Vulnerabilities > CVE-2010-2760 - Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a "dangling pointer vulnerability." NOTE: this issue exists because of an incomplete fix for CVE-2010-2753.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-975-2.NASL description USN-975-1 fixed vulnerabilities in Firefox and Xulrunner. Some users reported stability problems under certain circumstances. This update fixes the problem. We apologize for the inconvenience. Several dangling pointer vulnerabilities were discovered in Firefox. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167) Blake Kaplan and Michal Zalewski discovered several weaknesses in the XPCSafeJSObjectWrapper (SJOW) security wrapper. If a user were tricked into viewing a malicious site, a remote attacker could use this to run arbitrary JavaScript with chrome privileges. (CVE-2010-2762) Matt Haggard discovered that Firefox did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. If a user were tricked into viewing a malicious site, a remote attacker could use this to gather information about servers on internal private networks. (CVE-2010-2764) Chris Rohlf discovered an integer overflow when Firefox processed the HTML frameset element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2765) Several issues were discovered in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2766, CVE-2010-3168) David Huang and Collin Jackson discovered that the <object> tag could override the charset of a framed HTML document in another origin. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2768) Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2769) A buffer overflow was discovered in Firefox when processing text runs. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3166) Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3169). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49268 published 2010-09-17 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49268 title Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 regression (USN-975-2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-975-2. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(49268); script_version("1.11"); script_cvs_date("Date: 2019/09/19 12:54:26"); script_cve_id("CVE-2010-2760", "CVE-2010-2762", "CVE-2010-2764", "CVE-2010-2765", "CVE-2010-2766", "CVE-2010-2767", "CVE-2010-2768", "CVE-2010-2769", "CVE-2010-3166", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-3169"); script_xref(name:"USN", value:"975-2"); script_name(english:"Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 regression (USN-975-2)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "USN-975-1 fixed vulnerabilities in Firefox and Xulrunner. Some users reported stability problems under certain circumstances. This update fixes the problem. We apologize for the inconvenience. Several dangling pointer vulnerabilities were discovered in Firefox. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167) Blake Kaplan and Michal Zalewski discovered several weaknesses in the XPCSafeJSObjectWrapper (SJOW) security wrapper. If a user were tricked into viewing a malicious site, a remote attacker could use this to run arbitrary JavaScript with chrome privileges. (CVE-2010-2762) Matt Haggard discovered that Firefox did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. If a user were tricked into viewing a malicious site, a remote attacker could use this to gather information about servers on internal private networks. (CVE-2010-2764) Chris Rohlf discovered an integer overflow when Firefox processed the HTML frameset element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2765) Several issues were discovered in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2766, CVE-2010-3168) David Huang and Collin Jackson discovered that the <object> tag could override the charset of a framed HTML document in another origin. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2768) Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2769) A buffer overflow was discovered in Firefox when processing text runs. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3166) Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3169). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/975-2/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0-branding"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.1-branding"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.5-branding"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-branding"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-2-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-2-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-2-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-2-gnome-support"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-2-libthai"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-branding"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-gnome-support"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-venkman"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-branding"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-gnome-support"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-branding"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-gnome-support"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-branding"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-gnome-support"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-libthai"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-mozsymbols"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-gnome-support"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-gnome-support"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-testsuite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-testsuite-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-gnome-support"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-testsuite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-testsuite-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-dev"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/09/09"); script_set_attribute(attribute:"patch_publication_date", value:"2010/09/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(8\.04|9\.04|9\.10|10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 9.04 / 9.10 / 10.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"8.04", pkgname:"abrowser", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"abrowser-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-3.0", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-3.0-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-3.0-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-gnome-support-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-granparadiso", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-granparadiso-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-granparadiso-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-libthai", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-trunk", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-trunk-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"firefox-trunk-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9.2", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9.2-dbg", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9.2-dev", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9.2-gnome-support", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9.2-testsuite", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9.2-testsuite-dev", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-dev", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"abrowser", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"abrowser-3.0-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"abrowser-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-2", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-2-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-2-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-2-dom-inspector", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-2-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-2-libthai", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-3.0", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-3.0-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-3.0-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-3.0-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-gnome-support-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-granparadiso", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-granparadiso-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-granparadiso-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-libthai", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-trunk", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-trunk-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"firefox-trunk-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"xulrunner-1.9.2", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"xulrunner-1.9.2-dbg", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"xulrunner-1.9.2-dev", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"xulrunner-1.9.2-gnome-support", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"xulrunner-1.9.2-testsuite", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"xulrunner-1.9.2-testsuite-dev", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"xulrunner-dev", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"abrowser", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"abrowser-3.0", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"abrowser-3.0-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"abrowser-3.1", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"abrowser-3.1-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"abrowser-3.5", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"abrowser-3.5-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"abrowser-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-2", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-2-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-2-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-2-dom-inspector", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-2-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-2-libthai", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.0", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.0-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.0-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.0-dom-inspector", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.0-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.0-venkman", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.1", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.1-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.1-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.1-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.1-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.5", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.5-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.5-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.5-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.5-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-dom-inspector", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"firefox-gnome-support-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.1", pkgver:"1.9.1.13+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.1-dbg", pkgver:"1.9.1.13+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.1-dev", pkgver:"1.9.1.13+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.1-gnome-support", pkgver:"1.9.1.13+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.1-testsuite", pkgver:"1.9.1.13+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.1-testsuite-dev", pkgver:"1.9.1.13+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.2", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.2-dbg", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.2-dev", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.2-gnome-support", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.2-testsuite", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.2-testsuite-dev", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-dev", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"abrowser", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"abrowser-3.5", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"abrowser-3.5-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"abrowser-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"firefox", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"firefox-2", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"firefox-2-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"firefox-2-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"firefox-2-dom-inspector", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"firefox-2-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"firefox-2-libthai", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"firefox-3.0", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"firefox-3.0-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"firefox-3.0-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"firefox-3.5", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"firefox-3.5-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"firefox-3.5-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"firefox-3.5-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"firefox-3.5-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"firefox-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"firefox-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"firefox-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"firefox-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"firefox-gnome-support-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"firefox-mozsymbols", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"xulrunner-1.9", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"xulrunner-1.9.2", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"xulrunner-1.9.2-dbg", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"xulrunner-1.9.2-dev", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"xulrunner-1.9.2-gnome-support", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"xulrunner-1.9.2-testsuite", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"xulrunner-1.9.2-testsuite-dev", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"xulrunner-dev", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "abrowser / abrowser-3.0 / abrowser-3.0-branding / abrowser-3.1 / etc"); }
NASL family Scientific Linux Local Security Checks NASL id SL_20100907_SEAMONKEY_ON_SL3_X.NASL description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3169) A buffer overflow flaw was found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-2765) A use-after-free flaw and several dangling pointer flaws were found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) A cross-site scripting (XSS) flaw was found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to run JavaScript code with the permissions of a different website. (CVE-2010-2768) After installing the update, SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60853 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60853 title Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(60853); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:19"); script_cve_id("CVE-2010-2760", "CVE-2010-2765", "CVE-2010-2767", "CVE-2010-2768", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-3169"); script_name(english:"Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3169) A buffer overflow flaw was found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-2765) A use-after-free flaw and several dangling pointer flaws were found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) A cross-site scripting (XSS) flaw was found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to run JavaScript code with the permissions of a different website. (CVE-2010-2768) After installing the update, SeaMonkey must be restarted for the changes to take effect." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1009&L=scientific-linux-errata&T=0&P=760 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e0e92c1a" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2010/09/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL3", reference:"seamonkey-1.0.9-0.60.el3")) flag++; if (rpm_check(release:"SL3", reference:"seamonkey-chat-1.0.9-0.60.el3")) flag++; if (rpm_check(release:"SL3", reference:"seamonkey-devel-1.0.9-0.60.el3")) flag++; if (rpm_check(release:"SL3", reference:"seamonkey-dom-inspector-1.0.9-0.60.el3")) flag++; if (rpm_check(release:"SL3", reference:"seamonkey-js-debugger-1.0.9-0.60.el3")) flag++; if (rpm_check(release:"SL3", reference:"seamonkey-mail-1.0.9-0.60.el3")) flag++; if (rpm_check(release:"SL3", reference:"seamonkey-nspr-1.0.9-0.60.el3")) flag++; if (rpm_check(release:"SL3", reference:"seamonkey-nspr-devel-1.0.9-0.60.el3")) flag++; if (rpm_check(release:"SL3", reference:"seamonkey-nss-1.0.9-0.60.el3")) flag++; if (rpm_check(release:"SL3", reference:"seamonkey-nss-devel-1.0.9-0.60.el3")) flag++; if (rpm_check(release:"SL4", reference:"seamonkey-1.0.9-63.el4")) flag++; if (rpm_check(release:"SL4", reference:"seamonkey-chat-1.0.9-63.el4")) flag++; if (rpm_check(release:"SL4", reference:"seamonkey-devel-1.0.9-63.el4")) flag++; if (rpm_check(release:"SL4", reference:"seamonkey-dom-inspector-1.0.9-63.el4")) flag++; if (rpm_check(release:"SL4", reference:"seamonkey-js-debugger-1.0.9-63.el4")) flag++; if (rpm_check(release:"SL4", reference:"seamonkey-mail-1.0.9-63.el4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0681.NASL description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3169, CVE-2010-2762) Several use-after-free and dangling pointer flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2760, CVE-2010-2766, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) Multiple buffer overflow flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2765, CVE-2010-3166) Multiple cross-site scripting (XSS) flaws were found in Firefox. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2010-2768, CVE-2010-2769) A flaw was found in the Firefox XMLHttpRequest object. A remote site could use this flaw to gather information about servers on an internal private network. (CVE-2010-2764) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.9. You can find a link to the Mozilla advisories in the References section of this erratum. Note: After installing this update, Firefox will fail to connect (with HTTPS) to a server using the SSL DHE (Diffie-Hellman Ephemeral) key exchange if the server last seen 2020-06-01 modified 2020-06-02 plugin id 53540 published 2011-04-23 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53540 title RHEL 4 / 5 : firefox (RHSA-2010:0681) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2010:0681. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(53540); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:15"); script_cve_id("CVE-2010-2753", "CVE-2010-2760", "CVE-2010-2762", "CVE-2010-2763", "CVE-2010-2764", "CVE-2010-2765", "CVE-2010-2766", "CVE-2010-2767", "CVE-2010-2768", "CVE-2010-2769", "CVE-2010-2770", "CVE-2010-3166", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-3169"); script_bugtraq_id(43045); script_xref(name:"RHSA", value:"2010:0681"); script_name(english:"RHEL 4 / 5 : firefox (RHSA-2010:0681)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3169, CVE-2010-2762) Several use-after-free and dangling pointer flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2760, CVE-2010-2766, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) Multiple buffer overflow flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2765, CVE-2010-3166) Multiple cross-site scripting (XSS) flaws were found in Firefox. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2010-2768, CVE-2010-2769) A flaw was found in the Firefox XMLHttpRequest object. A remote site could use this flaw to gather information about servers on an internal private network. (CVE-2010-2764) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.9. You can find a link to the Mozilla advisories in the References section of this erratum. Note: After installing this update, Firefox will fail to connect (with HTTPS) to a server using the SSL DHE (Diffie-Hellman Ephemeral) key exchange if the server's ephemeral key is too small. Connecting to such servers is a security risk as an ephemeral key that is too small makes the SSL connection vulnerable to attack. Refer to the Solution section for further information. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.9, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-2760" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-2762" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-2764" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-2765" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-2766" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-2767" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-2768" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-2769" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3166" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3167" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3168" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3169" ); # http://www.mozilla.org/security/known-vulnerabilities/firefox36.html# script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ab0bbddd" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2010:0681" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nspr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-pkcs11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xulrunner"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/07/30"); script_set_attribute(attribute:"patch_publication_date", value:"2010/09/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/04/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2010:0681"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"firefox-3.6.9-1.el4")) flag++; if (rpm_check(release:"RHEL4", reference:"nspr-4.8.6-1.el4")) flag++; if (rpm_check(release:"RHEL4", reference:"nspr-devel-4.8.6-1.el4")) flag++; if (rpm_check(release:"RHEL4", reference:"nss-3.12.7-1.el4")) flag++; if (rpm_check(release:"RHEL4", reference:"nss-devel-3.12.7-1.el4")) flag++; if (rpm_check(release:"RHEL4", reference:"nss-tools-3.12.7-1.el4")) flag++; if (rpm_check(release:"RHEL5", reference:"firefox-3.6.9-2.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"nspr-4.8.6-1.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"nspr-devel-4.8.6-1.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"nss-3.12.7-2.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"nss-devel-3.12.7-2.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"nss-pkcs11-devel-3.12.7-2.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"nss-tools-3.12.7-2.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"nss-tools-3.12.7-2.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"nss-tools-3.12.7-2.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"xulrunner-1.9.2.9-1.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"xulrunner-devel-1.9.2.9-1.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / nspr / nspr-devel / nss / nss-devel / nss-pkcs11-devel / etc"); } }
NASL family SuSE Local Security Checks NASL id SUSE_11_1_SEAMONKEY-100917.NASL description Mozilla SeaMonkey 2.0 was updated to version 2.0.8, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 49280 published 2010-09-20 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49280 title openSUSE Security Update : seamonkey (openSUSE-SU-2010:0632-2) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update seamonkey-3138. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(49280); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:38"); script_cve_id("CVE-2010-2753", "CVE-2010-2760", "CVE-2010-2762", "CVE-2010-2763", "CVE-2010-2764", "CVE-2010-2765", "CVE-2010-2766", "CVE-2010-2767", "CVE-2010-2768", "CVE-2010-2769", "CVE-2010-2770", "CVE-2010-3131", "CVE-2010-3166", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-3169"); script_name(english:"openSUSE Security Update : seamonkey (openSUSE-SU-2010:0632-2)"); script_summary(english:"Check for the seamonkey-3138 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Mozilla SeaMonkey 2.0 was updated to version 2.0.8, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim's computer. MFSA 2010-52 / CVE-2010-3131: Security researcher Haifei Li of FortiGuard Labs reported that Firefox could be used to load a malicious code library that had been planted on a victim's computer. Firefox attempts to load dwmapi.dll upon startup as part of its platform detection, so on systems that don't have this library, such as Windows XP, Firefox will subsequently attempt to load the library from the current working directory. An attacker could use this vulnerability to trick a user into downloading a HTML file and a malicious copy of dwmapi.dll into the same directory on their computer and opening the HTML file with Firefox, thus causing the malicious code to be executed. If the attacker was on the same network as the victim, the malicious DLL could also be loaded via a UNC path. The attack also requires that Firefox not currently be running when it is asked to open the HTML file and accompanying DLL. As this is a Windows only problem, it does not affect the Linux version. It is listed for completeness only. MFSA 2010-53 / CVE-2010-3166: Security researcher wushi of team509 reported a heap buffer overflow in code routines responsible for transforming text runs. A page could be constructed with a bidirectional text run which upon reflow could result in an incorrect length being calculated for the run of text. When this value is subsequently used to allocate memory for the text too small a buffer may be created potentially resulting in a buffer overflow and the execution of attacker controlled memory. MFSA 2010-54 / CVE-2010-2760: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that there was a remaining dangling pointer issue leftover from the fix to CVE-2010-2753. Under certain circumstances one of the pointers held by a XUL tree selection could be freed and then later reused, potentially resulting in the execution of attacker-controlled memory. MFSA 2010-55 / CVE-2010-3168: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that XUL <tree> objects could be manipulated such that the setting of certain properties on the object would trigger the removal of the tree from the DOM and cause certain sections of deleted memory to be accessed. In products based on Gecko version 1.9.2 (Firefox 3.6, Thunderbird 3.1) and newer this memory has been overwritten by a value that will cause an unexploitable crash. In products based on Gecko version 1.9.1 (Firefox 3.5, Thunderbird 3.0, and SeaMonkey 2.0) and older an attacker could potentially use this vulnerability to crash a victim's browser and run arbitrary code on their computer. MFSA 2010-56 / CVE-2010-3167: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that the implementation of XUL <tree>'s content view contains a dangling pointer vulnerability. One of the content view's methods for accessing the internal structure of the tree could be manipulated into removing a node prior to accessing it, resulting in the accessing of deleted memory. If an attacker can control the contents of the deleted memory prior to its access they could use this vulnerability to run arbitrary code on a victim's machine. MFSA 2010-57 / CVE-2010-2766: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that code used to normalize a document contained a logical flaw that could be leveraged to run arbitrary code. When the normalization code ran, a static count of the document's child nodes was used in the traversal, so a page could be constructed that would remove DOM nodes during this normalization which could lead to the accessing of a deleted object and potentially the execution of attacker-controlled memory. MFSA 2010-58 / CVE-2010-2770: Security researcher Marc Schoenefeld reported that a specially crafted font could be applied to a document and cause a crash on Mac systems. The crash showed signs of memory corruption and presumably could be used by an attacker to execute arbitrary code on a victim's computer. This issue probably does not affect the Linux builds and so is listed for completeness. MFSA 2010-59 / CVE-2010-2762: Mozilla developer Blake Kaplan reported that the wrapper class XPCSafeJSObjectWrapper (SJOW), a security wrapper that allows content-defined objects to be safely accessed by privileged code, creates scope chains ending in outer objects. Users of SJOWs which expect the scope chain to end on an inner object may be handed a chrome privileged object which could be leveraged to run arbitrary JavaScript with chrome privileges. Michal Zalewski's recent contributions helped to identify this architectural weakness. MFSA 2010-60 / CVE-2010-2763: Mozilla security researcher moz_bug_r_a4 reported that the wrapper class XPCSafeJSObjectWrapper (SJOW) on the Mozilla 1.9.1 development branch has a logical error in its scripted function implementation that allows the caller to run the function within the context of another site. This is a violation of the same-origin policy and could be used to mount an XSS attack. MFSA 2010-61 / CVE-2010-2768: Security researchers David Huang and Collin Jackson of Carnegie Mellon University CyLab (Silicon Valley campus) reported that the type attribute of an <object> tag can override the charset of a framed HTML document, even when the document is included across origins. A page could be constructed containing such an <object> tag which sets the charset of the framed document to UTF-7. This could potentially allow an attacker to inject UTF-7 encoded JavaScript into a site, bypassing the site's XSS filters, and then executing the code using the above technique. MFSA 2010-62 / CVE-2010-2769: Security researcher Paul Stone reported that when an HTML selection containing JavaScript is copy-and-pasted or dropped onto a document with designMode enabled the JavaScript will be executed within the context of the site where the code was dropped. A malicious site could leverage this issue in an XSS attack by persuading a user into taking such an action and in the process running malicious JavaScript within the context of another site. MFSA 2010-63 / CVE-2010-2764: Matt Haggard reported that the statusText property of an XMLHttpRequest object is readable by the requestor even when the request is made across origins. This status information reveals the presence of a web server and could be used to gather information about servers on internal private networks. This issue was also independently reported to Mozilla by Nicholas Berthaume" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=637303" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2010-09/msg00032.html" ); script_set_attribute( attribute:"solution", value:"Update the affected seamonkey packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-irc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-venkman"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1"); script_set_attribute(attribute:"patch_publication_date", value:"2010/09/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.1", reference:"seamonkey-2.0.8-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"seamonkey-dom-inspector-2.0.8-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"seamonkey-irc-2.0.8-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"seamonkey-venkman-2.0.8-0.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2010-14362.NASL description Update to new upstream Firefox version 3.5.12, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox35.html#firefox3.5.12 Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49164 published 2010-09-09 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49164 title Fedora 12 : firefox-3.5.12-1.fc12 / galeon-2.0.7-25.fc12 / gnome-python2-extras-2.25.3-20.fc12 / etc (2010-14362) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-14362. # include("compat.inc"); if (description) { script_id(49164); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:31"); script_cve_id("CVE-2010-2760", "CVE-2010-2763", "CVE-2010-2764", "CVE-2010-2765", "CVE-2010-2766", "CVE-2010-2767", "CVE-2010-2768", "CVE-2010-2769", "CVE-2010-3166", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-3169"); script_xref(name:"FEDORA", value:"2010-14362"); script_name(english:"Fedora 12 : firefox-3.5.12-1.fc12 / galeon-2.0.7-25.fc12 / gnome-python2-extras-2.25.3-20.fc12 / etc (2010-14362)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Update to new upstream Firefox version 3.5.12, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox35.html#firefox3.5.12 Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://www.mozilla.org/security/known- script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/known-" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=630055" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=630056" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=630059" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=630061" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=630062" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=630064" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=630067" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=630069" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=630074" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=630075" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=630078" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=631725" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/047279.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3d738fa8" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/047280.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6c08de90" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/047281.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1de2a37f" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?577f17e4" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/047283.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?71a2bb83" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/047284.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e1739145" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/047285.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b0d9d861" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:galeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnome-web-photo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mozvoikko"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xulrunner"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/09/09"); script_set_attribute(attribute:"patch_publication_date", value:"2010/09/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/09"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^12([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 12.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC12", reference:"firefox-3.5.12-1.fc12")) flag++; if (rpm_check(release:"FC12", reference:"galeon-2.0.7-25.fc12")) flag++; if (rpm_check(release:"FC12", reference:"gnome-python2-extras-2.25.3-20.fc12")) flag++; if (rpm_check(release:"FC12", reference:"gnome-web-photo-0.9-9.fc12")) flag++; if (rpm_check(release:"FC12", reference:"mozvoikko-1.0-12.fc12")) flag++; if (rpm_check(release:"FC12", reference:"perl-Gtk2-MozEmbed-0.08-6.fc12.15")) flag++; if (rpm_check(release:"FC12", reference:"xulrunner-1.9.1.12-1.fc12")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / galeon / gnome-python2-extras / gnome-web-photo / etc"); }
NASL family Scientific Linux Local Security Checks NASL id SL_20100907_FIREFOX_ON_SL4_X.NASL description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3169, CVE-2010-2762) Several use-after-free and dangling pointer flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2760, CVE-2010-2766, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) Multiple buffer overflow flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2765, CVE-2010-3166) Multiple cross-site scripting (XSS) flaws were found in Firefox. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2010-2768, CVE-2010-2769) A flaw was found in the Firefox XMLHttpRequest object. A remote site could use this flaw to gather information about servers on an internal private network. (CVE-2010-2764) Note: After installing this update, Firefox will fail to connect (with HTTPS) to a server using the SSL DHE (Diffie-Hellman Ephemeral) key exchange if the server last seen 2020-06-01 modified 2020-06-02 plugin id 60849 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60849 title Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(60849); script_version("1.5"); script_cvs_date("Date: 2019/10/25 13:36:19"); script_cve_id("CVE-2010-2760", "CVE-2010-2762", "CVE-2010-2764", "CVE-2010-2765", "CVE-2010-2766", "CVE-2010-2767", "CVE-2010-2768", "CVE-2010-2769", "CVE-2010-3166", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-3169"); script_name(english:"Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3169, CVE-2010-2762) Several use-after-free and dangling pointer flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2760, CVE-2010-2766, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) Multiple buffer overflow flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2765, CVE-2010-3166) Multiple cross-site scripting (XSS) flaws were found in Firefox. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2010-2768, CVE-2010-2769) A flaw was found in the Firefox XMLHttpRequest object. A remote site could use this flaw to gather information about servers on an internal private network. (CVE-2010-2764) Note: After installing this update, Firefox will fail to connect (with HTTPS) to a server using the SSL DHE (Diffie-Hellman Ephemeral) key exchange if the server's ephemeral key is too small. Connecting to such servers is a security risk as an ephemeral key that is too small makes the SSL connection vulnerable to attack. If you encounter the condition where Firefox fails to connect to a server that has an ephemeral key that is too small, you can try connecting using a cipher suite with a different key exchange algorithm by disabling all DHE cipher suites in Firefox : 1) Type about:config in the URL bar and press the Enter key. 2) In the Filter search bar, type ssl3.dhe 3) For all preferences now presented, double-click the true value to change the value to false. 4) This change would affect connections to all HTTPS servers. After installing the update, Firefox must be restarted for the changes to take effect." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1009&L=scientific-linux-errata&T=0&P=892 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?01ab4cad" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/09/09"); script_set_attribute(attribute:"patch_publication_date", value:"2010/09/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL4", reference:"firefox-3.6.9-1.el4")) flag++; if (rpm_check(release:"SL4", reference:"nspr-4.8.6-1.el4")) flag++; if (rpm_check(release:"SL4", reference:"nspr-devel-4.8.6-1.el4")) flag++; if (rpm_check(release:"SL4", reference:"nss-3.12.7-1.el4")) flag++; if (rpm_check(release:"SL4", reference:"nss-devel-3.12.7-1.el4")) flag++; if (rpm_check(release:"SL4", reference:"nss-tools-3.12.7-1.el4")) flag++; if (rpm_check(release:"SL5", reference:"firefox-3.6.9-2.el5")) flag++; if (rpm_check(release:"SL5", reference:"nspr-4.8.6-1.el5")) flag++; if (rpm_check(release:"SL5", reference:"nspr-devel-4.8.6-1.el5")) flag++; if (rpm_check(release:"SL5", reference:"nss-3.12.7-2.el5")) flag++; if (rpm_check(release:"SL5", reference:"nss-devel-3.12.7-2.el5")) flag++; if (rpm_check(release:"SL5", reference:"nss-pkcs11-devel-3.12.7-2.el5")) flag++; if (rpm_check(release:"SL5", reference:"nss-tools-3.12.7-2.el5")) flag++; if (rpm_check(release:"SL5", reference:"xulrunner-1.9.2.9-1.el5")) flag++; if (rpm_check(release:"SL5", reference:"xulrunner-devel-1.9.2.9-1.el5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE_11_1_MOZILLA-XULRUNNER191-100917.NASL description Mozilla XULRunner 1.9.1 was updated to version 1.9.1.13, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 49945 published 2010-10-12 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49945 title openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3141) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update mozilla-xulrunner191-3141. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(49945); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:38"); script_cve_id("CVE-2010-2753", "CVE-2010-2760", "CVE-2010-2762", "CVE-2010-2763", "CVE-2010-2764", "CVE-2010-2765", "CVE-2010-2766", "CVE-2010-2767", "CVE-2010-2768", "CVE-2010-2769", "CVE-2010-2770", "CVE-2010-3131", "CVE-2010-3166", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-3169"); script_name(english:"openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3141)"); script_summary(english:"Check for the mozilla-xulrunner191-3141 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Mozilla XULRunner 1.9.1 was updated to version 1.9.1.13, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim's computer. MFSA 2010-52 / CVE-2010-3131: Security researcher Haifei Li of FortiGuard Labs reported that Firefox could be used to load a malicious code library that had been planted on a victim's computer. Firefox attempts to load dwmapi.dll upon startup as part of its platform detection, so on systems that don't have this library, such as Windows XP, Firefox will subsequently attempt to load the library from the current working directory. An attacker could use this vulnerability to trick a user into downloading a HTML file and a malicious copy of dwmapi.dll into the same directory on their computer and opening the HTML file with Firefox, thus causing the malicious code to be executed. If the attacker was on the same network as the victim, the malicious DLL could also be loaded via a UNC path. The attack also requires that Firefox not currently be running when it is asked to open the HTML file and accompanying DLL. As this is a Windows only problem, it does not affect the Linux version. It is listed for completeness only. MFSA 2010-53 / CVE-2010-3166: Security researcher wushi of team509 reported a heap buffer overflow in code routines responsible for transforming text runs. A page could be constructed with a bidirectional text run which upon reflow could result in an incorrect length being calculated for the run of text. When this value is subsequently used to allocate memory for the text too small a buffer may be created potentially resulting in a buffer overflow and the execution of attacker controlled memory. MFSA 2010-54 / CVE-2010-2760: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that there was a remaining dangling pointer issue leftover from the fix to CVE-2010-2753. Under certain circumstances one of the pointers held by a XUL tree selection could be freed and then later reused, potentially resulting in the execution of attacker-controlled memory. MFSA 2010-55 / CVE-2010-3168: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that XUL <tree> objects could be manipulated such that the setting of certain properties on the object would trigger the removal of the tree from the DOM and cause certain sections of deleted memory to be accessed. In products based on Gecko version 1.9.2 (Firefox 3.6, Thunderbird 3.1) and newer this memory has been overwritten by a value that will cause an unexploitable crash. In products based on Gecko version 1.9.1 (Firefox 3.5, Thunderbird 3.0, and SeaMonkey 2.0) and older an attacker could potentially use this vulnerability to crash a victim's browser and run arbitrary code on their computer. MFSA 2010-56 / CVE-2010-3167: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that the implementation of XUL <tree>'s content view contains a dangling pointer vulnerability. One of the content view's methods for accessing the internal structure of the tree could be manipulated into removing a node prior to accessing it, resulting in the accessing of deleted memory. If an attacker can control the contents of the deleted memory prior to its access they could use this vulnerability to run arbitrary code on a victim's machine. MFSA 2010-57 / CVE-2010-2766: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that code used to normalize a document contained a logical flaw that could be leveraged to run arbitrary code. When the normalization code ran, a static count of the document's child nodes was used in the traversal, so a page could be constructed that would remove DOM nodes during this normalization which could lead to the accessing of a deleted object and potentially the execution of attacker-controlled memory. MFSA 2010-58 / CVE-2010-2770: Security researcher Marc Schoenefeld reported that a specially crafted font could be applied to a document and cause a crash on Mac systems. The crash showed signs of memory corruption and presumably could be used by an attacker to execute arbitrary code on a victim's computer. This issue probably does not affect the Linux builds and so is listed for completeness. MFSA 2010-59 / CVE-2010-2762: Mozilla developer Blake Kaplan reported that the wrapper class XPCSafeJSObjectWrapper (SJOW), a security wrapper that allows content-defined objects to be safely accessed by privileged code, creates scope chains ending in outer objects. Users of SJOWs which expect the scope chain to end on an inner object may be handed a chrome privileged object which could be leveraged to run arbitrary JavaScript with chrome privileges. Michal Zalewski's recent contributions helped to identify this architectural weakness. MFSA 2010-60 / CVE-2010-2763: Mozilla security researcher moz_bug_r_a4 reported that the wrapper class XPCSafeJSObjectWrapper (SJOW) on the Mozilla 1.9.1 development branch has a logical error in its scripted function implementation that allows the caller to run the function within the context of another site. This is a violation of the same-origin policy and could be used to mount an XSS attack. MFSA 2010-61 / CVE-2010-2768: Security researchers David Huang and Collin Jackson of Carnegie Mellon University CyLab (Silicon Valley campus) reported that the type attribute of an <object> tag can override the charset of a framed HTML document, even when the document is included across origins. A page could be constructed containing such an <object> tag which sets the charset of the framed document to UTF-7. This could potentially allow an attacker to inject UTF-7 encoded JavaScript into a site, bypassing the site's XSS filters, and then executing the code using the above technique. MFSA 2010-62 / CVE-2010-2769: Security researcher Paul Stone reported that when an HTML selection containing JavaScript is copy-and-pasted or dropped onto a document with designMode enabled the JavaScript will be executed within the context of the site where the code was dropped. A malicious site could leverage this issue in an XSS attack by persuading a user into taking such an action and in the process running malicious JavaScript within the context of another site. MFSA 2010-63 / CVE-2010-2764: Matt Haggard reported that the statusText property of an XMLHttpRequest object is readable by the requestor even when the request is made across origins. This status information reveals the presence of a web server and could be used to gather information about servers on internal private networks. This issue was also independently reported to Mozilla by Nicholas Berthaume" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=637303" ); script_set_attribute( attribute:"solution", value:"Update the affected mozilla-xulrunner191 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner191"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-other"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-xpcom191"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1"); script_set_attribute(attribute:"patch_publication_date", value:"2010/09/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.1", reference:"mozilla-xulrunner191-1.9.1.13-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"mozilla-xulrunner191-devel-1.9.1.13-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"mozilla-xulrunner191-gnomevfs-1.9.1.13-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"mozilla-xulrunner191-translations-common-1.9.1.13-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"mozilla-xulrunner191-translations-other-1.9.1.13-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"python-xpcom191-1.9.1.13-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.1", cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.13-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.1", cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.13-0.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mozilla-xulrunner191"); }
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_4A21CE2CBB1311DF8E32000F20797EDE.NASL description The Mozilla Project reports : MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12) MFSA 2010-50 Frameset integer overflow vulnerability MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array MFSA 2010-52 Windows XP DLL loading vulnerability MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection MFSA 2010-55 XUL tree removal crash and remote code execution MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView MFSA 2010-57 Crash and remote code execution in normalizeDocument MFSA 2010-58 Crash on Mac using fuzzed font in data: URL MFSA 2010-59 SJOW creates scope chains ending in outer object MFSA 2010-60 XSS using SJOW scripted function MFSA 2010-61 UTF-7 XSS by overriding document charset using object type attribute MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS MFSA 2010-63 Information leak via XMLHttpRequest statusText last seen 2020-06-01 modified 2020-06-02 plugin id 49166 published 2010-09-09 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49166 title FreeBSD : mozilla -- multiple vulnerabilities (4a21ce2c-bb13-11df-8e32-000f20797ede) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0681.NASL description From Red Hat Security Advisory 2010:0681 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3169, CVE-2010-2762) Several use-after-free and dangling pointer flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2760, CVE-2010-2766, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) Multiple buffer overflow flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2765, CVE-2010-3166) Multiple cross-site scripting (XSS) flaws were found in Firefox. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2010-2768, CVE-2010-2769) A flaw was found in the Firefox XMLHttpRequest object. A remote site could use this flaw to gather information about servers on an internal private network. (CVE-2010-2764) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.9. You can find a link to the Mozilla advisories in the References section of this erratum. Note: After installing this update, Firefox will fail to connect (with HTTPS) to a server using the SSL DHE (Diffie-Hellman Ephemeral) key exchange if the server last seen 2020-06-01 modified 2020-06-02 plugin id 68098 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68098 title Oracle Linux 4 / 5 : firefox (ELSA-2010-0681) NASL family Windows NASL id MOZILLA_THUNDERBIRD_307.NASL description The installed version of Thunderbird is earlier than 3.0.7. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could lead to memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-49) - An integer overflow vulnerability in HTML frameset element implementation could lead to arbitrary code execution. (MFSA 2010-50) - A dangling pointer vulnerability in last seen 2020-06-01 modified 2020-06-02 plugin id 49147 published 2010-09-08 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49147 title Mozilla Thunderbird < 3.0.7 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_MOZILLAFIREFOX-100921.NASL description Mozilla Firefox 3.6 was updated to version 3.6.10, fixing various bugs and security issues. The following security issues were fixed : - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-49 / CVE-2010-3169) - Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. (MFSA 2010-50 / CVE-2010-2765) - Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 50875 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50875 title SuSE 11 / 11.1 Security Update : Mozilla Firefox (SAT Patch Numbers 3159 / 3160) NASL family Scientific Linux Local Security Checks NASL id SL_20100907_THUNDERBIRD_ON_SL4_X.NASL description Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3169) A buffer overflow flaw was found in Thunderbird. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-2765) A use-after-free flaw and several dangling pointer flaws were found in Thunderbird. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) A cross-site scripting (XSS) flaw was found in Thunderbird. Remote HTML content could cause Thunderbird to execute JavaScript code with the permissions of different remote HTML content. (CVE-2010-2768) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. All running instances of Thunderbird must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60855 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60855 title Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_11_1_MOZILLA-XULRUNNER191-101028.NASL description This update brings Mozilla XULRunner to version 1.9.1.15, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 50462 published 2010-11-03 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50462 title openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421) NASL family SuSE Local Security Checks NASL id SUSE_11_3_MOZILLA-XULRUNNER191-101028.NASL description This update brings Mozilla XULRunner to version 1.9.1.15, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 75671 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/75671 title openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421) NASL family SuSE Local Security Checks NASL id SUSE_11_2_MOZILLA-XULRUNNER191-101028.NASL description This update brings Mozilla XULRunner to version 1.9.1.15, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 50466 published 2010-11-03 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50466 title openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0682.NASL description From Red Hat Security Advisory 2010:0682 : An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3169) A buffer overflow flaw was found in Thunderbird. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-2765) A use-after-free flaw and several dangling pointer flaws were found in Thunderbird. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) A cross-site scripting (XSS) flaw was found in Thunderbird. Remote HTML content could cause Thunderbird to execute JavaScript code with the permissions of different remote HTML content. (CVE-2010-2768) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68099 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68099 title Oracle Linux 4 : thunderbird (ELSA-2010-0682) NASL family SuSE Local Security Checks NASL id SUSE_11_2_SEAMONKEY-100917.NASL description Mozilla SeaMonkey 2.0 was updated to version 2.0.8, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 49282 published 2010-09-20 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49282 title openSUSE Security Update : seamonkey (openSUSE-SU-2010:0632-2) NASL family SuSE Local Security Checks NASL id SUSE_11_3_SEAMONKEY-100917.NASL description Mozilla SeaMonkey 2.0 was updated to version 2.0.8, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 75732 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75732 title openSUSE Security Update : seamonkey (openSUSE-SU-2010:0632-2) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0547.NASL description From Red Hat Security Advisory 2010:0547 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212, CVE-2010-1214, CVE-2010-1215, CVE-2010-2752, CVE-2010-2753) A memory corruption flaw was found in the way Firefox decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1205) Several same-origin policy bypass flaws were found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with Firefox. (CVE-2010-0654, CVE-2010-1207, CVE-2010-1213, CVE-2010-2754) A flaw was found in the way Firefox presented the location bar to a user. A malicious website could trick a user into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker. (CVE-2010-1206) A flaw was found in the way Firefox displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) A flaw was found in the way Firefox displayed certain malformed characters. A malicious web page could use this flaw to bypass certain string sanitization methods, allowing it to display malicious information to users. (CVE-2010-1210) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.7. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.7, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68068 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68068 title Oracle Linux 4 / 5 : firefox (ELSA-2010-0547) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0546.NASL description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1211, CVE-2010-2753, CVE-2010-1214) A memory corruption flaw was found in the way SeaMonkey decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1205) A same-origin policy bypass flaw was found in SeaMonkey. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with SeaMonkey. (CVE-2010-2754) A flaw was found in the way SeaMonkey displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 48342 published 2010-08-17 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48342 title CentOS 3 : seamonkey (CESA-2010:0546) NASL family Windows NASL id MOZILLA_THUNDERBIRD_313.NASL description The installed version of Thunderbird 3.1 is earlier than 3.1.3. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could lead to memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-49) - An integer overflow vulnerability in HTML frameset element implementation could lead to arbitrary code execution. (MFSA 2010-50) - A dangling pointer vulnerability in last seen 2020-06-01 modified 2020-06-02 plugin id 49148 published 2010-09-08 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49148 title Mozilla Thunderbird 3.1 < 3.1.3 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0680.NASL description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3169) A buffer overflow flaw was found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-2765) A use-after-free flaw and several dangling pointer flaws were found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) A cross-site scripting (XSS) flaw was found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to run JavaScript code with the permissions of a different website. (CVE-2010-2768) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 49132 published 2010-09-08 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49132 title RHEL 3 / 4 : seamonkey (RHSA-2010:0680) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0682.NASL description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3169) A buffer overflow flaw was found in Thunderbird. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-2765) A use-after-free flaw and several dangling pointer flaws were found in Thunderbird. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) A cross-site scripting (XSS) flaw was found in Thunderbird. Remote HTML content could cause Thunderbird to execute JavaScript code with the permissions of different remote HTML content. (CVE-2010-2768) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 49133 published 2010-09-08 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49133 title RHEL 4 / 5 : thunderbird (RHSA-2010:0682) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-958-1.NASL description Several flaws were discovered in the browser engine of Thunderbird. If a user were tricked into viewing malicious content, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-1211, CVE-2010-1212) An integer overflow was discovered in how Thunderbird processed CSS values. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752) An integer overflow was discovered in how Thunderbird interpreted the XUL element. If a user were tricked into viewing malicious content, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753) Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205) Yosuke Hasegawa discovered that the same-origin check in Thunderbird could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing malicious content, an attacker could exploit this to read data from other domains. (CVE-2010-1213) Chris Evans discovered that Thunderbird did not properly process improper CSS selectors. If a user were tricked into viewing malicious content, an attacker could exploit this to read data from other domains. (CVE-2010-0654) Soroush Dalili discovered that Thunderbird did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47857 published 2010-07-27 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47857 title Ubuntu 10.04 LTS : thunderbird vulnerabilities (USN-958-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2106.NASL description Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-2760, CVE-2010-3167, CVE-2010-3168 Implementation errors in XUL processing allow the execution of arbitrary code. - CVE-2010-2763 An implementation error in the XPCSafeJSObjectWrapper wrapper allows the bypass of the same origin policy. - CVE-2010-2765 An integer overflow in frame handling allows the execution of arbitrary code. - CVE-2010-2766 An implementation error in DOM handling allows the execution of arbitrary code. - CVE-2010-2767 Incorrect pointer handling in the plugin code allow the execution of arbitrary code. - CVE-2010-2768 Incorrect handling of an object tag may lead to the bypass of cross site scripting filters. - CVE-2010-2769 Incorrect copy and paste handling could lead to cross site scripting. - CVE-2010-3169 Crashes in the layout engine may lead to the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 49151 published 2010-09-09 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49151 title Debian DSA-2106-1 : xulrunner - several vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-975-1.NASL description Several dangling pointer vulnerabilities were discovered in Firefox. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167) Blake Kaplan and Michal Zalewski discovered several weaknesses in the XPCSafeJSObjectWrapper (SJOW) security wrapper. If a user were tricked into viewing a malicious site, a remote attacker could use this to run arbitrary JavaScript with chrome privileges. (CVE-2010-2762) Matt Haggard discovered that Firefox did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. If a user were tricked into viewing a malicious site, a remote attacker could use this to gather information about servers on internal private networks. (CVE-2010-2764) Chris Rohlf discovered an integer overflow when Firefox processed the HTML frameset element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2765) Several issues were discovered in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2766, CVE-2010-3168) David Huang and Collin Jackson discovered that the <object> tag could override the charset of a framed HTML document in another origin. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2768) Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2769) A buffer overflow was discovered in Firefox when processing text runs. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3166) Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3169). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49169 published 2010-09-09 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49169 title Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 vulnerabilities (USN-975-1) NASL family SuSE Local Security Checks NASL id SUSE_11_1_MOZILLAFIREFOX-100916.NASL description Mozilla Firefox was updated to version 3.6.10, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 49279 published 2010-09-20 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49279 title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0632-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0547.NASL description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212, CVE-2010-1214, CVE-2010-1215, CVE-2010-2752, CVE-2010-2753) A memory corruption flaw was found in the way Firefox decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1205) Several same-origin policy bypass flaws were found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with Firefox. (CVE-2010-0654, CVE-2010-1207, CVE-2010-1213, CVE-2010-2754) A flaw was found in the way Firefox presented the location bar to a user. A malicious website could trick a user into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker. (CVE-2010-1206) A flaw was found in the way Firefox displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) A flaw was found in the way Firefox displayed certain malformed characters. A malicious web page could use this flaw to bypass certain string sanitization methods, allowing it to display malicious information to users. (CVE-2010-1210) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.7. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.7, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 47806 published 2010-07-23 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47806 title CentOS 4 / 5 : firefox (CESA-2010:0547) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0547.NASL description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212, CVE-2010-1214, CVE-2010-1215, CVE-2010-2752, CVE-2010-2753) A memory corruption flaw was found in the way Firefox decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1205) Several same-origin policy bypass flaws were found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with Firefox. (CVE-2010-0654, CVE-2010-1207, CVE-2010-1213, CVE-2010-2754) A flaw was found in the way Firefox presented the location bar to a user. A malicious website could trick a user into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker. (CVE-2010-1206) A flaw was found in the way Firefox displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) A flaw was found in the way Firefox displayed certain malformed characters. A malicious web page could use this flaw to bypass certain string sanitization methods, allowing it to display malicious information to users. (CVE-2010-1210) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.7. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.7, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 47881 published 2010-07-28 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47881 title RHEL 4 / 5 : firefox (RHSA-2010:0547) NASL family SuSE Local Security Checks NASL id SUSE_11_1_MOZILLATHUNDERBIRD-100916.NASL description Mozilla Thunderbird 3.0 was updated to version 3.0.7, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 49944 published 2010-10-12 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49944 title openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3154) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0545.NASL description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A memory corruption flaw was found in the way Thunderbird decoded certain PNG images. An attacker could create a mail message containing a specially crafted PNG image that, when opened, could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1205) Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the last seen 2020-06-01 modified 2020-06-02 plugin id 63939 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63939 title RHEL 5 : thunderbird (RHSA-2010:0545) NASL family Windows NASL id MOZILLA_FIREFOX_3512.NASL description The installed version of Firefox is earlier than 3.5.12. Such versions are potentially affected by the following security issues : - The pseudo-random number generator is only seeded once per browsing session and last seen 2020-06-01 modified 2020-06-02 plugin id 49145 published 2010-09-08 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49145 title Firefox < 3.5.12 Multiple Vulnerabilities NASL family Windows NASL id SEAMONKEY_207.NASL description The installed version of SeaMonkey is earlier than 2.0.7. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could lead to memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-49) - An integer overflow vulnerability in HTML frameset element implementation could lead to arbitrary code execution. (MFSA 2010-50) - A dangling pointer vulnerability in last seen 2020-06-01 modified 2020-06-02 plugin id 49149 published 2010-09-08 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49149 title SeaMonkey < 2.0.7 Multiple Vulnerabilities NASL family Windows NASL id MOZILLA_FIREFOX_369.NASL description The installed version of Firefox 3.6 is earlier than 3.6.9. Such versions are potentially affected by the following security issues : - The pseudo-random number generator is only seeded once per browsing session and last seen 2020-06-01 modified 2020-06-02 plugin id 49146 published 2010-09-08 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49146 title Firefox 3.6 < 3.6.9 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-7208.NASL description This update brings Mozilla Firefox to version 3.5.15, fixing various bugs and security issues. The following security issues were fixed : - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-49 / CVE-2010-3169) - Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. (MFSA 2010-50 / CVE-2010-2765) - Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 50488 published 2010-11-05 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50488 title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7208) NASL family SuSE Local Security Checks NASL id SUSE_11_3_MOZILLA-XULRUNNER191-100917.NASL description Mozilla XULRunner 1.9.1 was updated to version 1.9.1.13, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 75670 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/75670 title openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3141) NASL family SuSE Local Security Checks NASL id SUSE_11_MOZILLA-XULRUNNER191-101028.NASL description This update brings Mozilla XULRunner to version 1.9.1.14, fixing various bugs and security issues. The following security issues were fixed : - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-49 / CVE-2010-3169) - Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. (MFSA 2010-50 / CVE-2010-2765) - Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 50951 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50951 title SuSE 11 / 11.1 Security Update : Mozilla (SAT Patch Numbers 3417 / 3419) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0546.NASL description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1211, CVE-2010-2753, CVE-2010-1214) A memory corruption flaw was found in the way SeaMonkey decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1205) A same-origin policy bypass flaw was found in SeaMonkey. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with SeaMonkey. (CVE-2010-2754) A flaw was found in the way SeaMonkey displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 47880 published 2010-07-28 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47880 title RHEL 3 / 4 : seamonkey (RHSA-2010:0546) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0545.NASL description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A memory corruption flaw was found in the way Thunderbird decoded certain PNG images. An attacker could create a mail message containing a specially crafted PNG image that, when opened, could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1205) Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the last seen 2020-06-01 modified 2020-06-02 plugin id 47805 published 2010-07-23 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47805 title CentOS 5 : thunderbird (CESA-2010:0545) NASL family SuSE Local Security Checks NASL id SUSE_11_2_MOZILLA-XULRUNNER191-100917.NASL description Mozilla XULRunner 1.9.1 was updated to version 1.9.1.13, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 49947 published 2010-10-12 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49947 title openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3141) NASL family SuSE Local Security Checks NASL id SUSE_11_3_MOZILLATHUNDERBIRD-100916.NASL description Mozilla Thunderbird 3.0 was updated to version 3.0.7, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 75659 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/75659 title openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3154) NASL family SuSE Local Security Checks NASL id SUSE_11_2_MOZILLATHUNDERBIRD-100917.NASL description Mozilla Thunderbird 3.0 was updated to version 3.0.7, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 49946 published 2010-10-12 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49946 title openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3154) NASL family SuSE Local Security Checks NASL id SUSE_11_1_MOZILLATHUNDERBIRD-101021.NASL description This update brings Mozilla Thunderbird to version 3.0.9, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 50366 published 2010-10-28 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50366 title openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3378) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0681.NASL description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3169, CVE-2010-2762) Several use-after-free and dangling pointer flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2760, CVE-2010-2766, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) Multiple buffer overflow flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2765, CVE-2010-3166) Multiple cross-site scripting (XSS) flaws were found in Firefox. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2010-2768, CVE-2010-2769) A flaw was found in the Firefox XMLHttpRequest object. A remote site could use this flaw to gather information about servers on an internal private network. (CVE-2010-2764) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.9. You can find a link to the Mozilla advisories in the References section of this erratum. Note: After installing this update, Firefox will fail to connect (with HTTPS) to a server using the SSL DHE (Diffie-Hellman Ephemeral) key exchange if the server last seen 2020-06-01 modified 2020-06-02 plugin id 49182 published 2010-09-12 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49182 title CentOS 4 / 5 : firefox (CESA-2010:0681) NASL family SuSE Local Security Checks NASL id SUSE_11_2_MOZILLATHUNDERBIRD-101022.NASL description This update brings Mozilla Thunderbird to version 3.0.9, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 50372 published 2010-10-28 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50372 title openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3378) NASL family SuSE Local Security Checks NASL id SUSE_11_1_SEAMONKEY-101021.NASL description This update brings Mozilla SeaMonkey to version 2.0.9, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 50371 published 2010-10-28 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50371 title openSUSE Security Update : seamonkey (seamonkey-3372) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0680.NASL description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3169) A buffer overflow flaw was found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-2765) A use-after-free flaw and several dangling pointer flaws were found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) A cross-site scripting (XSS) flaw was found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to run JavaScript code with the permissions of a different website. (CVE-2010-2768) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 49181 published 2010-09-12 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49181 title CentOS 3 / 4 : seamonkey (CESA-2010:0680) NASL family SuSE Local Security Checks NASL id SUSE_11_2_MOZILLAFIREFOX-100916.NASL description Mozilla Firefox was updated to version 3.6.10, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 49281 published 2010-09-20 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49281 title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0632-1) NASL family SuSE Local Security Checks NASL id SUSE_11_3_MOZILLAFIREFOX-100916.NASL description Mozilla Firefox was updated to version 3.6.10, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 75647 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75647 title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0632-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201301-01.NASL description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 63402 published 2013-01-08 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63402 title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) NASL family SuSE Local Security Checks NASL id SUSE_11_3_SEAMONKEY-101021.NASL description This update brings Mozilla SeaMonkey to version 2.0.9, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 75733 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/75733 title openSUSE Security Update : seamonkey (seamonkey-3372) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-978-2.NASL description USN-978-1 fixed vulnerabilities in Thunderbird. Some users reported stability problems under certain circumstances. This update fixes the problem. We apologize for the inconvenience. Several dangling pointer vulnerabilities were discovered in Thunderbird. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167) It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper did not always honor the same-origin policy. If JavaScript was enabled, an attacker could exploit this to run untrusted JavaScript from other domains. (CVE-2010-2763) Matt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. If a user were tricked into viewing a malicious site, a remote attacker could use this to gather information about servers on internal private networks. (CVE-2010-2764) Chris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-2765) Several issues were discovered in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-2766, CVE-2010-3168) David Huang and Collin Jackson discovered that the <object> tag could override the charset of a framed HTML document in another origin. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2768) Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. If JavaScript was enabled, an attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2769) A buffer overflow was discovered in Thunderbird when processing text runs. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-3166) Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-3169). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49269 published 2010-09-17 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49269 title Ubuntu 10.04 LTS : thunderbird regression (USN-978-2) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-173.NASL description Security issues were identified and fixed in firefox and mozilla-thinderbird : Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests (CVE-2010-2764). Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled (CVE-2010-2769). Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document last seen 2020-06-01 modified 2020-06-02 plugin id 49202 published 2010-09-12 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49202 title Mandriva Linux Security Advisory : firefox (MDVSA-2010:173) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0680.NASL description From Red Hat Security Advisory 2010:0680 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3169) A buffer overflow flaw was found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-2765) A use-after-free flaw and several dangling pointer flaws were found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) A cross-site scripting (XSS) flaw was found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to run JavaScript code with the permissions of a different website. (CVE-2010-2768) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68097 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68097 title Oracle Linux 3 / 4 : seamonkey (ELSA-2010-0680) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0546.NASL description From Red Hat Security Advisory 2010:0546 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1211, CVE-2010-2753, CVE-2010-1214) A memory corruption flaw was found in the way SeaMonkey decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1205) A same-origin policy bypass flaw was found in SeaMonkey. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with SeaMonkey. (CVE-2010-2754) A flaw was found in the way SeaMonkey displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68067 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68067 title Oracle Linux 3 / 4 : seamonkey (ELSA-2010-0546) NASL family SuSE Local Security Checks NASL id SUSE_11_3_MOZILLATHUNDERBIRD-101021.NASL description This update brings Mozilla Thunderbird to version 3.0.9, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 75660 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/75660 title openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3378) NASL family SuSE Local Security Checks NASL id SUSE_11_2_SEAMONKEY-101021.NASL description This update brings Mozilla SeaMonkey to version 2.0.9, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 50376 published 2010-10-28 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50376 title openSUSE Security Update : seamonkey (seamonkey-3372) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0682.NASL description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3169) A buffer overflow flaw was found in Thunderbird. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-2765) A use-after-free flaw and several dangling pointer flaws were found in Thunderbird. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) A cross-site scripting (XSS) flaw was found in Thunderbird. Remote HTML content could cause Thunderbird to execute JavaScript code with the permissions of different remote HTML content. (CVE-2010-2768) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 49183 published 2010-09-12 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49183 title CentOS 4 / 5 : thunderbird (CESA-2010:0682) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-978-1.NASL description Several dangling pointer vulnerabilities were discovered in Thunderbird. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167) It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper did not always honor the same-origin policy. If JavaScript was enabled, an attacker could exploit this to run untrusted JavaScript from other domains. (CVE-2010-2763) Matt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. If a user were tricked into viewing a malicious site, a remote attacker could use this to gather information about servers on internal private networks. (CVE-2010-2764) Chris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-2765) Several issues were discovered in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-2766, CVE-2010-3168) David Huang and Collin Jackson discovered that the <object> tag could override the charset of a framed HTML document in another origin. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2768) Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. If JavaScript was enabled, an attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2769) A buffer overflow was discovered in Thunderbird when processing text runs. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-3166) Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-3169). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49170 published 2010-09-09 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49170 title Ubuntu 10.04 LTS : thunderbird vulnerabilities (USN-978-1)
Oval
accepted | 2014-10-06T04:00:23.365-04:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
description | Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a "dangling pointer vulnerability." NOTE: this issue exists because of an incomplete fix for CVE-2010-2753. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:11799 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
submitted | 2010-09-10T17:30:00.000-05:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
title | Mozilla Multiple Products nsTreeSelection Selection Range Calculation Overflow | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
version | 39 |
Redhat
rpms |
|
References
- http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
- http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html
- http://secunia.com/advisories/42867
- http://secunia.com/advisories/42867
- http://support.avaya.com/css/P8/documents/100110210
- http://support.avaya.com/css/P8/documents/100110210
- http://support.avaya.com/css/P8/documents/100112690
- http://support.avaya.com/css/P8/documents/100112690
- http://www.debian.org/security/2010/dsa-2106
- http://www.debian.org/security/2010/dsa-2106
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:173
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:173
- http://www.mozilla.org/security/announce/2010/mfsa2010-54.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-54.html
- http://www.vupen.com/english/advisories/2010/2323
- http://www.vupen.com/english/advisories/2010/2323
- http://www.vupen.com/english/advisories/2011/0061
- http://www.vupen.com/english/advisories/2011/0061
- https://bugzilla.mozilla.org/show_bug.cgi?id=585815
- https://bugzilla.mozilla.org/show_bug.cgi?id=585815
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61660
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61660
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11799
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11799