Vulnerabilities > CVE-2010-2762 - Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Thunderbird

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
mozilla
CWE-264
nessus

Summary

The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Accessing, Modifying or Executing Executable Files
    An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Blue Boxing
    This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.
  • Restful Privilege Elevation
    Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
  • Target Programs with Elevated Privileges
    This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-975-2.NASL
    descriptionUSN-975-1 fixed vulnerabilities in Firefox and Xulrunner. Some users reported stability problems under certain circumstances. This update fixes the problem. We apologize for the inconvenience. Several dangling pointer vulnerabilities were discovered in Firefox. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167) Blake Kaplan and Michal Zalewski discovered several weaknesses in the XPCSafeJSObjectWrapper (SJOW) security wrapper. If a user were tricked into viewing a malicious site, a remote attacker could use this to run arbitrary JavaScript with chrome privileges. (CVE-2010-2762) Matt Haggard discovered that Firefox did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. If a user were tricked into viewing a malicious site, a remote attacker could use this to gather information about servers on internal private networks. (CVE-2010-2764) Chris Rohlf discovered an integer overflow when Firefox processed the HTML frameset element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2765) Several issues were discovered in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2766, CVE-2010-3168) David Huang and Collin Jackson discovered that the <object> tag could override the charset of a framed HTML document in another origin. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2768) Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2769) A buffer overflow was discovered in Firefox when processing text runs. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3166) Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3169). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49268
    published2010-09-17
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49268
    titleUbuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 regression (USN-975-2)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-975-2. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(49268);
      script_version("1.11");
      script_cvs_date("Date: 2019/09/19 12:54:26");
    
      script_cve_id("CVE-2010-2760", "CVE-2010-2762", "CVE-2010-2764", "CVE-2010-2765", "CVE-2010-2766", "CVE-2010-2767", "CVE-2010-2768", "CVE-2010-2769", "CVE-2010-3166", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-3169");
      script_xref(name:"USN", value:"975-2");
    
      script_name(english:"Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 regression (USN-975-2)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-975-1 fixed vulnerabilities in Firefox and Xulrunner. Some users
    reported stability problems under certain circumstances. This update
    fixes the problem.
    
    We apologize for the inconvenience.
    
    Several dangling pointer vulnerabilities were discovered in Firefox.
    An attacker could exploit this to crash the browser or possibly run
    arbitrary code as the user invoking the program. (CVE-2010-2760,
    CVE-2010-2767, CVE-2010-3167)
    
    Blake Kaplan and Michal Zalewski discovered several
    weaknesses in the XPCSafeJSObjectWrapper (SJOW) security
    wrapper. If a user were tricked into viewing a malicious
    site, a remote attacker could use this to run arbitrary
    JavaScript with chrome privileges. (CVE-2010-2762)
    
    Matt Haggard discovered that Firefox did not honor
    same-origin policy when processing the statusText property
    of an XMLHttpRequest object. If a user were tricked into
    viewing a malicious site, a remote attacker could use this
    to gather information about servers on internal private
    networks. (CVE-2010-2764)
    
    Chris Rohlf discovered an integer overflow when Firefox
    processed the HTML frameset element. If a user were tricked
    into viewing a malicious site, a remote attacker could use
    this to crash the browser or possibly run arbitrary code as
    the user invoking the program. (CVE-2010-2765)
    
    Several issues were discovered in the browser engine. If a
    user were tricked into viewing a malicious site, a remote
    attacker could use this to crash the browser or possibly run
    arbitrary code as the user invoking the program.
    (CVE-2010-2766, CVE-2010-3168)
    
    David Huang and Collin Jackson discovered that the <object>
    tag could override the charset of a framed HTML document in
    another origin. An attacker could utilize this to perform
    cross-site scripting attacks. (CVE-2010-2768)
    
    Paul Stone discovered that with designMode enabled an HTML
    selection containing JavaScript could be copied and pasted
    into a document and have the JavaScript execute within the
    context of the site where the code was dropped. An attacker
    could utilize this to perform cross-site scripting attacks.
    (CVE-2010-2769)
    
    A buffer overflow was discovered in Firefox when processing
    text runs. If a user were tricked into viewing a malicious
    site, a remote attacker could use this to crash the browser
    or possibly run arbitrary code as the user invoking the
    program. (CVE-2010-3166)
    
    Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor
    Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered
    several flaws in the browser engine. If a user were tricked
    into viewing a malicious site, a remote attacker could use
    this to crash the browser or possibly run arbitrary code as
    the user invoking the program. (CVE-2010-3169).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/975-2/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0-branding");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.1-branding");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.5-branding");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-branding");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-2-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-2-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-2-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-2-gnome-support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-2-libthai");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-branding");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-gnome-support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-venkman");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-branding");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-gnome-support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-branding");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-gnome-support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-branding");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-gnome-support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-libthai");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-mozsymbols");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-gnome-support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-gnome-support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-testsuite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-testsuite-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-gnome-support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-testsuite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2-testsuite-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-dev");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/09/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/09/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(8\.04|9\.04|9\.10|10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 9.04 / 9.10 / 10.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"8.04", pkgname:"abrowser", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"abrowser-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-3.0", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-3.0-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-3.0-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-gnome-support-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-granparadiso", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-granparadiso-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-granparadiso-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-libthai", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-trunk", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-trunk-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"firefox-trunk-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9.2", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9.2-dbg", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9.2-dev", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9.2-gnome-support", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9.2-testsuite", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9.2-testsuite-dev", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-dev", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.8.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"abrowser", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"abrowser-3.0-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"abrowser-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"firefox", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"firefox-2", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"firefox-2-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"firefox-2-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"firefox-2-dom-inspector", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"firefox-2-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"firefox-2-libthai", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"firefox-3.0", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"firefox-3.0-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"firefox-3.0-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"firefox-3.0-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"firefox-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"firefox-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"firefox-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"firefox-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"firefox-gnome-support-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"firefox-granparadiso", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"firefox-granparadiso-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"firefox-granparadiso-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"firefox-libthai", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"firefox-trunk", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"firefox-trunk-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"firefox-trunk-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"xulrunner-1.9.2", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"xulrunner-1.9.2-dbg", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"xulrunner-1.9.2-dev", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"xulrunner-1.9.2-gnome-support", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"xulrunner-1.9.2-testsuite", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"xulrunner-1.9.2-testsuite-dev", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"xulrunner-dev", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.04.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"abrowser", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"abrowser-3.0", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"abrowser-3.0-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"abrowser-3.1", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"abrowser-3.1-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"abrowser-3.5", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"abrowser-3.5-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"abrowser-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-2", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-2-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-2-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-2-dom-inspector", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-2-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-2-libthai", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.0", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.0-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.0-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.0-dom-inspector", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.0-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.0-venkman", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.1", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.1-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.1-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.1-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.1-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.5", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.5-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.5-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.5-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.5-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-dom-inspector", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-gnome-support-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.1", pkgver:"1.9.1.13+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.1-dbg", pkgver:"1.9.1.13+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.1-dev", pkgver:"1.9.1.13+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.1-gnome-support", pkgver:"1.9.1.13+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.1-testsuite", pkgver:"1.9.1.13+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.1-testsuite-dev", pkgver:"1.9.1.13+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.2", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.2-dbg", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.2-dev", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.2-gnome-support", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.2-testsuite", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.2-testsuite-dev", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-dev", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"abrowser", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"abrowser-3.5", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"abrowser-3.5-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"abrowser-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"firefox", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"firefox-2", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"firefox-2-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"firefox-2-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"firefox-2-dom-inspector", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"firefox-2-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"firefox-2-libthai", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"firefox-3.0", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"firefox-3.0-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"firefox-3.0-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"firefox-3.5", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"firefox-3.5-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"firefox-3.5-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"firefox-3.5-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"firefox-3.5-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"firefox-branding", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"firefox-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"firefox-dev", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"firefox-gnome-support", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"firefox-gnome-support-dbg", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"firefox-mozsymbols", pkgver:"3.6.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"xulrunner-1.9", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"xulrunner-1.9.2", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"xulrunner-1.9.2-dbg", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"xulrunner-1.9.2-dev", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"xulrunner-1.9.2-gnome-support", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"xulrunner-1.9.2-testsuite", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"xulrunner-1.9.2-testsuite-dev", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"xulrunner-dev", pkgver:"1.9.2.10+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "abrowser / abrowser-3.0 / abrowser-3.0-branding / abrowser-3.1 / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0681.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3169, CVE-2010-2762) Several use-after-free and dangling pointer flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2760, CVE-2010-2766, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) Multiple buffer overflow flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2765, CVE-2010-3166) Multiple cross-site scripting (XSS) flaws were found in Firefox. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2010-2768, CVE-2010-2769) A flaw was found in the Firefox XMLHttpRequest object. A remote site could use this flaw to gather information about servers on an internal private network. (CVE-2010-2764) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.9. You can find a link to the Mozilla advisories in the References section of this erratum. Note: After installing this update, Firefox will fail to connect (with HTTPS) to a server using the SSL DHE (Diffie-Hellman Ephemeral) key exchange if the server
    last seen2020-06-01
    modified2020-06-02
    plugin id53540
    published2011-04-23
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53540
    titleRHEL 4 / 5 : firefox (RHSA-2010:0681)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2010:0681. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(53540);
      script_version ("1.24");
      script_cvs_date("Date: 2019/10/25 13:36:15");
    
      script_cve_id("CVE-2010-2753", "CVE-2010-2760", "CVE-2010-2762", "CVE-2010-2763", "CVE-2010-2764", "CVE-2010-2765", "CVE-2010-2766", "CVE-2010-2767", "CVE-2010-2768", "CVE-2010-2769", "CVE-2010-2770", "CVE-2010-3166", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-3169");
      script_bugtraq_id(43045);
      script_xref(name:"RHSA", value:"2010:0681");
    
      script_name(english:"RHEL 4 / 5 : firefox (RHSA-2010:0681)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated firefox packages that fix several security issues are now
    available for Red Hat Enterprise Linux 4 and 5.
    
    The Red Hat Security Response Team has rated this update as having
    critical security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    Mozilla Firefox is an open source web browser. XULRunner provides the
    XUL Runtime environment for Mozilla Firefox.
    
    Several flaws were found in the processing of malformed web content. A
    web page containing malicious content could cause Firefox to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running Firefox. (CVE-2010-3169, CVE-2010-2762)
    
    Several use-after-free and dangling pointer flaws were found in
    Firefox. A web page containing malicious content could cause Firefox
    to crash or, potentially, execute arbitrary code with the privileges
    of the user running Firefox. (CVE-2010-2760, CVE-2010-2766,
    CVE-2010-2767, CVE-2010-3167, CVE-2010-3168)
    
    Multiple buffer overflow flaws were found in Firefox. A web page
    containing malicious content could cause Firefox to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running Firefox. (CVE-2010-2765, CVE-2010-3166)
    
    Multiple cross-site scripting (XSS) flaws were found in Firefox. A web
    page containing malicious content could cause Firefox to run
    JavaScript code with the permissions of a different website.
    (CVE-2010-2768, CVE-2010-2769)
    
    A flaw was found in the Firefox XMLHttpRequest object. A remote site
    could use this flaw to gather information about servers on an internal
    private network. (CVE-2010-2764)
    
    For technical details regarding these flaws, refer to the Mozilla
    security advisories for Firefox 3.6.9. You can find a link to the
    Mozilla advisories in the References section of this erratum.
    
    Note: After installing this update, Firefox will fail to connect (with
    HTTPS) to a server using the SSL DHE (Diffie-Hellman Ephemeral) key
    exchange if the server's ephemeral key is too small. Connecting to
    such servers is a security risk as an ephemeral key that is too small
    makes the SSL connection vulnerable to attack. Refer to the Solution
    section for further information.
    
    All Firefox users should upgrade to these updated packages, which
    contain Firefox version 3.6.9, which corrects these issues. After
    installing the update, Firefox must be restarted for the changes to
    take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-2760"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-2762"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-2764"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-2765"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-2766"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-2767"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-2768"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-2769"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-3166"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-3167"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-3168"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-3169"
      );
      # http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ab0bbddd"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2010:0681"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nspr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nspr-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-pkcs11-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xulrunner");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.8");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/07/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/09/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/04/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2010:0681";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", reference:"firefox-3.6.9-1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"nspr-4.8.6-1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"nspr-devel-4.8.6-1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"nss-3.12.7-1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"nss-devel-3.12.7-1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"nss-tools-3.12.7-1.el4")) flag++;
    
    
      if (rpm_check(release:"RHEL5", reference:"firefox-3.6.9-2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"nspr-4.8.6-1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"nspr-devel-4.8.6-1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"nss-3.12.7-2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"nss-devel-3.12.7-2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"nss-pkcs11-devel-3.12.7-2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"nss-tools-3.12.7-2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"nss-tools-3.12.7-2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"nss-tools-3.12.7-2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"xulrunner-1.9.2.9-1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"xulrunner-devel-1.9.2.9-1.el5")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / nspr / nspr-devel / nss / nss-devel / nss-pkcs11-devel / etc");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_SEAMONKEY-100917.NASL
    descriptionMozilla SeaMonkey 2.0 was updated to version 2.0.8, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id49280
    published2010-09-20
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49280
    titleopenSUSE Security Update : seamonkey (openSUSE-SU-2010:0632-2)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update seamonkey-3138.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(49280);
      script_version("1.10");
      script_cvs_date("Date: 2019/10/25 13:36:38");
    
      script_cve_id("CVE-2010-2753", "CVE-2010-2760", "CVE-2010-2762", "CVE-2010-2763", "CVE-2010-2764", "CVE-2010-2765", "CVE-2010-2766", "CVE-2010-2767", "CVE-2010-2768", "CVE-2010-2769", "CVE-2010-2770", "CVE-2010-3131", "CVE-2010-3166", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-3169");
    
      script_name(english:"openSUSE Security Update : seamonkey (openSUSE-SU-2010:0632-2)");
      script_summary(english:"Check for the seamonkey-3138 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Mozilla SeaMonkey 2.0 was updated to version 2.0.8, fixing various
    bugs and security issues.
    
    Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169:
    Mozilla developers identified and fixed several memory safety bugs in
    the browser engine used in Firefox and other Mozilla-based products.
    Some of these bugs showed evidence of memory corruption under certain
    circumstances, and we presume that with enough effort at least some of
    these could be exploited to run arbitrary code.
    
    MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of
    Matasano Security reported that the implementation of the HTML
    frameset element contained an integer overflow vulnerability. The code
    responsible for parsing the frameset columns used an 8-byte counter
    for the column numbers, so when a very large number of columns was
    passed in the counter would overflow. When this counter was
    subsequently used to allocate memory for the frameset, the memory
    buffer would be too small, potentially resulting in a heap buffer
    overflow and execution of attacker-controlled memory.
    
    MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov
    reported a dangling pointer vulnerability in the implementation of
    navigator.plugins in which the navigator object could retain a pointer
    to the plugins array even after it had been destroyed. An attacker
    could potentially use this issue to crash the browser and run
    arbitrary code on a victim's computer.
    
    MFSA 2010-52 / CVE-2010-3131: Security researcher Haifei Li of
    FortiGuard Labs reported that Firefox could be used to load a
    malicious code library that had been planted on a victim's computer.
    Firefox attempts to load dwmapi.dll upon startup as part of its
    platform detection, so on systems that don't have this library, such
    as Windows XP, Firefox will subsequently attempt to load the library
    from the current working directory. An attacker could use this
    vulnerability to trick a user into downloading a HTML file and a
    malicious copy of dwmapi.dll into the same directory on their computer
    and opening the HTML file with Firefox, thus causing the malicious
    code to be executed. If the attacker was on the same network as the
    victim, the malicious DLL could also be loaded via a UNC path. The
    attack also requires that Firefox not currently be running when it is
    asked to open the HTML file and accompanying DLL.
    
    As this is a Windows only problem, it does not affect the Linux
    version. It is listed for completeness only.
    
    MFSA 2010-53 / CVE-2010-3166: Security researcher wushi of team509
    reported a heap buffer overflow in code routines responsible for
    transforming text runs. A page could be constructed with a
    bidirectional text run which upon reflow could result in an incorrect
    length being calculated for the run of text. When this value is
    subsequently used to allocate memory for the text too small a buffer
    may be created potentially resulting in a buffer overflow and the
    execution of attacker controlled memory.
    
    MFSA 2010-54 / CVE-2010-2760: Security researcher regenrecht reported
    via TippingPoint's Zero Day Initiative that there was a remaining
    dangling pointer issue leftover from the fix to CVE-2010-2753. Under
    certain circumstances one of the pointers held by a XUL tree selection
    could be freed and then later reused, potentially resulting in the
    execution of attacker-controlled memory.
    
    MFSA 2010-55 / CVE-2010-3168: Security researcher regenrecht reported
    via TippingPoint's Zero Day Initiative that XUL <tree> objects could
    be manipulated such that the setting of certain properties on the
    object would trigger the removal of the tree from the DOM and cause
    certain sections of deleted memory to be accessed. In products based
    on Gecko version 1.9.2 (Firefox 3.6, Thunderbird 3.1) and newer this
    memory has been overwritten by a value that will cause an
    unexploitable crash. In products based on Gecko version 1.9.1 (Firefox
    3.5, Thunderbird 3.0, and SeaMonkey 2.0) and older an attacker could
    potentially use this vulnerability to crash a victim's browser and run
    arbitrary code on their computer.
    
    MFSA 2010-56 / CVE-2010-3167: Security researcher regenrecht reported
    via TippingPoint's Zero Day Initiative that the implementation of XUL
    <tree>'s content view contains a dangling pointer vulnerability. One
    of the content view's methods for accessing the internal structure of
    the tree could be manipulated into removing a node prior to accessing
    it, resulting in the accessing of deleted memory. If an attacker can
    control the contents of the deleted memory prior to its access they
    could use this vulnerability to run arbitrary code on a victim's
    machine.
    
    MFSA 2010-57 / CVE-2010-2766: Security researcher regenrecht reported
    via TippingPoint's Zero Day Initiative that code used to normalize a
    document contained a logical flaw that could be leveraged to run
    arbitrary code. When the normalization code ran, a static count of the
    document's child nodes was used in the traversal, so a page could be
    constructed that would remove DOM nodes during this normalization
    which could lead to the accessing of a deleted object and potentially
    the execution of attacker-controlled memory.
    
    MFSA 2010-58 / CVE-2010-2770: Security researcher Marc Schoenefeld
    reported that a specially crafted font could be applied to a document
    and cause a crash on Mac systems. The crash showed signs of memory
    corruption and presumably could be used by an attacker to execute
    arbitrary code on a victim's computer.
    
    This issue probably does not affect the Linux builds and so is listed
    for completeness.
    
    MFSA 2010-59 / CVE-2010-2762: Mozilla developer Blake Kaplan reported
    that the wrapper class XPCSafeJSObjectWrapper (SJOW), a security
    wrapper that allows content-defined objects to be safely accessed by
    privileged code, creates scope chains ending in outer objects. Users
    of SJOWs which expect the scope chain to end on an inner object may be
    handed a chrome privileged object which could be leveraged to run
    arbitrary JavaScript with chrome privileges.
    
    Michal Zalewski's recent contributions helped to identify this
    architectural weakness.
    
    MFSA 2010-60 / CVE-2010-2763: Mozilla security researcher moz_bug_r_a4
    reported that the wrapper class XPCSafeJSObjectWrapper (SJOW) on the
    Mozilla 1.9.1 development branch has a logical error in its scripted
    function implementation that allows the caller to run the function
    within the context of another site. This is a violation of the
    same-origin policy and could be used to mount an XSS attack.
    
    MFSA 2010-61 / CVE-2010-2768: Security researchers David Huang and
    Collin Jackson of Carnegie Mellon University CyLab (Silicon Valley
    campus) reported that the type attribute of an <object> tag can
    override the charset of a framed HTML document, even when the document
    is included across origins. A page could be constructed containing
    such an <object> tag which sets the charset of the framed document to
    UTF-7. This could potentially allow an attacker to inject UTF-7
    encoded JavaScript into a site, bypassing the site's XSS filters, and
    then executing the code using the above technique.
    
    MFSA 2010-62 / CVE-2010-2769: Security researcher Paul Stone reported
    that when an HTML selection containing JavaScript is copy-and-pasted
    or dropped onto a document with designMode enabled the JavaScript will
    be executed within the context of the site where the code was dropped.
    A malicious site could leverage this issue in an XSS attack by
    persuading a user into taking such an action and in the process
    running malicious JavaScript within the context of another site.
    
    MFSA 2010-63 / CVE-2010-2764: Matt Haggard reported that the
    statusText property of an XMLHttpRequest object is readable by the
    requestor even when the request is made across origins. This status
    information reveals the presence of a web server and could be used to
    gather information about servers on internal private networks.
    
    This issue was also independently reported to Mozilla by Nicholas
    Berthaume"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=637303"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2010-09/msg00032.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected seamonkey packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-irc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-venkman");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/09/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.1", reference:"seamonkey-2.0.8-0.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"seamonkey-dom-inspector-2.0.8-0.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"seamonkey-irc-2.0.8-0.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"seamonkey-venkman-2.0.8-0.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100907_FIREFOX_ON_SL4_X.NASL
    descriptionSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3169, CVE-2010-2762) Several use-after-free and dangling pointer flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2760, CVE-2010-2766, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) Multiple buffer overflow flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2765, CVE-2010-3166) Multiple cross-site scripting (XSS) flaws were found in Firefox. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2010-2768, CVE-2010-2769) A flaw was found in the Firefox XMLHttpRequest object. A remote site could use this flaw to gather information about servers on an internal private network. (CVE-2010-2764) Note: After installing this update, Firefox will fail to connect (with HTTPS) to a server using the SSL DHE (Diffie-Hellman Ephemeral) key exchange if the server
    last seen2020-06-01
    modified2020-06-02
    plugin id60849
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60849
    titleScientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60849);
      script_version("1.5");
      script_cvs_date("Date: 2019/10/25 13:36:19");
    
      script_cve_id("CVE-2010-2760", "CVE-2010-2762", "CVE-2010-2764", "CVE-2010-2765", "CVE-2010-2766", "CVE-2010-2767", "CVE-2010-2768", "CVE-2010-2769", "CVE-2010-3166", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-3169");
    
      script_name(english:"Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several flaws were found in the processing of malformed web content. A
    web page containing malicious content could cause Firefox to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running Firefox. (CVE-2010-3169, CVE-2010-2762)
    
    Several use-after-free and dangling pointer flaws were found in
    Firefox. A web page containing malicious content could cause Firefox
    to crash or, potentially, execute arbitrary code with the privileges
    of the user running Firefox. (CVE-2010-2760, CVE-2010-2766,
    CVE-2010-2767, CVE-2010-3167, CVE-2010-3168)
    
    Multiple buffer overflow flaws were found in Firefox. A web page
    containing malicious content could cause Firefox to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running Firefox. (CVE-2010-2765, CVE-2010-3166)
    
    Multiple cross-site scripting (XSS) flaws were found in Firefox. A web
    page containing malicious content could cause Firefox to run
    JavaScript code with the permissions of a different website.
    (CVE-2010-2768, CVE-2010-2769)
    
    A flaw was found in the Firefox XMLHttpRequest object. A remote site
    could use this flaw to gather information about servers on an internal
    private network. (CVE-2010-2764)
    
    Note: After installing this update, Firefox will fail to connect (with
    HTTPS) to a server using the SSL DHE (Diffie-Hellman Ephemeral) key
    exchange if the server's ephemeral key is too small. Connecting to
    such servers is a security risk as an ephemeral key that is too small
    makes the SSL connection vulnerable to attack.
    
    If you encounter the condition where Firefox fails to connect to a
    server that has an ephemeral key that is too small, you can try
    connecting using a cipher suite with a different key exchange
    algorithm by disabling all DHE cipher suites in Firefox :
    
    1) Type about:config in the URL bar and press the Enter key. 2) In the
    Filter search bar, type ssl3.dhe 3) For all preferences now presented,
    double-click the true value to change the value to false. 4) This
    change would affect connections to all HTTPS servers.
    
    After installing the update, Firefox must be restarted for the changes
    to take effect."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1009&L=scientific-linux-errata&T=0&P=892
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?01ab4cad"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/09/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/09/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL4", reference:"firefox-3.6.9-1.el4")) flag++;
    if (rpm_check(release:"SL4", reference:"nspr-4.8.6-1.el4")) flag++;
    if (rpm_check(release:"SL4", reference:"nspr-devel-4.8.6-1.el4")) flag++;
    if (rpm_check(release:"SL4", reference:"nss-3.12.7-1.el4")) flag++;
    if (rpm_check(release:"SL4", reference:"nss-devel-3.12.7-1.el4")) flag++;
    if (rpm_check(release:"SL4", reference:"nss-tools-3.12.7-1.el4")) flag++;
    
    if (rpm_check(release:"SL5", reference:"firefox-3.6.9-2.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"nspr-4.8.6-1.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"nspr-devel-4.8.6-1.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"nss-3.12.7-2.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"nss-devel-3.12.7-2.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"nss-pkcs11-devel-3.12.7-2.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"nss-tools-3.12.7-2.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"xulrunner-1.9.2.9-1.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"xulrunner-devel-1.9.2.9-1.el5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_MOZILLA-XULRUNNER191-100917.NASL
    descriptionMozilla XULRunner 1.9.1 was updated to version 1.9.1.13, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id49945
    published2010-10-12
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49945
    titleopenSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3141)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update mozilla-xulrunner191-3141.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(49945);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:38");
    
      script_cve_id("CVE-2010-2753", "CVE-2010-2760", "CVE-2010-2762", "CVE-2010-2763", "CVE-2010-2764", "CVE-2010-2765", "CVE-2010-2766", "CVE-2010-2767", "CVE-2010-2768", "CVE-2010-2769", "CVE-2010-2770", "CVE-2010-3131", "CVE-2010-3166", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-3169");
    
      script_name(english:"openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3141)");
      script_summary(english:"Check for the mozilla-xulrunner191-3141 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Mozilla XULRunner 1.9.1 was updated to version 1.9.1.13, fixing
    various bugs and security issues.
    
    Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169:
    Mozilla developers identified and fixed several memory safety bugs in
    the browser engine used in Firefox and other Mozilla-based products.
    Some of these bugs showed evidence of memory corruption under certain
    circumstances, and we presume that with enough effort at least some of
    these could be exploited to run arbitrary code.
    
    MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of
    Matasano Security reported that the implementation of the HTML
    frameset element contained an integer overflow vulnerability. The code
    responsible for parsing the frameset columns used an 8-byte counter
    for the column numbers, so when a very large number of columns was
    passed in the counter would overflow. When this counter was
    subsequently used to allocate memory for the frameset, the memory
    buffer would be too small, potentially resulting in a heap buffer
    overflow and execution of attacker-controlled memory.
    
    MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov
    reported a dangling pointer vulnerability in the implementation of
    navigator.plugins in which the navigator object could retain a pointer
    to the plugins array even after it had been destroyed. An attacker
    could potentially use this issue to crash the browser and run
    arbitrary code on a victim's computer.
    
    MFSA 2010-52 / CVE-2010-3131: Security researcher Haifei Li of
    FortiGuard Labs reported that Firefox could be used to load a
    malicious code library that had been planted on a victim's computer.
    Firefox attempts to load dwmapi.dll upon startup as part of its
    platform detection, so on systems that don't have this library, such
    as Windows XP, Firefox will subsequently attempt to load the library
    from the current working directory. An attacker could use this
    vulnerability to trick a user into downloading a HTML file and a
    malicious copy of dwmapi.dll into the same directory on their computer
    and opening the HTML file with Firefox, thus causing the malicious
    code to be executed. If the attacker was on the same network as the
    victim, the malicious DLL could also be loaded via a UNC path. The
    attack also requires that Firefox not currently be running when it is
    asked to open the HTML file and accompanying DLL.
    
    As this is a Windows only problem, it does not affect the Linux
    version. It is listed for completeness only.
    
    MFSA 2010-53 / CVE-2010-3166: Security researcher wushi of team509
    reported a heap buffer overflow in code routines responsible for
    transforming text runs. A page could be constructed with a
    bidirectional text run which upon reflow could result in an incorrect
    length being calculated for the run of text. When this value is
    subsequently used to allocate memory for the text too small a buffer
    may be created potentially resulting in a buffer overflow and the
    execution of attacker controlled memory.
    
    MFSA 2010-54 / CVE-2010-2760: Security researcher regenrecht reported
    via TippingPoint's Zero Day Initiative that there was a remaining
    dangling pointer issue leftover from the fix to CVE-2010-2753. Under
    certain circumstances one of the pointers held by a XUL tree selection
    could be freed and then later reused, potentially resulting in the
    execution of attacker-controlled memory.
    
    MFSA 2010-55 / CVE-2010-3168: Security researcher regenrecht reported
    via TippingPoint's Zero Day Initiative that XUL <tree> objects could
    be manipulated such that the setting of certain properties on the
    object would trigger the removal of the tree from the DOM and cause
    certain sections of deleted memory to be accessed. In products based
    on Gecko version 1.9.2 (Firefox 3.6, Thunderbird 3.1) and newer this
    memory has been overwritten by a value that will cause an
    unexploitable crash. In products based on Gecko version 1.9.1 (Firefox
    3.5, Thunderbird 3.0, and SeaMonkey 2.0) and older an attacker could
    potentially use this vulnerability to crash a victim's browser and run
    arbitrary code on their computer.
    
    MFSA 2010-56 / CVE-2010-3167: Security researcher regenrecht reported
    via TippingPoint's Zero Day Initiative that the implementation of XUL
    <tree>'s content view contains a dangling pointer vulnerability. One
    of the content view's methods for accessing the internal structure of
    the tree could be manipulated into removing a node prior to accessing
    it, resulting in the accessing of deleted memory. If an attacker can
    control the contents of the deleted memory prior to its access they
    could use this vulnerability to run arbitrary code on a victim's
    machine.
    
    MFSA 2010-57 / CVE-2010-2766: Security researcher regenrecht reported
    via TippingPoint's Zero Day Initiative that code used to normalize a
    document contained a logical flaw that could be leveraged to run
    arbitrary code. When the normalization code ran, a static count of the
    document's child nodes was used in the traversal, so a page could be
    constructed that would remove DOM nodes during this normalization
    which could lead to the accessing of a deleted object and potentially
    the execution of attacker-controlled memory.
    
    MFSA 2010-58 / CVE-2010-2770: Security researcher Marc Schoenefeld
    reported that a specially crafted font could be applied to a document
    and cause a crash on Mac systems. The crash showed signs of memory
    corruption and presumably could be used by an attacker to execute
    arbitrary code on a victim's computer.
    
    This issue probably does not affect the Linux builds and so is listed
    for completeness.
    
    MFSA 2010-59 / CVE-2010-2762: Mozilla developer Blake Kaplan reported
    that the wrapper class XPCSafeJSObjectWrapper (SJOW), a security
    wrapper that allows content-defined objects to be safely accessed by
    privileged code, creates scope chains ending in outer objects. Users
    of SJOWs which expect the scope chain to end on an inner object may be
    handed a chrome privileged object which could be leveraged to run
    arbitrary JavaScript with chrome privileges.
    
    Michal Zalewski's recent contributions helped to identify this
    architectural weakness.
    
    MFSA 2010-60 / CVE-2010-2763: Mozilla security researcher moz_bug_r_a4
    reported that the wrapper class XPCSafeJSObjectWrapper (SJOW) on the
    Mozilla 1.9.1 development branch has a logical error in its scripted
    function implementation that allows the caller to run the function
    within the context of another site. This is a violation of the
    same-origin policy and could be used to mount an XSS attack.
    
    MFSA 2010-61 / CVE-2010-2768: Security researchers David Huang and
    Collin Jackson of Carnegie Mellon University CyLab (Silicon Valley
    campus) reported that the type attribute of an <object> tag can
    override the charset of a framed HTML document, even when the document
    is included across origins. A page could be constructed containing
    such an <object> tag which sets the charset of the framed document to
    UTF-7. This could potentially allow an attacker to inject UTF-7
    encoded JavaScript into a site, bypassing the site's XSS filters, and
    then executing the code using the above technique.
    
    MFSA 2010-62 / CVE-2010-2769: Security researcher Paul Stone reported
    that when an HTML selection containing JavaScript is copy-and-pasted
    or dropped onto a document with designMode enabled the JavaScript will
    be executed within the context of the site where the code was dropped.
    A malicious site could leverage this issue in an XSS attack by
    persuading a user into taking such an action and in the process
    running malicious JavaScript within the context of another site.
    
    MFSA 2010-63 / CVE-2010-2764: Matt Haggard reported that the
    statusText property of an XMLHttpRequest object is readable by the
    requestor even when the request is made across origins. This status
    information reveals the presence of a web server and could be used to
    gather information about servers on internal private networks.
    
    This issue was also independently reported to Mozilla by Nicholas
    Berthaume"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=637303"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mozilla-xulrunner191 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner191");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-other");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-xpcom191");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/09/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.1", reference:"mozilla-xulrunner191-1.9.1.13-0.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"mozilla-xulrunner191-devel-1.9.1.13-0.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"mozilla-xulrunner191-gnomevfs-1.9.1.13-0.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"mozilla-xulrunner191-translations-common-1.9.1.13-0.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"mozilla-xulrunner191-translations-other-1.9.1.13-0.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"python-xpcom191-1.9.1.13-0.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.13-0.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.13-0.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mozilla-xulrunner191");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_4A21CE2CBB1311DF8E32000F20797EDE.NASL
    descriptionThe Mozilla Project reports : MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12) MFSA 2010-50 Frameset integer overflow vulnerability MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array MFSA 2010-52 Windows XP DLL loading vulnerability MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection MFSA 2010-55 XUL tree removal crash and remote code execution MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView MFSA 2010-57 Crash and remote code execution in normalizeDocument MFSA 2010-58 Crash on Mac using fuzzed font in data: URL MFSA 2010-59 SJOW creates scope chains ending in outer object MFSA 2010-60 XSS using SJOW scripted function MFSA 2010-61 UTF-7 XSS by overriding document charset using object type attribute MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS MFSA 2010-63 Information leak via XMLHttpRequest statusText
    last seen2020-06-01
    modified2020-06-02
    plugin id49166
    published2010-09-09
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49166
    titleFreeBSD : mozilla -- multiple vulnerabilities (4a21ce2c-bb13-11df-8e32-000f20797ede)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0681.NASL
    descriptionFrom Red Hat Security Advisory 2010:0681 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3169, CVE-2010-2762) Several use-after-free and dangling pointer flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2760, CVE-2010-2766, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) Multiple buffer overflow flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2765, CVE-2010-3166) Multiple cross-site scripting (XSS) flaws were found in Firefox. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2010-2768, CVE-2010-2769) A flaw was found in the Firefox XMLHttpRequest object. A remote site could use this flaw to gather information about servers on an internal private network. (CVE-2010-2764) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.9. You can find a link to the Mozilla advisories in the References section of this erratum. Note: After installing this update, Firefox will fail to connect (with HTTPS) to a server using the SSL DHE (Diffie-Hellman Ephemeral) key exchange if the server
    last seen2020-06-01
    modified2020-06-02
    plugin id68098
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68098
    titleOracle Linux 4 / 5 : firefox (ELSA-2010-0681)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_MOZILLAFIREFOX-100921.NASL
    descriptionMozilla Firefox 3.6 was updated to version 3.6.10, fixing various bugs and security issues. The following security issues were fixed : - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-49 / CVE-2010-3169) - Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. (MFSA 2010-50 / CVE-2010-2765) - Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id50875
    published2010-12-02
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50875
    titleSuSE 11 / 11.1 Security Update : Mozilla Firefox (SAT Patch Numbers 3159 / 3160)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_MOZILLA-XULRUNNER191-101028.NASL
    descriptionThis update brings Mozilla XULRunner to version 1.9.1.15, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id50462
    published2010-11-03
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50462
    titleopenSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_MOZILLA-XULRUNNER191-101028.NASL
    descriptionThis update brings Mozilla XULRunner to version 1.9.1.15, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id75671
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75671
    titleopenSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_MOZILLA-XULRUNNER191-101028.NASL
    descriptionThis update brings Mozilla XULRunner to version 1.9.1.15, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id50466
    published2010-11-03
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50466
    titleopenSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0682.NASL
    descriptionFrom Red Hat Security Advisory 2010:0682 : An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3169) A buffer overflow flaw was found in Thunderbird. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-2765) A use-after-free flaw and several dangling pointer flaws were found in Thunderbird. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) A cross-site scripting (XSS) flaw was found in Thunderbird. Remote HTML content could cause Thunderbird to execute JavaScript code with the permissions of different remote HTML content. (CVE-2010-2768) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68099
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68099
    titleOracle Linux 4 : thunderbird (ELSA-2010-0682)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_SEAMONKEY-100917.NASL
    descriptionMozilla SeaMonkey 2.0 was updated to version 2.0.8, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id49282
    published2010-09-20
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49282
    titleopenSUSE Security Update : seamonkey (openSUSE-SU-2010:0632-2)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_SEAMONKEY-100917.NASL
    descriptionMozilla SeaMonkey 2.0 was updated to version 2.0.8, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id75732
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75732
    titleopenSUSE Security Update : seamonkey (openSUSE-SU-2010:0632-2)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_313.NASL
    descriptionThe installed version of Thunderbird 3.1 is earlier than 3.1.3. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could lead to memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-49) - An integer overflow vulnerability in HTML frameset element implementation could lead to arbitrary code execution. (MFSA 2010-50) - A dangling pointer vulnerability in
    last seen2020-06-01
    modified2020-06-02
    plugin id49148
    published2010-09-08
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49148
    titleMozilla Thunderbird 3.1 < 3.1.3 Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0682.NASL
    descriptionAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3169) A buffer overflow flaw was found in Thunderbird. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-2765) A use-after-free flaw and several dangling pointer flaws were found in Thunderbird. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) A cross-site scripting (XSS) flaw was found in Thunderbird. Remote HTML content could cause Thunderbird to execute JavaScript code with the permissions of different remote HTML content. (CVE-2010-2768) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id49133
    published2010-09-08
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49133
    titleRHEL 4 / 5 : thunderbird (RHSA-2010:0682)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-975-1.NASL
    descriptionSeveral dangling pointer vulnerabilities were discovered in Firefox. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167) Blake Kaplan and Michal Zalewski discovered several weaknesses in the XPCSafeJSObjectWrapper (SJOW) security wrapper. If a user were tricked into viewing a malicious site, a remote attacker could use this to run arbitrary JavaScript with chrome privileges. (CVE-2010-2762) Matt Haggard discovered that Firefox did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. If a user were tricked into viewing a malicious site, a remote attacker could use this to gather information about servers on internal private networks. (CVE-2010-2764) Chris Rohlf discovered an integer overflow when Firefox processed the HTML frameset element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2765) Several issues were discovered in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2766, CVE-2010-3168) David Huang and Collin Jackson discovered that the <object> tag could override the charset of a framed HTML document in another origin. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2768) Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2769) A buffer overflow was discovered in Firefox when processing text runs. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3166) Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3169). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49169
    published2010-09-09
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49169
    titleUbuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 vulnerabilities (USN-975-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_MOZILLAFIREFOX-100916.NASL
    descriptionMozilla Firefox was updated to version 3.6.10, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id49279
    published2010-09-20
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49279
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0632-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_MOZILLATHUNDERBIRD-100916.NASL
    descriptionMozilla Thunderbird 3.0 was updated to version 3.0.7, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id49944
    published2010-10-12
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49944
    titleopenSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3154)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_369.NASL
    descriptionThe installed version of Firefox 3.6 is earlier than 3.6.9. Such versions are potentially affected by the following security issues : - The pseudo-random number generator is only seeded once per browsing session and
    last seen2020-06-01
    modified2020-06-02
    plugin id49146
    published2010-09-08
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49146
    titleFirefox 3.6 < 3.6.9 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-7208.NASL
    descriptionThis update brings Mozilla Firefox to version 3.5.15, fixing various bugs and security issues. The following security issues were fixed : - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-49 / CVE-2010-3169) - Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. (MFSA 2010-50 / CVE-2010-2765) - Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id50488
    published2010-11-05
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50488
    titleSuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7208)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_MOZILLA-XULRUNNER191-100917.NASL
    descriptionMozilla XULRunner 1.9.1 was updated to version 1.9.1.13, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id75670
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75670
    titleopenSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3141)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_MOZILLA-XULRUNNER191-101028.NASL
    descriptionThis update brings Mozilla XULRunner to version 1.9.1.14, fixing various bugs and security issues. The following security issues were fixed : - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-49 / CVE-2010-3169) - Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. (MFSA 2010-50 / CVE-2010-2765) - Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id50951
    published2010-12-02
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50951
    titleSuSE 11 / 11.1 Security Update : Mozilla (SAT Patch Numbers 3417 / 3419)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_MOZILLA-XULRUNNER191-100917.NASL
    descriptionMozilla XULRunner 1.9.1 was updated to version 1.9.1.13, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id49947
    published2010-10-12
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49947
    titleopenSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3141)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_MOZILLATHUNDERBIRD-100916.NASL
    descriptionMozilla Thunderbird 3.0 was updated to version 3.0.7, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id75659
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75659
    titleopenSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3154)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_MOZILLATHUNDERBIRD-100917.NASL
    descriptionMozilla Thunderbird 3.0 was updated to version 3.0.7, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id49946
    published2010-10-12
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49946
    titleopenSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3154)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_MOZILLATHUNDERBIRD-101021.NASL
    descriptionThis update brings Mozilla Thunderbird to version 3.0.9, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id50366
    published2010-10-28
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50366
    titleopenSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3378)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0681.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3169, CVE-2010-2762) Several use-after-free and dangling pointer flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2760, CVE-2010-2766, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) Multiple buffer overflow flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2765, CVE-2010-3166) Multiple cross-site scripting (XSS) flaws were found in Firefox. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2010-2768, CVE-2010-2769) A flaw was found in the Firefox XMLHttpRequest object. A remote site could use this flaw to gather information about servers on an internal private network. (CVE-2010-2764) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.9. You can find a link to the Mozilla advisories in the References section of this erratum. Note: After installing this update, Firefox will fail to connect (with HTTPS) to a server using the SSL DHE (Diffie-Hellman Ephemeral) key exchange if the server
    last seen2020-06-01
    modified2020-06-02
    plugin id49182
    published2010-09-12
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49182
    titleCentOS 4 / 5 : firefox (CESA-2010:0681)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_MOZILLATHUNDERBIRD-101022.NASL
    descriptionThis update brings Mozilla Thunderbird to version 3.0.9, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id50372
    published2010-10-28
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50372
    titleopenSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3378)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_SEAMONKEY-101021.NASL
    descriptionThis update brings Mozilla SeaMonkey to version 2.0.9, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id50371
    published2010-10-28
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50371
    titleopenSUSE Security Update : seamonkey (seamonkey-3372)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_MOZILLAFIREFOX-100916.NASL
    descriptionMozilla Firefox was updated to version 3.6.10, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id49281
    published2010-09-20
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49281
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0632-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_MOZILLAFIREFOX-100916.NASL
    descriptionMozilla Firefox was updated to version 3.6.10, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id75647
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75647
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0632-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201301-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id63402
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63402
    titleGLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_SEAMONKEY-101021.NASL
    descriptionThis update brings Mozilla SeaMonkey to version 2.0.9, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id75733
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75733
    titleopenSUSE Security Update : seamonkey (seamonkey-3372)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-173.NASL
    descriptionSecurity issues were identified and fixed in firefox and mozilla-thinderbird : Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests (CVE-2010-2764). Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled (CVE-2010-2769). Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document
    last seen2020-06-01
    modified2020-06-02
    plugin id49202
    published2010-09-12
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49202
    titleMandriva Linux Security Advisory : firefox (MDVSA-2010:173)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_MOZILLATHUNDERBIRD-101021.NASL
    descriptionThis update brings Mozilla Thunderbird to version 3.0.9, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id75660
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75660
    titleopenSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3378)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_SEAMONKEY-101021.NASL
    descriptionThis update brings Mozilla SeaMonkey to version 2.0.9, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id50376
    published2010-10-28
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50376
    titleopenSUSE Security Update : seamonkey (seamonkey-3372)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0682.NASL
    descriptionAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3169) A buffer overflow flaw was found in Thunderbird. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-2765) A use-after-free flaw and several dangling pointer flaws were found in Thunderbird. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) A cross-site scripting (XSS) flaw was found in Thunderbird. Remote HTML content could cause Thunderbird to execute JavaScript code with the permissions of different remote HTML content. (CVE-2010-2768) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id49183
    published2010-09-12
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49183
    titleCentOS 4 / 5 : thunderbird (CESA-2010:0682)

Oval

accepted2014-10-06T04:00:12.931-04:00
classvulnerability
contributors
  • nameJ. Daniel Brown
    organizationDTCC
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameRichard Helbing
    organizationbaramundi software
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
definition_extensions
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
descriptionThe XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object.
familywindows
idoval:org.mitre.oval:def:11492
statusaccepted
submitted2010-09-10T17:30:00.000-05:00
titleMozilla Multiple Products SafeJSObjectWrapper XPCSafeJSObjectWrapper Class Chrome Privileged Object Arbitrary JavaScript Code Execution
version34

Redhat

rpms
  • firefox-0:3.6.9-1.el4
  • firefox-0:3.6.9-2.el5
  • firefox-debuginfo-0:3.6.9-1.el4
  • firefox-debuginfo-0:3.6.9-2.el5
  • nspr-0:4.8.6-1.el4
  • nspr-0:4.8.6-1.el5
  • nspr-debuginfo-0:4.8.6-1.el4
  • nspr-debuginfo-0:4.8.6-1.el5
  • nspr-devel-0:4.8.6-1.el4
  • nspr-devel-0:4.8.6-1.el5
  • nss-0:3.12.7-1.el4
  • nss-0:3.12.7-2.el5
  • nss-debuginfo-0:3.12.7-1.el4
  • nss-debuginfo-0:3.12.7-2.el5
  • nss-devel-0:3.12.7-1.el4
  • nss-devel-0:3.12.7-2.el5
  • nss-pkcs11-devel-0:3.12.7-2.el5
  • nss-tools-0:3.12.7-1.el4
  • nss-tools-0:3.12.7-2.el5
  • xulrunner-0:1.9.2.9-1.el5
  • xulrunner-debuginfo-0:1.9.2.9-1.el5
  • xulrunner-devel-0:1.9.2.9-1.el5