-firefox-devel<3.5.11")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"seamonkey>2.0.*<2.0.6")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"thunderbird>=3.0<3.0.6")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100720_FIREFOX_ON_SL4_X.NASL
    descriptionSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212, CVE-2010-1214, CVE-2010-1215, CVE-2010-2752, CVE-2010-2753) A memory corruption flaw was found in the way Firefox decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1205) Several same-origin policy bypass flaws were found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with Firefox. (CVE-2010-0654, CVE-2010-1207, CVE-2010-1213, CVE-2010-2754) A flaw was found in the way Firefox presented the location bar to a user. A malicious website could trick a user into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker. (CVE-2010-1206) A flaw was found in the way Firefox displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) A flaw was found in the way Firefox displayed certain malformed characters. A malicious web page could use this flaw to bypass certain string sanitization methods, allowing it to display malicious information to users. (CVE-2010-1210) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.7. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id60818
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60818
    titleScientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-957-1.NASL
    descriptionSeveral flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212) An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1214) A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. (CVE-2010-1215) An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752) An integer overflow was discovered in how Firefox interpreted the XUL <tree> element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753) Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205) Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-1213, CVE-2010-1207) O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-1210) Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no content) code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-1206) Jordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-2751) Chris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0654) Soroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47826
    published2010-07-26
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47826
    titleUbuntu 8.04 LTS / 10.04 LTS : firefox, firefox-3.0, xulrunner-1.9.2 vulnerabilities (USN-957-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_MOZILLA-XULRUNNER191-100722.NASL
    descriptionThis update brings Mozilla XULRunner to the 1.9.1.11 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. MFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id75669
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75669
    titleopenSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-2779)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-930-4.NASL
    descriptionUSN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides the corresponding updates for Ubuntu 9.04 and 9.10, along with additional updates affecting Firefox 3.6.6. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212) An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1214) A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. (CVE-2010-1215) An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752) An integer overflow was discovered in how Firefox interpreted the XUL <tree> element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753) Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205) Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-1213, CVE-2010-1207) O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-1210) Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no content) code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-1206) Jordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-2751) Chris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0654) Soroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754) If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1121) Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203) A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1198) An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196) Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199) Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. (CVE-2010-1125) Ilja van Sprundel discovered that the
    last seen2020-06-01
    modified2020-06-02
    plugin id47824
    published2010-07-26
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47824
    titleUbuntu 9.04 / 9.10 : firefox-3.0, firefox-3.5, xulrunner-1.9.2 vulnerabilities (USN-930-4)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-957-2.NASL
    descriptionUSN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. (CVE-2010-2755) This update fixes the problem. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212) An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1214) A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. (CVE-2010-1215) An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752) An integer overflow was discovered in how Firefox interpreted the XUL <tree> element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753) Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205) Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-1213, CVE-2010-1207) O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-1210) Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no content) code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-1206) Jordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-2751) Chris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0654) Soroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47856
    published2010-07-27
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47856
    titleUbuntu 8.04 LTS / 10.04 LTS : firefox, firefox-3.0, xulrunner-1.9.2 vulnerability (USN-957-2)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0547.NASL
    descriptionFrom Red Hat Security Advisory 2010:0547 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212, CVE-2010-1214, CVE-2010-1215, CVE-2010-2752, CVE-2010-2753) A memory corruption flaw was found in the way Firefox decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1205) Several same-origin policy bypass flaws were found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with Firefox. (CVE-2010-0654, CVE-2010-1207, CVE-2010-1213, CVE-2010-2754) A flaw was found in the way Firefox presented the location bar to a user. A malicious website could trick a user into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker. (CVE-2010-1206) A flaw was found in the way Firefox displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) A flaw was found in the way Firefox displayed certain malformed characters. A malicious web page could use this flaw to bypass certain string sanitization methods, allowing it to display malicious information to users. (CVE-2010-1210) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.7. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.7, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68068
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68068
    titleOracle Linux 4 / 5 : firefox (ELSA-2010-0547)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-11345.NASL
    descriptionUpdate to new upstream Firefox version 3.6.7, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox36.html#firefox3.6.7 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. CVE-2010-1211 CVE-2010-1212 CVE-2010-1208 CVE-2010-1209 CVE-2010-1214 CVE-2010-1215 CVE-2010-2752 CVE-2010-2753 CVE-2010-1205 CVE-2010-1213 CVE-2010-1207 CVE-2010-1210 CVE-2010-1206 CVE-2010-2751 CVE-2010-0654 CVE-2010-2754 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47809
    published2010-07-23
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47809
    titleFedora 13 : firefox-3.6.7-1.fc13 / galeon-2.0.7-30.fc13 / gnome-python2-extras-2.25.3-20.fc13 / etc (2010-11345)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0546.NASL
    descriptionUpdated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1211, CVE-2010-2753, CVE-2010-1214) A memory corruption flaw was found in the way SeaMonkey decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1205) A same-origin policy bypass flaw was found in SeaMonkey. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with SeaMonkey. (CVE-2010-2754) A flaw was found in the way SeaMonkey displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id48342
    published2010-08-17
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/48342
    titleCentOS 3 : seamonkey (CESA-2010:0546)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_MOZILLAFIREFOX-100722.NASL
    descriptionThis update brings Mozilla Firefox to the 3.5.11 security release. It fixes following security issues : - Several memory safety bugs in habe been identified in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs show evidence of memory corruption under certain circumstances, and it is presumed that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-34 / CVE-2010-1211) - An error in the DOM attribute cloning routine has been reported, where under certain circumstances an event attribute node can be deleted while another object still contains a reference to it. This reference could subsequently be accessed, potentially causing the execution of attacker controlled memory. (MFSA 2010-35 / CVE-2010-1208) - An error in Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id50874
    published2010-12-02
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50874
    titleSuSE 11 / 11.1 Security Update : Mozilla Firefox (SAT Patch Numbers 2780 / 2781)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0547.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212, CVE-2010-1214, CVE-2010-1215, CVE-2010-2752, CVE-2010-2753) A memory corruption flaw was found in the way Firefox decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1205) Several same-origin policy bypass flaws were found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with Firefox. (CVE-2010-0654, CVE-2010-1207, CVE-2010-1213, CVE-2010-2754) A flaw was found in the way Firefox presented the location bar to a user. A malicious website could trick a user into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker. (CVE-2010-1206) A flaw was found in the way Firefox displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) A flaw was found in the way Firefox displayed certain malformed characters. A malicious web page could use this flaw to bypass certain string sanitization methods, allowing it to display malicious information to users. (CVE-2010-1210) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.7. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.7, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id47806
    published2010-07-23
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47806
    titleCentOS 4 / 5 : firefox (CESA-2010:0547)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0547.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212, CVE-2010-1214, CVE-2010-1215, CVE-2010-2752, CVE-2010-2753) A memory corruption flaw was found in the way Firefox decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1205) Several same-origin policy bypass flaws were found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with Firefox. (CVE-2010-0654, CVE-2010-1207, CVE-2010-1213, CVE-2010-2754) A flaw was found in the way Firefox presented the location bar to a user. A malicious website could trick a user into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker. (CVE-2010-1206) A flaw was found in the way Firefox displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) A flaw was found in the way Firefox displayed certain malformed characters. A malicious web page could use this flaw to bypass certain string sanitization methods, allowing it to display malicious information to users. (CVE-2010-1210) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.7. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.7, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id47881
    published2010-07-28
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47881
    titleRHEL 4 / 5 : firefox (RHSA-2010:0547)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0545.NASL
    descriptionAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A memory corruption flaw was found in the way Thunderbird decoded certain PNG images. An attacker could create a mail message containing a specially crafted PNG image that, when opened, could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1205) Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the
    last seen2020-06-01
    modified2020-06-02
    plugin id63939
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63939
    titleRHEL 5 : thunderbird (RHSA-2010:0545)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_MOZILLAFIREFOX-100722.NASL
    descriptionThis update brings Mozilla Firefox to the 3.5.11 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. MFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id47907
    published2010-07-30
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47907
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0430-3)
  • NASL familyWindows
    NASL idSEAMONKEY_206.NASL
    descriptionThe installed version of SeaMonkey is earlier than 2.0.6. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could result in memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-34) - An error in DOM attribute cloning could result in arbitrary code execution. (MFSA 2010-35) - An error in Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id47785
    published2010-07-21
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47785
    titleSeaMonkey < 2.0.6 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_SEAMONKEY-100721.NASL
    descriptionThis update brings Mozilla SeaMonkey to the 2.0.6 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. MFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id47854
    published2010-07-27
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47854
    titleopenSUSE Security Update : seamonkey (openSUSE-SU-2010:0430-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-11363.NASL
    descriptionUpdate to new upstream SeaMonkey version 2.0.6, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/seamonkey20.html#seamonkey2.0.6 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47811
    published2010-07-23
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47811
    titleFedora 12 : seamonkey-2.0.6-1.fc12 (2010-11363)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_3511.NASL
    descriptionThe installed version of Firefox is earlier than 3.5.11. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could result in memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-34) - An error in DOM attribute cloning could result in arbitrary code execution. (MFSA 2010-35) - An error in Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id47781
    published2010-07-22
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47781
    titleFirefox < 3.5.11 Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0546.NASL
    descriptionUpdated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1211, CVE-2010-2753, CVE-2010-1214) A memory corruption flaw was found in the way SeaMonkey decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1205) A same-origin policy bypass flaw was found in SeaMonkey. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with SeaMonkey. (CVE-2010-2754) A flaw was found in the way SeaMonkey displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id47880
    published2010-07-28
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47880
    titleRHEL 3 / 4 : seamonkey (RHSA-2010:0546)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0545.NASL
    descriptionAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A memory corruption flaw was found in the way Thunderbird decoded certain PNG images. An attacker could create a mail message containing a specially crafted PNG image that, when opened, could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1205) Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the
    last seen2020-06-01
    modified2020-06-02
    plugin id47805
    published2010-07-23
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47805
    titleCentOS 5 : thunderbird (CESA-2010:0545)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2075.NASL
    descriptionSeveral remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0182 Wladimir Palant discovered that security checks in XML processing were insufficiently enforced. - CVE-2010-0654 Chris Evans discovered that insecure CSS handling could lead to reading data across domain boundaries. - CVE-2010-1205 Aki Helin discovered a buffer overflow in the internal copy of libpng, which could lead to the execution of arbitrary code. - CVE-2010-1208
    last seen2020-06-01
    modified2020-06-02
    plugin id47889
    published2010-07-29
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47889
    titleDebian DSA-2075-1 : xulrunner - several vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100720_SEAMONKEY_ON_SL3_X.NASL
    descriptionSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1211, CVE-2010-2753, CVE-2010-1214) A memory corruption flaw was found in the way SeaMonkey decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1205) A same-origin policy bypass flaw was found in SeaMonkey. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with SeaMonkey. (CVE-2010-2754) A flaw was found in the way SeaMonkey displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) SeaMonkey must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id60820
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60820
    titleScientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-11375.NASL
    descriptionUpdate to new upstream Firefox version 3.5.11, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox35.html#firefox3.5.11 Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. CVE-2010-1211 CVE-2010-1208 CVE-2010-1209 CVE-2010-1214 CVE-2010-2752 CVE-2010-2753 CVE-2010-1205 CVE-2010-1213 CVE-2010-1206 CVE-2010-2751 CVE-2010-0654 CVE-2010-2754 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47812
    published2010-07-23
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47812
    titleFedora 12 : firefox-3.5.11-1.fc12 / galeon-2.0.7-24.fc12 / gnome-python2-extras-2.25.3-19.fc12 / etc (2010-11375)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-7101.NASL
    descriptionThis update brings Mozilla Firefox to the 3.5.11 security release. It fixes following security issues : - Several memory safety bugs in habe been identified in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs show evidence of memory corruption under certain circumstances, and it is presumed that with enough effort at least some of these could be exploited to run arbitrary code. . (MFSA 2010-34 / CVE-2010-1211) - An error in the DOM attribute cloning routine has been reported, where under certain circumstances an event attribute node can be deleted while another object still contains a reference to it. This reference could subsequently be accessed, potentially causing the execution of attacker controlled memory. . (MFSA 2010-35 / CVE-2010-1208) - An error in Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id49894
    published2010-10-11
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49894
    titleSuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7101)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-11327.NASL
    descriptionUpdate to new upstream SeaMonkey version 2.0.6, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/seamonkey20.html#seamonkey2.0.6 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47807
    published2010-07-23
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47807
    titleFedora 13 : seamonkey-2.0.6-1.fc13 (2010-11327)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_SEAMONKEY-100721.NASL
    descriptionThis update brings Mozilla SeaMonkey to the 2.0.6 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. MFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id75731
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75731
    titleopenSUSE Security Update : seamonkey (openSUSE-SU-2010:0430-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_MOZILLAFIREFOX-100727.NASL
    descriptionThis update brings Mozilla Firefox to the 3.6.8 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211 / CVE-2010-1212: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id75646
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75646
    titleopenSUSE Security Update : MozillaFirefox (MozillaFirefox-2807)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201301-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id63402
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63402
    titleGLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0546.NASL
    descriptionFrom Red Hat Security Advisory 2010:0546 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1211, CVE-2010-2753, CVE-2010-1214) A memory corruption flaw was found in the way SeaMonkey decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1205) A same-origin policy bypass flaw was found in SeaMonkey. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with SeaMonkey. (CVE-2010-2754) A flaw was found in the way SeaMonkey displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68067
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68067
    titleOracle Linux 3 / 4 : seamonkey (ELSA-2010-0546)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_MOZILLAFIREFOX-100722.NASL
    descriptionThis update brings Mozilla Firefox to the 3.5.11 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. MFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id47906
    published2010-07-30
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47906
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0430-3)

Oval

accepted2014-10-06T04:00:20.668-04:00
classvulnerability
contributors
  • nameJ. Daniel Brown
    organizationDTCC
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
definition_extensions
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Seamonkey is installed
    ovaloval:org.mitre.oval:def:6372
descriptionThe nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and the history.back and history.forward JavaScript functions.
familywindows
idoval:org.mitre.oval:def:11688
statusaccepted
submitted2010-07-21T17:30:00.000-05:00
titleMozilla Firefox and SeaMonkey Location Bar Spoofing Vulnerability
version36

Redhat

rpms
  • seamonkey-0:1.0.9-0.57.el3
  • seamonkey-0:1.0.9-60.el4
  • seamonkey-chat-0:1.0.9-0.57.el3
  • seamonkey-chat-0:1.0.9-60.el4
  • seamonkey-debuginfo-0:1.0.9-0.57.el3
  • seamonkey-debuginfo-0:1.0.9-60.el4
  • seamonkey-devel-0:1.0.9-0.57.el3
  • seamonkey-devel-0:1.0.9-60.el4
  • seamonkey-dom-inspector-0:1.0.9-0.57.el3
  • seamonkey-dom-inspector-0:1.0.9-60.el4
  • seamonkey-js-debugger-0:1.0.9-0.57.el3
  • seamonkey-js-debugger-0:1.0.9-60.el4
  • seamonkey-mail-0:1.0.9-0.57.el3
  • seamonkey-mail-0:1.0.9-60.el4
  • seamonkey-nspr-0:1.0.9-0.57.el3
  • seamonkey-nspr-devel-0:1.0.9-0.57.el3
  • seamonkey-nss-0:1.0.9-0.57.el3
  • seamonkey-nss-devel-0:1.0.9-0.57.el3
  • firefox-0:3.6.7-2.el4
  • firefox-0:3.6.7-2.el5
  • firefox-debuginfo-0:3.6.7-2.el4
  • firefox-debuginfo-0:3.6.7-2.el5
  • xulrunner-0:1.9.2.7-2.el5
  • xulrunner-debuginfo-0:1.9.2.7-2.el5
  • xulrunner-devel-0:1.9.2.7-2.el5