Vulnerabilities > CVE-2011-2980 - Remote Arbitrary Code Execution vulnerability in Mozilla Firefox and Thunderbird
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Untrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, allows local users to gain privileges by leveraging write access in an unspecified directory to place a Trojan horse DLL that is loaded into the running Firefox process. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_4_MOZILLA-JS192-110817.NASL description Mozilla XULRunner was updated to version 1.9.2.20. The update fixes bugs and security issues. Following security issues were fixed: http://www.mozilla.org/security/announce/2011/mfsa2011-30.html Mozilla Foundation Security Advisory 2011-30 (MFSA 2011-30) dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo Miscellaneous memory safety hazards Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Firefox 3.6. (CVE-2011-2982) dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 75958 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75958 title openSUSE Security Update : mozilla-js192 (mozilla-js192-5010) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update mozilla-js192-5010. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75958); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:42"); script_cve_id("CVE-2011-0084", "CVE-2011-2378", "CVE-2011-2980", "CVE-2011-2981", "CVE-2011-2982", "CVE-2011-2983", "CVE-2011-2984"); script_name(english:"openSUSE Security Update : mozilla-js192 (mozilla-js192-5010)"); script_summary(english:"Check for the mozilla-js192-5010 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Mozilla XULRunner was updated to version 1.9.2.20. The update fixes bugs and security issues. Following security issues were fixed: http://www.mozilla.org/security/announce/2011/mfsa2011-30.html Mozilla Foundation Security Advisory 2011-30 (MFSA 2011-30) dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo Miscellaneous memory safety hazards Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Firefox 3.6. (CVE-2011-2982) dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a SVG text manipulation routine contained a dangling pointer vulnerability. (CVE-2011-0084) dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo Privilege escalation using event handlers Mozilla security researcher moz_bug_r_a_4 reported a vulnerability in event management code that would permit JavaScript to be run in the wrong context, including that of a different website or potentially in a chrome-privileged context. (CVE-2011-2981) dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo Dangling pointer vulnerability in appendChild Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that appendChild did not correctly account for DOM objects it operated upon and could be exploited to dereference an invalid pointer. (CVE-2011-2378) dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo Privilege escalation dropping a tab element in content area Mozilla security researcher moz_bug_r_a4 reported that web content could receive chrome privileges if it registered for drop events and a browser tab element was dropped into the content area. (CVE-2011-2984) dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo Binary planting vulnerability in ThinkPadSensor::Startup Security researcher Mitja Kolsek of Acros Security reported that ThinkPadSensor::Startup could potentially be exploited to load a malicious DLL into the running process. (CVE-2011-2980) (This issue is likely Windows only) dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo Private data leakage using RegExp.input Security researcher shutdown reported that data from other domains could be read when RegExp.input was set. (CVE-2011-2983)" ); # http://www.mozilla.org/security/announce/2011/mfsa2011-30.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30/" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=712224" ); script_set_attribute( attribute:"solution", value:"Update the affected mozilla-js192 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploithub_sku", value:"EH-11-772"); script_set_attribute(attribute:"exploit_framework_exploithub", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js192"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js192-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/18"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.4", reference:"mozilla-js192-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"mozilla-js192-debuginfo-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-buildsymbols-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-debuginfo-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-debugsource-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-devel-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-devel-debuginfo-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-gnome-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-gnome-debuginfo-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-translations-common-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-translations-other-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-js192-32bit-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-js192-debuginfo-32bit-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-xulrunner192-32bit-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-xulrunner192-debuginfo-32bit-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-xulrunner192-gnome-32bit-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-xulrunner192-gnome-debuginfo-32bit-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-xulrunner192-translations-common-32bit-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-xulrunner192-translations-other-32bit-1.9.2.20-1.2.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla XULRunner"); }NASL family Windows NASL id MOZILLA_FIREFOX_3620.NASL description The installed version of Firefox 3.6 is earlier than 3.6.20. As such, it is potentially affected by the following security issues : - A dangling pointer vulnerability exists in an SVG text manipulation routine. (CVE-2011-0084) - A DOM accounting error exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 55901 published 2011-08-18 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55901 title Firefox 3.6 < 3.6.20 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(55901); script_version("1.15"); script_cvs_date("Date: 2018/11/15 20:50:27"); script_cve_id( "CVE-2011-0084", "CVE-2011-2378", "CVE-2011-2980", "CVE-2011-2981", "CVE-2011-2982", "CVE-2011-2983", "CVE-2011-2984" ); script_bugtraq_id( 49213, 49214, 49216, 49217, 49218, 49219, 49223 ); script_name(english:"Firefox 3.6 < 3.6.20 Multiple Vulnerabilities"); script_summary(english:"Checks version of Firefox"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a web browser that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The installed version of Firefox 3.6 is earlier than 3.6.20. As such, it is potentially affected by the following security issues : - A dangling pointer vulnerability exists in an SVG text manipulation routine. (CVE-2011-0084) - A DOM accounting error exists in the 'appendChild' JavaScript function that can allow an invalid pointer to be dereferenced. (CVE-2011-2378) - An error exists in 'ThinkPadSensor::Startup' that can allow malicious DLLs to be loaded. (CVE-2011-2980) - An error exists in the event management code that can allow JavaScript to execute in the context of a different website and possibly in the chrome-privileged context. (CVE-2011-2981) - Various unspecified memory safety issues exist. (CVE-2011-2982) - A cross-domain information disclosure vulnerability exists if the configuration option 'RegExp.input' is set. (CVE-2011-2983) - A privilege escalation vulnerability exists if web content is registered to handle 'drop' events and a browser tab is dropped in that element's area. This can allow the web content to execute with browser chrome privileges. (CVE-2011-2984)"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-270/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-271/"); script_set_attribute(attribute:"solution", value:"Upgrade to Firefox 3.6.20 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploithub_sku", value:"EH-11-772"); script_set_attribute(attribute:"exploit_framework_exploithub", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/16"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/18"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Firefox/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item_or_exit("SMB/transport"); installs = get_kb_list("SMB/Mozilla/Firefox/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox"); mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'3.6.20', min:'3.6', severity:SECURITY_HOLE);NASL family SuSE Local Security Checks NASL id SUSE_11_MOZILLAFIREFOX-110824.NASL description Mozilla Firefox was updated to version 3.6.20. It fixes bugs and security issues. Following security issues were fixed: Mozilla Foundation Security Advisory 2011-30 - MFSA 2011-30 - Miscellaneous memory safety hazards Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Firefox 3.6. (CVE-2011-2982) - Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 56003 published 2011-08-30 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56003 title SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 5057) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(56003); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:42"); script_cve_id("CVE-2011-0084", "CVE-2011-2378", "CVE-2011-2980", "CVE-2011-2981", "CVE-2011-2982", "CVE-2011-2983", "CVE-2011-2984"); script_name(english:"SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 5057)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Mozilla Firefox was updated to version 3.6.20. It fixes bugs and security issues. Following security issues were fixed: Mozilla Foundation Security Advisory 2011-30 - MFSA 2011-30 - Miscellaneous memory safety hazards Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Firefox 3.6. (CVE-2011-2982) - Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a SVG text manipulation routine contained a dangling pointer vulnerability. (CVE-2011-0084) - Privilege escalation using event handlers Mozilla security researcher moz_bug_r_a_4 reported a vulnerability in event management code that would permit JavaScript to be run in the wrong context, including that of a different website or potentially in a chrome-privileged context. (CVE-2011-2981) - Dangling pointer vulnerability in appendChild Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that appendChild did not correctly account for DOM objects it operated upon and could be exploited to dereference an invalid pointer. (CVE-2011-2378) - Privilege escalation dropping a tab element in content area Mozilla security researcher moz_bug_r_a4 reported that web content could receive chrome privileges if it registered for drop events and a browser tab element was dropped into the content area. (CVE-2011-2984) - Binary planting vulnerability in ThinkPadSensor::Startup Security researcher Mitja Kolsek of Acros Security reported that ThinkPadSensor::Startup could potentially be exploited to load a malicious DLL into the running process. (CVE-2011-2980) (This issue is likely Windows only) - Private data leakage using RegExp.input Security researcher shutdown reported that data from other domains could be read when RegExp.input was set. (CVE-2011-2983)" ); script_set_attribute( attribute:"see_also", value:"http://www.mozilla.org/security/announce/2011/mfsa2011-30.html" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=712224" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-0084.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2378.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2980.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2981.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2982.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2983.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2984.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 5057."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploithub_sku", value:"EH-11-772"); script_set_attribute(attribute:"exploit_framework_exploithub", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1"); flag = 0; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"MozillaFirefox-3.6.20-0.2.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"MozillaFirefox-translations-3.6.20-0.2.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"mozilla-xulrunner192-1.9.2.20-1.2.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"mozilla-xulrunner192-gnome-1.9.2.20-1.2.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"mozilla-xulrunner192-translations-1.9.2.20-1.2.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"MozillaFirefox-3.6.20-0.2.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"MozillaFirefox-translations-3.6.20-0.2.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner192-1.9.2.20-1.2.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner192-32bit-1.9.2.20-1.2.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner192-gnome-1.9.2.20-1.2.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner192-gnome-32bit-1.9.2.20-1.2.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner192-translations-1.9.2.20-1.2.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner192-translations-32bit-1.9.2.20-1.2.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"MozillaFirefox-3.6.20-0.2.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"MozillaFirefox-translations-3.6.20-0.2.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"mozilla-xulrunner192-1.9.2.20-1.2.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"mozilla-xulrunner192-gnome-1.9.2.20-1.2.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"mozilla-xulrunner192-translations-1.9.2.20-1.2.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"mozilla-xulrunner192-32bit-1.9.2.20-1.2.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner192-32bit-1.9.2.20-1.2.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-7712.NASL description Mozilla Firefox was updated to version 3.6.20. It fixes bugs and security issues. Following security issues were fixed: Mozilla Foundation Security Advisory 2011-30 - MFSA 2011-30 - Miscellaneous memory safety hazards Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Firefox 3.6. (CVE-2011-2982) - Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 56005 published 2011-08-30 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56005 title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7712) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(56005); script_version ("1.11"); script_cvs_date("Date: 2019/10/25 13:36:43"); script_cve_id("CVE-2011-0084", "CVE-2011-2378", "CVE-2011-2980", "CVE-2011-2981", "CVE-2011-2982", "CVE-2011-2983", "CVE-2011-2984"); script_name(english:"SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7712)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Mozilla Firefox was updated to version 3.6.20. It fixes bugs and security issues. Following security issues were fixed: Mozilla Foundation Security Advisory 2011-30 - MFSA 2011-30 - Miscellaneous memory safety hazards Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Firefox 3.6. (CVE-2011-2982) - Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a SVG text manipulation routine contained a dangling pointer vulnerability. (CVE-2011-0084) - Privilege escalation using event handlers Mozilla security researcher moz_bug_r_a_4 reported a vulnerability in event management code that would permit JavaScript to be run in the wrong context, including that of a different website or potentially in a chrome-privileged context. (CVE-2011-2981) - Dangling pointer vulnerability in appendChild Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that appendChild did not correctly account for DOM objects it operated upon and could be exploited to dereference an invalid pointer. (CVE-2011-2378) - Privilege escalation dropping a tab element in content area Mozilla security researcher moz_bug_r_a4 reported that web content could receive chrome privileges if it registered for drop events and a browser tab element was dropped into the content area. (CVE-2011-2984) - Binary planting vulnerability in ThinkPadSensor::Startup Security researcher Mitja Kolsek of Acros Security reported that ThinkPadSensor::Startup could potentially be exploited to load a malicious DLL into the running process. (CVE-2011-2980) (This issue is likely Windows only) - Private data leakage using RegExp.input Security researcher shutdown reported that data from other domains could be read when RegExp.input was set. (CVE-2011-2983)" ); # http://www.mozilla.org/security/announce/2011/mfsa2011-30.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30/" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-0084.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2378.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2980.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2981.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2982.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2983.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2984.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7712."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploithub_sku", value:"EH-11-772"); script_set_attribute(attribute:"exploit_framework_exploithub", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/18"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLES10", sp:3, reference:"MozillaFirefox-3.6.20-0.5.1")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"MozillaFirefox-translations-3.6.20-0.5.1")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"mozilla-xulrunner192-1.9.2.20-1.5.1")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"mozilla-xulrunner192-gnome-1.9.2.20-1.5.1")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"mozilla-xulrunner192-translations-1.9.2.20-1.5.1")) flag++; if (rpm_check(release:"SLES10", sp:3, cpu:"x86_64", reference:"mozilla-xulrunner192-32bit-1.9.2.20-1.5.1")) flag++; if (rpm_check(release:"SLES10", sp:3, cpu:"x86_64", reference:"mozilla-xulrunner192-gnome-32bit-1.9.2.20-1.5.1")) flag++; if (rpm_check(release:"SLES10", sp:3, cpu:"x86_64", reference:"mozilla-xulrunner192-translations-32bit-1.9.2.20-1.5.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family SuSE Local Security Checks NASL id SUSE_11_3_MOZILLAFIREFOX-110817.NASL description Mozilla Firefox was updated to version 3.6.20. It fixes bugs and security issues. Following security issues were fixed: http://www.mozilla.org/security/announce/2011/mfsa2011-30.html Mozilla Foundation Security Advisory 2011-30 (MFSA 2011-30) - Miscellaneous memory safety hazards Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Firefox 3.6. (CVE-2011-2982) - Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 75654 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75654 title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:0958-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update MozillaFirefox-5013. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75654); script_version("1.9"); script_cvs_date("Date: 2019/10/25 13:36:41"); script_cve_id("CVE-2011-0084", "CVE-2011-2378", "CVE-2011-2980", "CVE-2011-2981", "CVE-2011-2982", "CVE-2011-2983", "CVE-2011-2984"); script_name(english:"openSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:0958-1)"); script_summary(english:"Check for the MozillaFirefox-5013 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Mozilla Firefox was updated to version 3.6.20. It fixes bugs and security issues. Following security issues were fixed: http://www.mozilla.org/security/announce/2011/mfsa2011-30.html Mozilla Foundation Security Advisory 2011-30 (MFSA 2011-30) - Miscellaneous memory safety hazards Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Firefox 3.6. (CVE-2011-2982) - Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a SVG text manipulation routine contained a dangling pointer vulnerability. (CVE-2011-0084) - Privilege escalation using event handlers Mozilla security researcher moz_bug_r_a_4 reported a vulnerability in event management code that would permit JavaScript to be run in the wrong context, including that of a different website or potentially in a chrome-privileged context. (CVE-2011-2981) - Dangling pointer vulnerability in appendChild Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that appendChild did not correctly account for DOM objects it operated upon and could be exploited to dereference an invalid pointer. (CVE-2011-2378) - Privilege escalation dropping a tab element in content area Mozilla security researcher moz_bug_r_a4 reported that web content could receive chrome privileges if it registered for drop events and a browser tab element was dropped into the content area. (CVE-2011-2984) - Binary planting vulnerability in ThinkPadSensor::Startup Security researcher Mitja Kolsek of Acros Security reported that ThinkPadSensor::Startup could potentially be exploited to load a malicious DLL into the running process. (CVE-2011-2980) (This issue is likely Windows only) - Private data leakage using RegExp.input Security researcher shutdown reported that data from other domains could be read when RegExp.input was set. (CVE-2011-2983)" ); # http://www.mozilla.org/security/announce/2011/mfsa2011-30.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30/" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=712224" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2011-08/msg00040.html" ); script_set_attribute( attribute:"solution", value:"Update the affected MozillaFirefox packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploithub_sku", value:"EH-11-772"); script_set_attribute(attribute:"exploit_framework_exploithub", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js192"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js192-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/18"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.3", reference:"MozillaFirefox-3.6.20-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"MozillaFirefox-branding-upstream-3.6.20-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"MozillaFirefox-translations-common-3.6.20-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"MozillaFirefox-translations-other-3.6.20-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"mozilla-js192-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"mozilla-xulrunner192-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"mozilla-xulrunner192-buildsymbols-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"mozilla-xulrunner192-devel-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"mozilla-xulrunner192-gnome-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"mozilla-xulrunner192-translations-common-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"mozilla-xulrunner192-translations-other-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"mozilla-js192-32bit-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"mozilla-xulrunner192-32bit-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"mozilla-xulrunner192-gnome-32bit-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"mozilla-xulrunner192-translations-common-32bit-1.9.2.20-1.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"mozilla-xulrunner192-translations-other-32bit-1.9.2.20-1.2.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox"); }NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-7713.NASL description Mozilla Firefox was updated to version 3.6.20. It fixes bugs and security issues. Following security issues were fixed: Mozilla Foundation Security Advisory 2011-30 - MFSA 2011-30 - Miscellaneous memory safety hazards Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Firefox 3.6. (CVE-2011-2982) - Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 57150 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57150 title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7713) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(57150); script_version ("1.9"); script_cvs_date("Date: 2019/10/25 13:36:43"); script_cve_id("CVE-2011-0084", "CVE-2011-2378", "CVE-2011-2980", "CVE-2011-2981", "CVE-2011-2982", "CVE-2011-2983", "CVE-2011-2984"); script_name(english:"SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7713)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Mozilla Firefox was updated to version 3.6.20. It fixes bugs and security issues. Following security issues were fixed: Mozilla Foundation Security Advisory 2011-30 - MFSA 2011-30 - Miscellaneous memory safety hazards Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Firefox 3.6. (CVE-2011-2982) - Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a SVG text manipulation routine contained a dangling pointer vulnerability. (CVE-2011-0084) - Privilege escalation using event handlers Mozilla security researcher moz_bug_r_a_4 reported a vulnerability in event management code that would permit JavaScript to be run in the wrong context, including that of a different website or potentially in a chrome-privileged context. (CVE-2011-2981) - Dangling pointer vulnerability in appendChild Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that appendChild did not correctly account for DOM objects it operated upon and could be exploited to dereference an invalid pointer. (CVE-2011-2378) - Privilege escalation dropping a tab element in content area Mozilla security researcher moz_bug_r_a4 reported that web content could receive chrome privileges if it registered for drop events and a browser tab element was dropped into the content area. (CVE-2011-2984) - Binary planting vulnerability in ThinkPadSensor::Startup Security researcher Mitja Kolsek of Acros Security reported that ThinkPadSensor::Startup could potentially be exploited to load a malicious DLL into the running process. (CVE-2011-2980) (This issue is likely Windows only) - Private data leakage using RegExp.input Security researcher shutdown reported that data from other domains could be read when RegExp.input was set. (CVE-2011-2983)" ); # http://www.mozilla.org/security/announce/2011/mfsa2011-30.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30/" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-0084.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2378.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2980.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2981.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2982.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2983.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2984.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7713."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploithub_sku", value:"EH-11-772"); script_set_attribute(attribute:"exploit_framework_exploithub", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/18"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:4, reference:"MozillaFirefox-3.6.20-0.5.1")) flag++; if (rpm_check(release:"SLED10", sp:4, reference:"MozillaFirefox-translations-3.6.20-0.5.1")) flag++; if (rpm_check(release:"SLED10", sp:4, reference:"mozilla-xulrunner192-1.9.2.20-1.5.1")) flag++; if (rpm_check(release:"SLED10", sp:4, reference:"mozilla-xulrunner192-gnome-1.9.2.20-1.5.1")) flag++; if (rpm_check(release:"SLED10", sp:4, reference:"mozilla-xulrunner192-translations-1.9.2.20-1.5.1")) flag++; if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"mozilla-xulrunner192-32bit-1.9.2.20-1.5.1")) flag++; if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"mozilla-xulrunner192-gnome-32bit-1.9.2.20-1.5.1")) flag++; if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"mozilla-xulrunner192-translations-32bit-1.9.2.20-1.5.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"MozillaFirefox-3.6.20-0.5.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"MozillaFirefox-translations-3.6.20-0.5.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"mozilla-xulrunner192-1.9.2.20-1.5.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"mozilla-xulrunner192-gnome-1.9.2.20-1.5.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"mozilla-xulrunner192-translations-1.9.2.20-1.5.1")) flag++; if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"mozilla-xulrunner192-32bit-1.9.2.20-1.5.1")) flag++; if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"mozilla-xulrunner192-gnome-32bit-1.9.2.20-1.5.1")) flag++; if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"mozilla-xulrunner192-translations-32bit-1.9.2.20-1.5.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family SuSE Local Security Checks NASL id SUSE_11_4_MOZILLATHUNDERBIRD-110826.NASL description Mozilla Thunderbird was updated to 3.1.12 fixing various bugs and security issues : Mozilla Foundation Security Advisory 2011-32 (MFSA 2011-32) http://www.mozilla.org/security/announce/2011/mfsa2011-32.html Many of the issues listed below are not exploitable through mail since JavaScript is disabled by default in Thunderbird. These particular issues may be triggered while viewing RSS feeds and displaying full remote content rather than the feed summary. Addons that expose browser functionality may also enable such issues to be exploited. dbg114-MozillaThunderbird-5050 MozillaThunderbird-5050 new_updateinfo Miscellaneous memory safety hazards (rv:1.9.2.20) Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Thunderbird 3.1 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Thunderbird 3.1. (CVE-2011-2982) dbg114-MozillaThunderbird-5050 MozillaThunderbird-5050 new_updateinfo Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 75966 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75966 title openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-5050) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-127.NASL description Security issues were identified and fixed in mozilla firefox and thunderbird : Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2011-2982). Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 55894 published 2011-08-18 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55894 title Mandriva Linux Security Advisory : mozilla (MDVSA-2011:127) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_834591A9C82F11E0897D6C626DD55A41.NASL description The Mozilla Project reports : MFSA 2011-29 Security issues addressed in Firefox 6 MFSA 2011-28 Security issues addressed in Firefox 3.6.20 last seen 2020-06-01 modified 2020-06-02 plugin id 55878 published 2011-08-17 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55878 title FreeBSD : mozilla -- multiple vulnerabilities (834591a9-c82f-11e0-897d-6c626dd55a41) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201301-01.NASL description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 63402 published 2013-01-08 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63402 title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) NASL family Windows NASL id MOZILLA_THUNDERBIRD_3112.NASL description The installed version of Thunderbird 3.1 is earlier than 3.1.12. As such, it is potentially affected by the following security issues : - Several memory safety bugs exist in the browser engine that may permit remote code execution. (CVE-2011-2982) - A dangling pointer vulnerability exists in an SVG text manipulation routine. (CVE-2011-0084) - A dangling pointer vulnerability exists in appendChild, which did not correctly account for DOM objects it operated upon. (CVE-2011-2378) - A privilege escalation vulnerability in the event management code could permit JavaScript to be run in the wrong context. (CVE-2011-2981) - A privilege escalation vulnerability exists if a web page registered for drop events and a browser tab element was dropped into the content area. (CVE-2011-2984) - A binary planting vulnerability in ThinkPadSensor::Startup could permit loading a malicious DLL into the running process. (CVE-2011-2980) - A data leakage vulnerability triggered when RegExp.input was set could allow data from other domains to be read. (CVE-2011-2983) last seen 2020-06-01 modified 2020-06-02 plugin id 55886 published 2011-08-17 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55886 title Mozilla Thunderbird 3.1 < 3.1.12 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_3_MOZILLATHUNDERBIRD-110826.NASL description Mozilla Thunderbird was updated to 3.1.12 fixing various bugs and security issues : Mozilla Foundation Security Advisory 2011-32 (MFSA 2011-32) http://www.mozilla.org/security/announce/2011/mfsa2011-32.html Many of the issues listed below are not exploitable through mail since JavaScript is disabled by default in Thunderbird. These particular issues may be triggered while viewing RSS feeds and displaying full remote content rather than the feed summary. Addons that expose browser functionality may also enable such issues to be exploited. - Miscellaneous memory safety hazards (rv:1.9.2.20) Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Thunderbird 3.1 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Thunderbird 3.1. (CVE-2011-2982) - Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 75666 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75666 title openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2011:0935-2)
Oval
| accepted | 2014-10-06T04:01:30.246-04:00 | ||||||||||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||
| description | Untrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, allows local users to gain privileges by leveraging write access in an unspecified directory to place a Trojan horse DLL that is loaded into the running Firefox process. | ||||||||||||||||||||||||||||||||||||||||
| family | windows | ||||||||||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:14436 | ||||||||||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||||||||||
| submitted | 2011-11-25T18:25:39.000-05:00 | ||||||||||||||||||||||||||||||||||||||||
| title | Untrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, allows local users to gain privileges by leveraging write access in an unspecified directory to place a Trojan horse DLL that is loaded into the running Firefox process. | ||||||||||||||||||||||||||||||||||||||||
| version | 32 |
Saint
| bid | 49217 |
| description | Firefox sensor.dll Insecure Library Loading |
| id | web_client_firefox,mail_client_thunderbird |
| osvdb | 74583 |
| title | firefox_insecure_library_load_sensor |
| type | client |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 49166 CVE ID: CVE-2011-0084,CVE-2011-2978,CVE-2011-2980,CVE-2011-2981,CVE-2011-2982,CVE-2011-2983,CVE-2011-2984,CVE-2011-2985,CVE-2011-2986,CVE-2011-2987,CVE-2011-2988,CVE-2011-2989,CVE-2011-2990,CVE-2011-2991,CVE-2011-2992,CVE-2011-2993 Firefox是一款非常流行的开源WEB浏览器。Thunderbird是一个邮件客户端,支持IMAP、POP邮件协议以及HTML邮件格式。SeaMonkey是开源的Web浏览器、邮件和新闻组客户端、IRC会话客户端和HTML编辑器。 Mozilla Firefox/Thunderbird/SeaMonkey在实现上存在多个漏洞,远程攻击者可利用此漏洞执行任意代码,使受影响应用程序崩溃,获取敏感信息。 Mozilla Thunderbird 3.x Mozilla Thunderbird 2.x 厂商补丁: Mozilla ------- Mozilla已经为此发布了一个安全公告(mfsa2011-29)以及相应补丁: mfsa2011-29:Mozilla Foundation Security Advisory 2011-29 链接:http://www.mozilla.org/security/announce/2011/mfsa2011-29.html |
| id | SSV:20867 |
| last seen | 2017-11-19 |
| modified | 2011-08-18 |
| published | 2011-08-18 |
| reporter | Root |
| title | Mozilla Firefox/Thunderbird/SeaMonkey多个安全漏洞 |
References
- http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00027.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:127
- http://www.mozilla.org/security/announce/2011/mfsa2011-30.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=642469
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14436