Vulnerabilities > CVE-2011-2982 - Memory-Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
mozilla
critical
nessus

Summary

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Vulnerable Configurations

Part Description Count
Application
Mozilla
237

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_MOZILLA-JS192-110817.NASL
    descriptionMozilla XULRunner was updated to version 1.9.2.20. The update fixes bugs and security issues. Following security issues were fixed: http://www.mozilla.org/security/announce/2011/mfsa2011-30.html Mozilla Foundation Security Advisory 2011-30 (MFSA 2011-30) dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo Miscellaneous memory safety hazards Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Firefox 3.6. (CVE-2011-2982) dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id75958
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75958
    titleopenSUSE Security Update : mozilla-js192 (mozilla-js192-5010)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update mozilla-js192-5010.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75958);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/25 13:36:42");
    
      script_cve_id("CVE-2011-0084", "CVE-2011-2378", "CVE-2011-2980", "CVE-2011-2981", "CVE-2011-2982", "CVE-2011-2983", "CVE-2011-2984");
    
      script_name(english:"openSUSE Security Update : mozilla-js192 (mozilla-js192-5010)");
      script_summary(english:"Check for the mozilla-js192-5010 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Mozilla XULRunner was updated to version 1.9.2.20.
    
    The update fixes bugs and security issues. Following security issues
    were fixed:
    http://www.mozilla.org/security/announce/2011/mfsa2011-30.html Mozilla
    Foundation Security Advisory 2011-30 (MFSA 2011-30)
    
    dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo
    Miscellaneous memory safety hazards
    
    Mozilla developers and community members identified and fixed several
    memory safety bugs in the browser engine used in Firefox 3.6 and other
    Mozilla-based products. Some of these bugs showed evidence of memory
    corruption under certain circumstances, and we presume that with
    enough effort at least some of these could be exploited to run
    arbitrary code.
    
    Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety
    issues which affected Firefox 3.6. (CVE-2011-2982)
    
    dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo Crash in
    SVGTextElement.getCharNumAtPosition()
    
    Security researcher regenrecht reported via TippingPoint's Zero Day
    Initiative that a SVG text manipulation routine contained a dangling
    pointer vulnerability. (CVE-2011-0084)
    
    dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo Privilege
    escalation using event handlers
    
    Mozilla security researcher moz_bug_r_a_4 reported a vulnerability in
    event management code that would permit JavaScript to be run in the
    wrong context, including that of a different website or potentially in
    a chrome-privileged context. (CVE-2011-2981)
    
    dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo Dangling
    pointer vulnerability in appendChild
    
    Security researcher regenrecht reported via TippingPoint's Zero Day
    Initiative that appendChild did not correctly account for DOM objects
    it operated upon and could be exploited to dereference an invalid
    pointer. (CVE-2011-2378)
    
    dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo Privilege
    escalation dropping a tab element in content area
    
    Mozilla security researcher moz_bug_r_a4 reported that web content
    could receive chrome privileges if it registered for drop events and a
    browser tab element was dropped into the content area. (CVE-2011-2984)
    
    dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo Binary
    planting vulnerability in ThinkPadSensor::Startup
    
    Security researcher Mitja Kolsek of Acros Security reported that
    ThinkPadSensor::Startup could potentially be exploited to load a
    malicious DLL into the running process. (CVE-2011-2980) (This issue is
    likely Windows only)
    
    dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo Private
    data leakage using RegExp.input
    
    Security researcher shutdown reported that data from other domains
    could be read when RegExp.input was set. (CVE-2011-2983)"
      );
      # http://www.mozilla.org/security/announce/2011/mfsa2011-30.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=712224"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mozilla-js192 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploithub_sku", value:"EH-11-772");
      script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js192");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js192-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.4", reference:"mozilla-js192-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"mozilla-js192-debuginfo-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-buildsymbols-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-debuginfo-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-debugsource-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-devel-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-devel-debuginfo-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-gnome-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-gnome-debuginfo-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-translations-common-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-translations-other-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-js192-32bit-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-js192-debuginfo-32bit-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-xulrunner192-32bit-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-xulrunner192-debuginfo-32bit-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-xulrunner192-gnome-32bit-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-xulrunner192-gnome-debuginfo-32bit-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-xulrunner192-translations-common-32bit-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-xulrunner192-translations-other-32bit-1.9.2.20-1.2.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla XULRunner");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110816_THUNDERBIRD_ON_SL6_X.NASL
    descriptionMozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2982) A dangling pointer flaw was found in the Thunderbird Scalable Vector Graphics (SVG) text manipulation routine. An HTML mail message containing a malicious SVG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0084) A dangling pointer flaw was found in the way Thunderbird handled a certain Document Object Model (DOM) element. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2378) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id61115
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61115
    titleScientific Linux Security Update : thunderbird on SL6.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61115);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/25 13:36:20");
    
      script_cve_id("CVE-2011-0084", "CVE-2011-2378", "CVE-2011-2982");
    
      script_name(english:"Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Scientific Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Mozilla Thunderbird is a standalone mail and newsgroup client.
    
    Several flaws were found in the processing of malformed HTML content.
    Malicious HTML content could cause Thunderbird to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running Thunderbird. (CVE-2011-2982)
    
    A dangling pointer flaw was found in the Thunderbird Scalable Vector
    Graphics (SVG) text manipulation routine. An HTML mail message
    containing a malicious SVG image could cause Thunderbird to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running Thunderbird. (CVE-2011-0084)
    
    A dangling pointer flaw was found in the way Thunderbird handled a
    certain Document Object Model (DOM) element. An HTML mail message
    containing malicious content could cause Thunderbird to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running Thunderbird. (CVE-2011-2378)
    
    All Thunderbird users should upgrade to this updated package, which
    resolves these issues. All running instances of Thunderbird must be
    restarted for the update to take effect."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1108&L=scientific-linux-errata&T=0&P=2387
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?eec507c9"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected thunderbird package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL6", reference:"thunderbird-3.1.12-1.el6_1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-1166.NASL
    descriptionFrom Red Hat Security Advisory 2011:1166 : An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2982) A dangling pointer flaw was found in the Thunderbird Scalable Vector Graphics (SVG) text manipulation routine. An HTML mail message containing a malicious SVG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0084) A dangling pointer flaw was found in the way Thunderbird handled a certain Document Object Model (DOM) element. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2378) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68328
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68328
    titleOracle Linux 6 : thunderbird (ELSA-2011-1166)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2011:1166 and 
    # Oracle Linux Security Advisory ELSA-2011-1166 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(68328);
      script_version("1.10");
      script_cvs_date("Date: 2019/10/25 13:36:09");
    
      script_cve_id("CVE-2011-0084", "CVE-2011-2378", "CVE-2011-2982");
      script_xref(name:"RHSA", value:"2011:1166");
    
      script_name(english:"Oracle Linux 6 : thunderbird (ELSA-2011-1166)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2011:1166 :
    
    An updated thunderbird package that fixes several security issues is
    now available for Red Hat Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    critical security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    Mozilla Thunderbird is a standalone mail and newsgroup client.
    
    Several flaws were found in the processing of malformed HTML content.
    Malicious HTML content could cause Thunderbird to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running Thunderbird. (CVE-2011-2982)
    
    A dangling pointer flaw was found in the Thunderbird Scalable Vector
    Graphics (SVG) text manipulation routine. An HTML mail message
    containing a malicious SVG image could cause Thunderbird to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running Thunderbird. (CVE-2011-0084)
    
    A dangling pointer flaw was found in the way Thunderbird handled a
    certain Document Object Model (DOM) element. An HTML mail message
    containing malicious content could cause Thunderbird to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running Thunderbird. (CVE-2011-2378)
    
    All Thunderbird users should upgrade to this updated package, which
    resolves these issues. All running instances of Thunderbird must be
    restarted for the update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2011-August/002285.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected thunderbird package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:thunderbird");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL6", reference:"thunderbird-3.1.12-1.0.1.el6_1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-1165.NASL
    descriptionFrom Red Hat Security Advisory 2011:1165 : An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2982) A flaw was found in the way Thunderbird handled malformed JavaScript. Malicious content could cause Thunderbird to access already freed memory, causing Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2983) Note: This update disables support for Scalable Vector Graphics (SVG) images in Thunderbird on Red Hat Enterprise Linux 5. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68327
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68327
    titleOracle Linux 4 : thunderbird (ELSA-2011-1165)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2011:1165 and 
    # Oracle Linux Security Advisory ELSA-2011-1165 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(68327);
      script_version("1.13");
      script_cvs_date("Date: 2019/10/25 13:36:09");
    
      script_cve_id("CVE-2011-2982", "CVE-2011-2983");
      script_bugtraq_id(49166);
      script_xref(name:"RHSA", value:"2011:1165");
    
      script_name(english:"Oracle Linux 4 : thunderbird (ELSA-2011-1165)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2011:1165 :
    
    An updated thunderbird package that fixes several security issues is
    now available for Red Hat Enterprise Linux 4 and 5.
    
    The Red Hat Security Response Team has rated this update as having
    critical security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    Mozilla Thunderbird is a standalone mail and newsgroup client.
    
    Several flaws were found in the processing of malformed HTML content.
    Malicious HTML content could cause Thunderbird to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running Thunderbird. (CVE-2011-2982)
    
    A flaw was found in the way Thunderbird handled malformed JavaScript.
    Malicious content could cause Thunderbird to access already freed
    memory, causing Thunderbird to crash or, potentially, execute
    arbitrary code with the privileges of the user running Thunderbird.
    (CVE-2011-2983)
    
    Note: This update disables support for Scalable Vector Graphics (SVG)
    images in Thunderbird on Red Hat Enterprise Linux 5.
    
    All Thunderbird users should upgrade to this updated package, which
    resolves these issues. All running instances of Thunderbird must be
    restarted for the update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2011-August/002288.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected thunderbird package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:thunderbird");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL4", reference:"thunderbird-1.5.0.12-40.0.1.el4")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1165.NASL
    descriptionAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2982) A flaw was found in the way Thunderbird handled malformed JavaScript. Malicious content could cause Thunderbird to access already freed memory, causing Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2983) Note: This update disables support for Scalable Vector Graphics (SVG) images in Thunderbird on Red Hat Enterprise Linux 5. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id55880
    published2011-08-17
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55880
    titleRHEL 4 / 5 : thunderbird (RHSA-2011:1165)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2011:1165. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(55880);
      script_version ("1.22");
      script_cvs_date("Date: 2019/10/25 13:36:16");
    
      script_cve_id("CVE-2011-2982", "CVE-2011-2983");
      script_bugtraq_id(49166);
      script_xref(name:"RHSA", value:"2011:1165");
    
      script_name(english:"RHEL 4 / 5 : thunderbird (RHSA-2011:1165)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An updated thunderbird package that fixes several security issues is
    now available for Red Hat Enterprise Linux 4 and 5.
    
    The Red Hat Security Response Team has rated this update as having
    critical security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    Mozilla Thunderbird is a standalone mail and newsgroup client.
    
    Several flaws were found in the processing of malformed HTML content.
    Malicious HTML content could cause Thunderbird to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running Thunderbird. (CVE-2011-2982)
    
    A flaw was found in the way Thunderbird handled malformed JavaScript.
    Malicious content could cause Thunderbird to access already freed
    memory, causing Thunderbird to crash or, potentially, execute
    arbitrary code with the privileges of the user running Thunderbird.
    (CVE-2011-2983)
    
    Note: This update disables support for Scalable Vector Graphics (SVG)
    images in Thunderbird on Red Hat Enterprise Linux 5.
    
    All Thunderbird users should upgrade to this updated package, which
    resolves these issues. All running instances of Thunderbird must be
    restarted for the update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2011-2982"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2011-2983"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2011:1165"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected thunderbird package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:thunderbird");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2011:1165";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", reference:"thunderbird-1.5.0.12-40.el4")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"thunderbird-2.0.0.24-21.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"thunderbird-2.0.0.24-21.el5")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird");
      }
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1184-1.NASL
    descriptionGary Kwong, Igor Bukanov, and Bob Clary discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2982) It was discovered that a vulnerability in event management code could permit JavaScript to be run in the wrong context. This could potentially allow a malicious website to run code as another website or with escalated privileges within the browser. (CVE-2011-2981) It was discovered that an SVG text manipulation routine contained a dangling pointer vulnerability. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-0084) It was discovered that web content could receive chrome privileges if it registered for drop events and a browser tab element was dropped into the content area. This could potentially allow a malicious website to run code with escalated privileges within the browser. (CVE-2011-2984) It was discovered that appendChild contained a dangling pointer vulnerability. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2378) It was discovered that data from other domains could be read when RegExp.input was set. This could potentially allow a malicious website access to private data from other domains. (CVE-2011-2983). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55921
    published2011-08-20
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55921
    titleUbuntu 10.04 LTS / 10.10 : firefox, xulrunner-1.9.2 vulnerabilities (USN-1184-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1184-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(55921);
      script_version("1.13");
      script_cvs_date("Date: 2019/10/16 10:34:22");
    
      script_cve_id("CVE-2011-0084", "CVE-2011-2378", "CVE-2011-2981", "CVE-2011-2982", "CVE-2011-2983", "CVE-2011-2984");
      script_bugtraq_id(49166, 49213, 49214, 49216, 49218, 49219, 49223);
      script_xref(name:"USN", value:"1184-1");
    
      script_name(english:"Ubuntu 10.04 LTS / 10.10 : firefox, xulrunner-1.9.2 vulnerabilities (USN-1184-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Gary Kwong, Igor Bukanov, and Bob Clary discovered multiple memory
    vulnerabilities in the browser rendering engine. An attacker could use
    these to possibly execute arbitrary code with the privileges of the
    user invoking Firefox. (CVE-2011-2982)
    
    It was discovered that a vulnerability in event management code could
    permit JavaScript to be run in the wrong context. This could
    potentially allow a malicious website to run code as another website
    or with escalated privileges within the browser. (CVE-2011-2981)
    
    It was discovered that an SVG text manipulation routine contained a
    dangling pointer vulnerability. An attacker could potentially use this
    to crash Firefox or execute arbitrary code with the privileges of the
    user invoking Firefox. (CVE-2011-0084)
    
    It was discovered that web content could receive chrome privileges if
    it registered for drop events and a browser tab element was dropped
    into the content area. This could potentially allow a malicious
    website to run code with escalated privileges within the browser.
    (CVE-2011-2984)
    
    It was discovered that appendChild contained a dangling pointer
    vulnerability. An attacker could potentially use this to crash Firefox
    or execute arbitrary code with the privileges of the user invoking
    Firefox. (CVE-2011-2378)
    
    It was discovered that data from other domains could be read when
    RegExp.input was set. This could potentially allow a malicious website
    access to private data from other domains. (CVE-2011-2983).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1184-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox and / or xulrunner-1.9.2 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04|10\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 10.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"firefox", pkgver:"3.6.20+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"xulrunner-1.9.2", pkgver:"1.9.2.20+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"firefox", pkgver:"3.6.20+build1+nobinonly-0ubuntu0.10.10.1")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"xulrunner-1.9.2", pkgver:"1.9.2.20+build1+nobinonly-0ubuntu0.10.10.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / xulrunner-1.9.2");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-1167.NASL
    descriptionUpdated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-2982) A flaw was found in the way SeaMonkey handled malformed JavaScript. A web page containing malicious JavaScript could cause SeaMonkey to access already freed memory, causing SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-2983) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id55864
    published2011-08-17
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55864
    titleCentOS 4 : seamonkey (CESA-2011:1167)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2011:1167 and 
    # CentOS Errata and Security Advisory 2011:1167 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(55864);
      script_version("1.13");
      script_cvs_date("Date: 2019/10/25 13:36:06");
    
      script_cve_id("CVE-2011-2982", "CVE-2011-2983");
      script_xref(name:"RHSA", value:"2011:1167");
    
      script_name(english:"CentOS 4 : seamonkey (CESA-2011:1167)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated SeaMonkey packages that fix several security issues are now
    available for Red Hat Enterprise Linux 4.
    
    The Red Hat Security Response Team has rated this update as having
    critical security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    SeaMonkey is an open source web browser, email and newsgroup client,
    IRC chat client, and HTML editor.
    
    Several flaws were found in the processing of malformed web content. A
    web page containing malicious content could cause SeaMonkey to crash
    or, potentially, execute arbitrary code with the privileges of the
    user running SeaMonkey. (CVE-2011-2982)
    
    A flaw was found in the way SeaMonkey handled malformed JavaScript. A
    web page containing malicious JavaScript could cause SeaMonkey to
    access already freed memory, causing SeaMonkey to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running SeaMonkey. (CVE-2011-2983)
    
    All SeaMonkey users should upgrade to these updated packages, which
    correct these issues. After installing the update, SeaMonkey must be
    restarted for the changes to take effect."
      );
      # https://lists.centos.org/pipermail/centos-announce/2011-August/017694.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?71f84f46"
      );
      # https://lists.centos.org/pipermail/centos-announce/2011-August/017695.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2b602541"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected seamonkey packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-chat");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-js-debugger");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-mail");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-1.0.9-72.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-1.0.9-72.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-chat-1.0.9-72.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-chat-1.0.9-72.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-devel-1.0.9-72.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-devel-1.0.9-72.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-dom-inspector-1.0.9-72.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-dom-inspector-1.0.9-72.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-js-debugger-1.0.9-72.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-js-debugger-1.0.9-72.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-mail-1.0.9-72.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-mail-1.0.9-72.el4.centos")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey / seamonkey-chat / seamonkey-devel / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2297.NASL
    descriptionSeveral vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. - CVE-2011-0084
    last seen2020-03-17
    modified2011-08-23
    plugin id55942
    published2011-08-23
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55942
    titleDebian DSA-2297-1 : icedove - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2297. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(55942);
      script_version("1.15");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2011-0084", "CVE-2011-2378", "CVE-2011-2981", "CVE-2011-2982", "CVE-2011-2983", "CVE-2011-2984");
      script_bugtraq_id(49213, 49214, 49216, 49218, 49219, 49223);
      script_xref(name:"DSA", value:"2297");
    
      script_name(english:"Debian DSA-2297-1 : icedove - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in Icedove, an unbranded
    version of the Thunderbird mail/news client.
    
      - CVE-2011-0084
        'regenrecht' discovered that incorrect pointer handling
        in the SVG processing code could lead to the execution
        of arbitrary code.
    
      - CVE-2011-2378
        'regenrecht' discovered that incorrect memory management
        in DOM processing could lead to the execution of
        arbitrary code.
    
      - CVE-2011-2981
        'moz_bug_r_a_4' discovered a Chrome privilege escalation
        vulnerability in the event handler code.
    
      - CVE-2011-2982
        Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered
        memory corruption bugs, which may lead to the execution
        of arbitrary code.
    
      - CVE-2011-2983
        'shutdown' discovered an information leak in the
        handling of RegExp.input.
    
      - CVE-2011-2984
        'moz_bug_r_a4' discovered a Chrome privilege escalation
        vulnerability.
    
    As indicated in the Lenny (oldstable) release notes, security support
    for the Icedove packages in the oldstable needed to be stopped before
    the end of the regular Lenny security maintenance life cycle. You are
    strongly encouraged to upgrade to stable or switch to a different mail
    client."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-0084"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-2378"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-2981"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-2982"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-2983"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-2984"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/squeeze/icedove"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2011/dsa-2297"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the iceweasel packages.
    
    For the stable distribution (squeeze), this problem has been fixed in
    version 3.0.11-1+squeeze4."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icedove");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"6.0", prefix:"icedove", reference:"3.0.11-1+squeeze4")) flag++;
    if (deb_check(release:"6.0", prefix:"icedove-dbg", reference:"3.0.11-1+squeeze4")) flag++;
    if (deb_check(release:"6.0", prefix:"icedove-dev", reference:"3.0.11-1+squeeze4")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110816_FIREFOX_ON_SL4_X.NASL
    descriptionMozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2982) A dangling pointer flaw was found in the Firefox Scalable Vector Graphics (SVG) text manipulation routine. A web page containing a malicious SVG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0084) A dangling pointer flaw was found in the way Firefox handled a certain Document Object Model (DOM) element. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2378) A flaw was found in the event management code in Firefox. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox. (CVE-2011-2981) A flaw was found in the way Firefox handled malformed JavaScript. A web page containing malicious JavaScript could cause Firefox to access already freed memory, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2983) It was found that a malicious web page could execute arbitrary code with the privileges of the user running Firefox if the user dropped a tab onto the malicious web page. (CVE-2011-2984) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.20. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.20, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id61112
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61112
    titleScientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_3620.NASL
    descriptionThe installed version of Firefox 3.6 is earlier than 3.6.20. As such, it is potentially affected by the following security issues : - A dangling pointer vulnerability exists in an SVG text manipulation routine. (CVE-2011-0084) - A DOM accounting error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id55901
    published2011-08-18
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55901
    titleFirefox 3.6 < 3.6.20 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_MOZILLAFIREFOX-110824.NASL
    descriptionMozilla Firefox was updated to version 3.6.20. It fixes bugs and security issues. Following security issues were fixed: Mozilla Foundation Security Advisory 2011-30 - MFSA 2011-30 - Miscellaneous memory safety hazards Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Firefox 3.6. (CVE-2011-2982) - Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id56003
    published2011-08-30
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56003
    titleSuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 5057)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-7712.NASL
    descriptionMozilla Firefox was updated to version 3.6.20. It fixes bugs and security issues. Following security issues were fixed: Mozilla Foundation Security Advisory 2011-30 - MFSA 2011-30 - Miscellaneous memory safety hazards Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Firefox 3.6. (CVE-2011-2982) - Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id56005
    published2011-08-30
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56005
    titleSuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7712)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_MOZILLAFIREFOX-110817.NASL
    descriptionMozilla Firefox was updated to version 3.6.20. It fixes bugs and security issues. Following security issues were fixed: http://www.mozilla.org/security/announce/2011/mfsa2011-30.html Mozilla Foundation Security Advisory 2011-30 (MFSA 2011-30) - Miscellaneous memory safety hazards Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Firefox 3.6. (CVE-2011-2982) - Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id75654
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75654
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:0958-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-1164.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2982) A dangling pointer flaw was found in the Firefox Scalable Vector Graphics (SVG) text manipulation routine. A web page containing a malicious SVG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0084) A dangling pointer flaw was found in the way Firefox handled a certain Document Object Model (DOM) element. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2378) A flaw was found in the event management code in Firefox. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox. (CVE-2011-2981) A flaw was found in the way Firefox handled malformed JavaScript. A web page containing malicious JavaScript could cause Firefox to access already freed memory, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2983) It was found that a malicious web page could execute arbitrary code with the privileges of the user running Firefox if the user dropped a tab onto the malicious web page. (CVE-2011-2984) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.20. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.20, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id55862
    published2011-08-17
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55862
    titleCentOS 4 / 5 : firefox / xulrunner (CESA-2011:1164)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-7713.NASL
    descriptionMozilla Firefox was updated to version 3.6.20. It fixes bugs and security issues. Following security issues were fixed: Mozilla Foundation Security Advisory 2011-30 - MFSA 2011-30 - Miscellaneous memory safety hazards Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Firefox 3.6. (CVE-2011-2982) - Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id57150
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57150
    titleSuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7713)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-1165.NASL
    descriptionAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2982) A flaw was found in the way Thunderbird handled malformed JavaScript. Malicious content could cause Thunderbird to access already freed memory, causing Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2983) Note: This update disables support for Scalable Vector Graphics (SVG) images in Thunderbird on Red Hat Enterprise Linux 5. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id55863
    published2011-08-17
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55863
    titleCentOS 4 / 5 : thunderbird (CESA-2011:1165)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2295.NASL
    descriptionSeveral vulnerabilities have been found in the Iceape internet suite, an unbranded version of SeaMonkey : - CVE-2011-0084
    last seen2020-03-17
    modified2011-08-18
    plugin id55888
    published2011-08-18
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55888
    titleDebian DSA-2295-1 : iceape - several vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_MOZILLATHUNDERBIRD-110826.NASL
    descriptionMozilla Thunderbird was updated to 3.1.12 fixing various bugs and security issues : Mozilla Foundation Security Advisory 2011-32 (MFSA 2011-32) http://www.mozilla.org/security/announce/2011/mfsa2011-32.html Many of the issues listed below are not exploitable through mail since JavaScript is disabled by default in Thunderbird. These particular issues may be triggered while viewing RSS feeds and displaying full remote content rather than the feed summary. Addons that expose browser functionality may also enable such issues to be exploited. dbg114-MozillaThunderbird-5050 MozillaThunderbird-5050 new_updateinfo Miscellaneous memory safety hazards (rv:1.9.2.20) Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Thunderbird 3.1 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Thunderbird 3.1. (CVE-2011-2982) dbg114-MozillaThunderbird-5050 MozillaThunderbird-5050 new_updateinfo Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id75966
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75966
    titleopenSUSE Security Update : MozillaThunderbird (MozillaThunderbird-5050)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2011-127.NASL
    descriptionSecurity issues were identified and fixed in mozilla firefox and thunderbird : Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2011-2982). Security researcher regenrecht reported via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id55894
    published2011-08-18
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55894
    titleMandriva Linux Security Advisory : mozilla (MDVSA-2011:127)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-1164.NASL
    descriptionFrom Red Hat Security Advisory 2011:1164 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2982) A dangling pointer flaw was found in the Firefox Scalable Vector Graphics (SVG) text manipulation routine. A web page containing a malicious SVG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0084) A dangling pointer flaw was found in the way Firefox handled a certain Document Object Model (DOM) element. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2378) A flaw was found in the event management code in Firefox. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox. (CVE-2011-2981) A flaw was found in the way Firefox handled malformed JavaScript. A web page containing malicious JavaScript could cause Firefox to access already freed memory, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2983) It was found that a malicious web page could execute arbitrary code with the privileges of the user running Firefox if the user dropped a tab onto the malicious web page. (CVE-2011-2984) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.20. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.20, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68326
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68326
    titleOracle Linux 4 / 5 / 6 : firefox (ELSA-2011-1164)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_834591A9C82F11E0897D6C626DD55A41.NASL
    descriptionThe Mozilla Project reports : MFSA 2011-29 Security issues addressed in Firefox 6 MFSA 2011-28 Security issues addressed in Firefox 3.6.20
    last seen2020-06-01
    modified2020-06-02
    plugin id55878
    published2011-08-17
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55878
    titleFreeBSD : mozilla -- multiple vulnerabilities (834591a9-c82f-11e0-897d-6c626dd55a41)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201301-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id63402
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63402
    titleGLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1164.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2982) A dangling pointer flaw was found in the Firefox Scalable Vector Graphics (SVG) text manipulation routine. A web page containing a malicious SVG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0084) A dangling pointer flaw was found in the way Firefox handled a certain Document Object Model (DOM) element. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2378) A flaw was found in the event management code in Firefox. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox. (CVE-2011-2981) A flaw was found in the way Firefox handled malformed JavaScript. A web page containing malicious JavaScript could cause Firefox to access already freed memory, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2983) It was found that a malicious web page could execute arbitrary code with the privileges of the user running Firefox if the user dropped a tab onto the malicious web page. (CVE-2011-2984) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.20. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.20, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id55879
    published2011-08-17
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55879
    titleRHEL 4 / 5 / 6 : firefox (RHSA-2011:1164)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110816_THUNDERBIRD_ON_SL4_X.NASL
    descriptionMozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2982) A flaw was found in the way Thunderbird handled malformed JavaScript. Malicious content could cause Thunderbird to access already freed memory, causing Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2983) Note: This update disables support for Scalable Vector Graphics (SVG) images in Thunderbird on Scientific Linux 5. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id61114
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61114
    titleScientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110816_SEAMONKEY_ON_SL4_X.NASL
    descriptionSeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-2982) A flaw was found in the way SeaMonkey handled malformed JavaScript. A web page containing malicious JavaScript could cause SeaMonkey to access already freed memory, causing SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-2983) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id61113
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61113
    titleScientific Linux Security Update : seamonkey on SL4.x i386/x86_64
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-1167.NASL
    descriptionFrom Red Hat Security Advisory 2011:1167 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-2982) A flaw was found in the way SeaMonkey handled malformed JavaScript. A web page containing malicious JavaScript could cause SeaMonkey to access already freed memory, causing SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-2983) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68329
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68329
    titleOracle Linux 4 : seamonkey (ELSA-2011-1167)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_3112.NASL
    descriptionThe installed version of Thunderbird 3.1 is earlier than 3.1.12. As such, it is potentially affected by the following security issues : - Several memory safety bugs exist in the browser engine that may permit remote code execution. (CVE-2011-2982) - A dangling pointer vulnerability exists in an SVG text manipulation routine. (CVE-2011-0084) - A dangling pointer vulnerability exists in appendChild, which did not correctly account for DOM objects it operated upon. (CVE-2011-2378) - A privilege escalation vulnerability in the event management code could permit JavaScript to be run in the wrong context. (CVE-2011-2981) - A privilege escalation vulnerability exists if a web page registered for drop events and a browser tab element was dropped into the content area. (CVE-2011-2984) - A binary planting vulnerability in ThinkPadSensor::Startup could permit loading a malicious DLL into the running process. (CVE-2011-2980) - A data leakage vulnerability triggered when RegExp.input was set could allow data from other domains to be read. (CVE-2011-2983)
    last seen2020-06-01
    modified2020-06-02
    plugin id55886
    published2011-08-17
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55886
    titleMozilla Thunderbird 3.1 < 3.1.12 Multiple Vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2296.NASL
    descriptionSeveral vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. - CVE-2011-0084
    last seen2020-03-17
    modified2011-08-18
    plugin id55889
    published2011-08-18
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55889
    titleDebian DSA-2296-1 : iceweasel - several vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1185-1.NASL
    descriptionGary Kwong, Igor Bukanov, and Bob Clary discovered multiple memory vulnerabilities in the Gecko rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2011-2982) It was discovered that a vulnerability in event management code could permit JavaScript to be run in the wrong context. This could potentially allow a malicious website to run code as another website or with escalated privileges in a chrome-privileged context. (CVE-2011-2981) It was discovered that an SVG text manipulation routine contained a dangling pointer vulnerability. An attacker could potentially use this to crash Thunderbird or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2011-0084) It was discovered that web content could receive chrome privileges if it registered for drop events and a browser tab element was dropped into the content area. This could potentially allow a malicious website to run code with escalated privileges within Thunderbird. (CVE-2011-2984) It was discovered that appendChild contained a dangling pointer vulnerability. An attacker could potentially use this to crash Thunderbird or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2011-2378) It was discovered that data from other domains could be read when RegExp.input was set. This could potentially allow a malicious website access to private data from other domains. (CVE-2011-2983). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55982
    published2011-08-26
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55982
    titleUbuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerabilities (USN-1185-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1166.NASL
    descriptionAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2982) A dangling pointer flaw was found in the Thunderbird Scalable Vector Graphics (SVG) text manipulation routine. An HTML mail message containing a malicious SVG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0084) A dangling pointer flaw was found in the way Thunderbird handled a certain Document Object Model (DOM) element. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2378) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id55881
    published2011-08-17
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55881
    titleRHEL 6 : thunderbird (RHSA-2011:1166)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_MOZILLATHUNDERBIRD-110826.NASL
    descriptionMozilla Thunderbird was updated to 3.1.12 fixing various bugs and security issues : Mozilla Foundation Security Advisory 2011-32 (MFSA 2011-32) http://www.mozilla.org/security/announce/2011/mfsa2011-32.html Many of the issues listed below are not exploitable through mail since JavaScript is disabled by default in Thunderbird. These particular issues may be triggered while viewing RSS feeds and displaying full remote content rather than the feed summary. Addons that expose browser functionality may also enable such issues to be exploited. - Miscellaneous memory safety hazards (rv:1.9.2.20) Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Thunderbird 3.1 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Thunderbird 3.1. (CVE-2011-2982) - Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id75666
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75666
    titleopenSUSE Security Update : MozillaThunderbird (openSUSE-SU-2011:0935-2)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1167.NASL
    descriptionUpdated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-2982) A flaw was found in the way SeaMonkey handled malformed JavaScript. A web page containing malicious JavaScript could cause SeaMonkey to access already freed memory, causing SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-2983) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id55882
    published2011-08-17
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55882
    titleRHEL 4 : seamonkey (RHSA-2011:1167)

Oval

accepted2014-10-06T04:01:25.072-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationDTCC
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameRichard Helbing
    organizationbaramundi software
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
definition_extensions
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Seamonkey is installed
    ovaloval:org.mitre.oval:def:6372
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Seamonkey is installed
    ovaloval:org.mitre.oval:def:6372
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
descriptionMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
familywindows
idoval:org.mitre.oval:def:14294
statusaccepted
submitted2011-11-25T18:25:42.000-05:00
titleMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
version36

Redhat

advisories
  • bugzilla
    id730521
    titleCVE-2011-2378 Mozilla: Dangling pointer vulnerability in appendChild
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • commentthunderbird is earlier than 0:3.1.12-1.el6_1
        ovaloval:com.redhat.rhsa:tst:20111166001
      • commentthunderbird is signed with Red Hat redhatrelease2 key
        ovaloval:com.redhat.rhsa:tst:20100896002
    rhsa
    idRHSA-2011:1166
    released2011-08-16
    severityCritical
    titleRHSA-2011:1166: thunderbird security update (Critical)
  • rhsa
    idRHSA-2011:1164
  • rhsa
    idRHSA-2011:1165
  • rhsa
    idRHSA-2011:1167
rpms
  • firefox-0:3.6.20-2.el4
  • firefox-0:3.6.20-2.el5
  • firefox-0:3.6.20-2.el6_1
  • firefox-debuginfo-0:3.6.20-2.el4
  • firefox-debuginfo-0:3.6.20-2.el5
  • firefox-debuginfo-0:3.6.20-2.el6_1
  • xulrunner-0:1.9.2.20-2.el5
  • xulrunner-0:1.9.2.20-2.el6_1
  • xulrunner-debuginfo-0:1.9.2.20-2.el5
  • xulrunner-debuginfo-0:1.9.2.20-2.el6_1
  • xulrunner-devel-0:1.9.2.20-2.el5
  • xulrunner-devel-0:1.9.2.20-2.el6_1
  • thunderbird-0:1.5.0.12-40.el4
  • thunderbird-0:2.0.0.24-21.el5
  • thunderbird-debuginfo-0:1.5.0.12-40.el4
  • thunderbird-debuginfo-0:2.0.0.24-21.el5
  • thunderbird-0:3.1.12-1.el6_1
  • thunderbird-debuginfo-0:3.1.12-1.el6_1
  • seamonkey-0:1.0.9-72.el4
  • seamonkey-chat-0:1.0.9-72.el4
  • seamonkey-debuginfo-0:1.0.9-72.el4
  • seamonkey-devel-0:1.0.9-72.el4
  • seamonkey-dom-inspector-0:1.0.9-72.el4
  • seamonkey-js-debugger-0:1.0.9-72.el4
  • seamonkey-mail-0:1.0.9-72.el4

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 49166 CVE ID: CVE-2011-0084,CVE-2011-2978,CVE-2011-2980,CVE-2011-2981,CVE-2011-2982,CVE-2011-2983,CVE-2011-2984,CVE-2011-2985,CVE-2011-2986,CVE-2011-2987,CVE-2011-2988,CVE-2011-2989,CVE-2011-2990,CVE-2011-2991,CVE-2011-2992,CVE-2011-2993 Firefox是一款非常流行的开源WEB浏览器。Thunderbird是一个邮件客户端,支持IMAP、POP邮件协议以及HTML邮件格式。SeaMonkey是开源的Web浏览器、邮件和新闻组客户端、IRC会话客户端和HTML编辑器。 Mozilla Firefox/Thunderbird/SeaMonkey在实现上存在多个漏洞,远程攻击者可利用此漏洞执行任意代码,使受影响应用程序崩溃,获取敏感信息。 Mozilla Thunderbird 3.x Mozilla Thunderbird 2.x 厂商补丁: Mozilla ------- Mozilla已经为此发布了一个安全公告(mfsa2011-29)以及相应补丁: mfsa2011-29:Mozilla Foundation Security Advisory 2011-29 链接:http://www.mozilla.org/security/announce/2011/mfsa2011-29.html
idSSV:20867
last seen2017-11-19
modified2011-08-18
published2011-08-18
reporterRoot
titleMozilla Firefox/Thunderbird/SeaMonkey多个安全漏洞