Vulnerabilities > CVE-2011-2984 - Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
mozilla
CWE-94
critical
nessus

Summary

Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.

Vulnerable Configurations

Part Description Count
Application
Mozilla
233

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Manipulating User-Controlled Variables
    This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_MOZILLA-JS192-110817.NASL
    descriptionMozilla XULRunner was updated to version 1.9.2.20. The update fixes bugs and security issues. Following security issues were fixed: http://www.mozilla.org/security/announce/2011/mfsa2011-30.html Mozilla Foundation Security Advisory 2011-30 (MFSA 2011-30) dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo Miscellaneous memory safety hazards Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Firefox 3.6. (CVE-2011-2982) dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id75958
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75958
    titleopenSUSE Security Update : mozilla-js192 (mozilla-js192-5010)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update mozilla-js192-5010.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75958);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/25 13:36:42");
    
      script_cve_id("CVE-2011-0084", "CVE-2011-2378", "CVE-2011-2980", "CVE-2011-2981", "CVE-2011-2982", "CVE-2011-2983", "CVE-2011-2984");
    
      script_name(english:"openSUSE Security Update : mozilla-js192 (mozilla-js192-5010)");
      script_summary(english:"Check for the mozilla-js192-5010 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Mozilla XULRunner was updated to version 1.9.2.20.
    
    The update fixes bugs and security issues. Following security issues
    were fixed:
    http://www.mozilla.org/security/announce/2011/mfsa2011-30.html Mozilla
    Foundation Security Advisory 2011-30 (MFSA 2011-30)
    
    dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo
    Miscellaneous memory safety hazards
    
    Mozilla developers and community members identified and fixed several
    memory safety bugs in the browser engine used in Firefox 3.6 and other
    Mozilla-based products. Some of these bugs showed evidence of memory
    corruption under certain circumstances, and we presume that with
    enough effort at least some of these could be exploited to run
    arbitrary code.
    
    Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety
    issues which affected Firefox 3.6. (CVE-2011-2982)
    
    dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo Crash in
    SVGTextElement.getCharNumAtPosition()
    
    Security researcher regenrecht reported via TippingPoint's Zero Day
    Initiative that a SVG text manipulation routine contained a dangling
    pointer vulnerability. (CVE-2011-0084)
    
    dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo Privilege
    escalation using event handlers
    
    Mozilla security researcher moz_bug_r_a_4 reported a vulnerability in
    event management code that would permit JavaScript to be run in the
    wrong context, including that of a different website or potentially in
    a chrome-privileged context. (CVE-2011-2981)
    
    dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo Dangling
    pointer vulnerability in appendChild
    
    Security researcher regenrecht reported via TippingPoint's Zero Day
    Initiative that appendChild did not correctly account for DOM objects
    it operated upon and could be exploited to dereference an invalid
    pointer. (CVE-2011-2378)
    
    dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo Privilege
    escalation dropping a tab element in content area
    
    Mozilla security researcher moz_bug_r_a4 reported that web content
    could receive chrome privileges if it registered for drop events and a
    browser tab element was dropped into the content area. (CVE-2011-2984)
    
    dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo Binary
    planting vulnerability in ThinkPadSensor::Startup
    
    Security researcher Mitja Kolsek of Acros Security reported that
    ThinkPadSensor::Startup could potentially be exploited to load a
    malicious DLL into the running process. (CVE-2011-2980) (This issue is
    likely Windows only)
    
    dbg114-mozilla-js192-5010 mozilla-js192-5010 new_updateinfo Private
    data leakage using RegExp.input
    
    Security researcher shutdown reported that data from other domains
    could be read when RegExp.input was set. (CVE-2011-2983)"
      );
      # http://www.mozilla.org/security/announce/2011/mfsa2011-30.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=712224"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mozilla-js192 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploithub_sku", value:"EH-11-772");
      script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js192");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js192-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.4", reference:"mozilla-js192-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"mozilla-js192-debuginfo-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-buildsymbols-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-debuginfo-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-debugsource-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-devel-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-devel-debuginfo-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-gnome-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-gnome-debuginfo-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-translations-common-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-translations-other-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-js192-32bit-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-js192-debuginfo-32bit-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-xulrunner192-32bit-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-xulrunner192-debuginfo-32bit-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-xulrunner192-gnome-32bit-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-xulrunner192-gnome-debuginfo-32bit-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-xulrunner192-translations-common-32bit-1.9.2.20-1.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-xulrunner192-translations-other-32bit-1.9.2.20-1.2.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla XULRunner");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1184-1.NASL
    descriptionGary Kwong, Igor Bukanov, and Bob Clary discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2982) It was discovered that a vulnerability in event management code could permit JavaScript to be run in the wrong context. This could potentially allow a malicious website to run code as another website or with escalated privileges within the browser. (CVE-2011-2981) It was discovered that an SVG text manipulation routine contained a dangling pointer vulnerability. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-0084) It was discovered that web content could receive chrome privileges if it registered for drop events and a browser tab element was dropped into the content area. This could potentially allow a malicious website to run code with escalated privileges within the browser. (CVE-2011-2984) It was discovered that appendChild contained a dangling pointer vulnerability. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-2378) It was discovered that data from other domains could be read when RegExp.input was set. This could potentially allow a malicious website access to private data from other domains. (CVE-2011-2983). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55921
    published2011-08-20
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55921
    titleUbuntu 10.04 LTS / 10.10 : firefox, xulrunner-1.9.2 vulnerabilities (USN-1184-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1184-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(55921);
      script_version("1.13");
      script_cvs_date("Date: 2019/10/16 10:34:22");
    
      script_cve_id("CVE-2011-0084", "CVE-2011-2378", "CVE-2011-2981", "CVE-2011-2982", "CVE-2011-2983", "CVE-2011-2984");
      script_bugtraq_id(49166, 49213, 49214, 49216, 49218, 49219, 49223);
      script_xref(name:"USN", value:"1184-1");
    
      script_name(english:"Ubuntu 10.04 LTS / 10.10 : firefox, xulrunner-1.9.2 vulnerabilities (USN-1184-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Gary Kwong, Igor Bukanov, and Bob Clary discovered multiple memory
    vulnerabilities in the browser rendering engine. An attacker could use
    these to possibly execute arbitrary code with the privileges of the
    user invoking Firefox. (CVE-2011-2982)
    
    It was discovered that a vulnerability in event management code could
    permit JavaScript to be run in the wrong context. This could
    potentially allow a malicious website to run code as another website
    or with escalated privileges within the browser. (CVE-2011-2981)
    
    It was discovered that an SVG text manipulation routine contained a
    dangling pointer vulnerability. An attacker could potentially use this
    to crash Firefox or execute arbitrary code with the privileges of the
    user invoking Firefox. (CVE-2011-0084)
    
    It was discovered that web content could receive chrome privileges if
    it registered for drop events and a browser tab element was dropped
    into the content area. This could potentially allow a malicious
    website to run code with escalated privileges within the browser.
    (CVE-2011-2984)
    
    It was discovered that appendChild contained a dangling pointer
    vulnerability. An attacker could potentially use this to crash Firefox
    or execute arbitrary code with the privileges of the user invoking
    Firefox. (CVE-2011-2378)
    
    It was discovered that data from other domains could be read when
    RegExp.input was set. This could potentially allow a malicious website
    access to private data from other domains. (CVE-2011-2983).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1184-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox and / or xulrunner-1.9.2 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04|10\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 10.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"firefox", pkgver:"3.6.20+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"xulrunner-1.9.2", pkgver:"1.9.2.20+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"firefox", pkgver:"3.6.20+build1+nobinonly-0ubuntu0.10.10.1")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"xulrunner-1.9.2", pkgver:"1.9.2.20+build1+nobinonly-0ubuntu0.10.10.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / xulrunner-1.9.2");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2297.NASL
    descriptionSeveral vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. - CVE-2011-0084
    last seen2020-03-17
    modified2011-08-23
    plugin id55942
    published2011-08-23
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55942
    titleDebian DSA-2297-1 : icedove - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2297. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(55942);
      script_version("1.15");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2011-0084", "CVE-2011-2378", "CVE-2011-2981", "CVE-2011-2982", "CVE-2011-2983", "CVE-2011-2984");
      script_bugtraq_id(49213, 49214, 49216, 49218, 49219, 49223);
      script_xref(name:"DSA", value:"2297");
    
      script_name(english:"Debian DSA-2297-1 : icedove - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in Icedove, an unbranded
    version of the Thunderbird mail/news client.
    
      - CVE-2011-0084
        'regenrecht' discovered that incorrect pointer handling
        in the SVG processing code could lead to the execution
        of arbitrary code.
    
      - CVE-2011-2378
        'regenrecht' discovered that incorrect memory management
        in DOM processing could lead to the execution of
        arbitrary code.
    
      - CVE-2011-2981
        'moz_bug_r_a_4' discovered a Chrome privilege escalation
        vulnerability in the event handler code.
    
      - CVE-2011-2982
        Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered
        memory corruption bugs, which may lead to the execution
        of arbitrary code.
    
      - CVE-2011-2983
        'shutdown' discovered an information leak in the
        handling of RegExp.input.
    
      - CVE-2011-2984
        'moz_bug_r_a4' discovered a Chrome privilege escalation
        vulnerability.
    
    As indicated in the Lenny (oldstable) release notes, security support
    for the Icedove packages in the oldstable needed to be stopped before
    the end of the regular Lenny security maintenance life cycle. You are
    strongly encouraged to upgrade to stable or switch to a different mail
    client."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-0084"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-2378"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-2981"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-2982"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-2983"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-2984"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/squeeze/icedove"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2011/dsa-2297"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the iceweasel packages.
    
    For the stable distribution (squeeze), this problem has been fixed in
    version 3.0.11-1+squeeze4."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icedove");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"6.0", prefix:"icedove", reference:"3.0.11-1+squeeze4")) flag++;
    if (deb_check(release:"6.0", prefix:"icedove-dbg", reference:"3.0.11-1+squeeze4")) flag++;
    if (deb_check(release:"6.0", prefix:"icedove-dev", reference:"3.0.11-1+squeeze4")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110816_FIREFOX_ON_SL4_X.NASL
    descriptionMozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2982) A dangling pointer flaw was found in the Firefox Scalable Vector Graphics (SVG) text manipulation routine. A web page containing a malicious SVG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0084) A dangling pointer flaw was found in the way Firefox handled a certain Document Object Model (DOM) element. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2378) A flaw was found in the event management code in Firefox. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox. (CVE-2011-2981) A flaw was found in the way Firefox handled malformed JavaScript. A web page containing malicious JavaScript could cause Firefox to access already freed memory, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2983) It was found that a malicious web page could execute arbitrary code with the privileges of the user running Firefox if the user dropped a tab onto the malicious web page. (CVE-2011-2984) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.20. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.20, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id61112
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61112
    titleScientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_3620.NASL
    descriptionThe installed version of Firefox 3.6 is earlier than 3.6.20. As such, it is potentially affected by the following security issues : - A dangling pointer vulnerability exists in an SVG text manipulation routine. (CVE-2011-0084) - A DOM accounting error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id55901
    published2011-08-18
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55901
    titleFirefox 3.6 < 3.6.20 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_MOZILLAFIREFOX-110824.NASL
    descriptionMozilla Firefox was updated to version 3.6.20. It fixes bugs and security issues. Following security issues were fixed: Mozilla Foundation Security Advisory 2011-30 - MFSA 2011-30 - Miscellaneous memory safety hazards Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Firefox 3.6. (CVE-2011-2982) - Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id56003
    published2011-08-30
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56003
    titleSuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 5057)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-7712.NASL
    descriptionMozilla Firefox was updated to version 3.6.20. It fixes bugs and security issues. Following security issues were fixed: Mozilla Foundation Security Advisory 2011-30 - MFSA 2011-30 - Miscellaneous memory safety hazards Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Firefox 3.6. (CVE-2011-2982) - Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id56005
    published2011-08-30
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56005
    titleSuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7712)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_MOZILLAFIREFOX-110817.NASL
    descriptionMozilla Firefox was updated to version 3.6.20. It fixes bugs and security issues. Following security issues were fixed: http://www.mozilla.org/security/announce/2011/mfsa2011-30.html Mozilla Foundation Security Advisory 2011-30 (MFSA 2011-30) - Miscellaneous memory safety hazards Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Firefox 3.6. (CVE-2011-2982) - Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id75654
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75654
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:0958-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-1164.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2982) A dangling pointer flaw was found in the Firefox Scalable Vector Graphics (SVG) text manipulation routine. A web page containing a malicious SVG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0084) A dangling pointer flaw was found in the way Firefox handled a certain Document Object Model (DOM) element. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2378) A flaw was found in the event management code in Firefox. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox. (CVE-2011-2981) A flaw was found in the way Firefox handled malformed JavaScript. A web page containing malicious JavaScript could cause Firefox to access already freed memory, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2983) It was found that a malicious web page could execute arbitrary code with the privileges of the user running Firefox if the user dropped a tab onto the malicious web page. (CVE-2011-2984) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.20. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.20, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id55862
    published2011-08-17
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55862
    titleCentOS 4 / 5 : firefox / xulrunner (CESA-2011:1164)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-7713.NASL
    descriptionMozilla Firefox was updated to version 3.6.20. It fixes bugs and security issues. Following security issues were fixed: Mozilla Foundation Security Advisory 2011-30 - MFSA 2011-30 - Miscellaneous memory safety hazards Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Firefox 3.6. (CVE-2011-2982) - Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id57150
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57150
    titleSuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7713)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2295.NASL
    descriptionSeveral vulnerabilities have been found in the Iceape internet suite, an unbranded version of SeaMonkey : - CVE-2011-0084
    last seen2020-03-17
    modified2011-08-18
    plugin id55888
    published2011-08-18
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55888
    titleDebian DSA-2295-1 : iceape - several vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_MOZILLATHUNDERBIRD-110826.NASL
    descriptionMozilla Thunderbird was updated to 3.1.12 fixing various bugs and security issues : Mozilla Foundation Security Advisory 2011-32 (MFSA 2011-32) http://www.mozilla.org/security/announce/2011/mfsa2011-32.html Many of the issues listed below are not exploitable through mail since JavaScript is disabled by default in Thunderbird. These particular issues may be triggered while viewing RSS feeds and displaying full remote content rather than the feed summary. Addons that expose browser functionality may also enable such issues to be exploited. dbg114-MozillaThunderbird-5050 MozillaThunderbird-5050 new_updateinfo Miscellaneous memory safety hazards (rv:1.9.2.20) Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Thunderbird 3.1 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Thunderbird 3.1. (CVE-2011-2982) dbg114-MozillaThunderbird-5050 MozillaThunderbird-5050 new_updateinfo Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id75966
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75966
    titleopenSUSE Security Update : MozillaThunderbird (MozillaThunderbird-5050)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2011-127.NASL
    descriptionSecurity issues were identified and fixed in mozilla firefox and thunderbird : Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2011-2982). Security researcher regenrecht reported via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id55894
    published2011-08-18
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55894
    titleMandriva Linux Security Advisory : mozilla (MDVSA-2011:127)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-1164.NASL
    descriptionFrom Red Hat Security Advisory 2011:1164 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2982) A dangling pointer flaw was found in the Firefox Scalable Vector Graphics (SVG) text manipulation routine. A web page containing a malicious SVG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0084) A dangling pointer flaw was found in the way Firefox handled a certain Document Object Model (DOM) element. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2378) A flaw was found in the event management code in Firefox. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox. (CVE-2011-2981) A flaw was found in the way Firefox handled malformed JavaScript. A web page containing malicious JavaScript could cause Firefox to access already freed memory, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2983) It was found that a malicious web page could execute arbitrary code with the privileges of the user running Firefox if the user dropped a tab onto the malicious web page. (CVE-2011-2984) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.20. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.20, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68326
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68326
    titleOracle Linux 4 / 5 / 6 : firefox (ELSA-2011-1164)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_834591A9C82F11E0897D6C626DD55A41.NASL
    descriptionThe Mozilla Project reports : MFSA 2011-29 Security issues addressed in Firefox 6 MFSA 2011-28 Security issues addressed in Firefox 3.6.20
    last seen2020-06-01
    modified2020-06-02
    plugin id55878
    published2011-08-17
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55878
    titleFreeBSD : mozilla -- multiple vulnerabilities (834591a9-c82f-11e0-897d-6c626dd55a41)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201301-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id63402
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63402
    titleGLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1164.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2982) A dangling pointer flaw was found in the Firefox Scalable Vector Graphics (SVG) text manipulation routine. A web page containing a malicious SVG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0084) A dangling pointer flaw was found in the way Firefox handled a certain Document Object Model (DOM) element. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2378) A flaw was found in the event management code in Firefox. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox. (CVE-2011-2981) A flaw was found in the way Firefox handled malformed JavaScript. A web page containing malicious JavaScript could cause Firefox to access already freed memory, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2983) It was found that a malicious web page could execute arbitrary code with the privileges of the user running Firefox if the user dropped a tab onto the malicious web page. (CVE-2011-2984) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.20. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.20, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id55879
    published2011-08-17
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55879
    titleRHEL 4 / 5 / 6 : firefox (RHSA-2011:1164)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_3112.NASL
    descriptionThe installed version of Thunderbird 3.1 is earlier than 3.1.12. As such, it is potentially affected by the following security issues : - Several memory safety bugs exist in the browser engine that may permit remote code execution. (CVE-2011-2982) - A dangling pointer vulnerability exists in an SVG text manipulation routine. (CVE-2011-0084) - A dangling pointer vulnerability exists in appendChild, which did not correctly account for DOM objects it operated upon. (CVE-2011-2378) - A privilege escalation vulnerability in the event management code could permit JavaScript to be run in the wrong context. (CVE-2011-2981) - A privilege escalation vulnerability exists if a web page registered for drop events and a browser tab element was dropped into the content area. (CVE-2011-2984) - A binary planting vulnerability in ThinkPadSensor::Startup could permit loading a malicious DLL into the running process. (CVE-2011-2980) - A data leakage vulnerability triggered when RegExp.input was set could allow data from other domains to be read. (CVE-2011-2983)
    last seen2020-06-01
    modified2020-06-02
    plugin id55886
    published2011-08-17
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55886
    titleMozilla Thunderbird 3.1 < 3.1.12 Multiple Vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2296.NASL
    descriptionSeveral vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. - CVE-2011-0084
    last seen2020-03-17
    modified2011-08-18
    plugin id55889
    published2011-08-18
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55889
    titleDebian DSA-2296-1 : iceweasel - several vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1185-1.NASL
    descriptionGary Kwong, Igor Bukanov, and Bob Clary discovered multiple memory vulnerabilities in the Gecko rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2011-2982) It was discovered that a vulnerability in event management code could permit JavaScript to be run in the wrong context. This could potentially allow a malicious website to run code as another website or with escalated privileges in a chrome-privileged context. (CVE-2011-2981) It was discovered that an SVG text manipulation routine contained a dangling pointer vulnerability. An attacker could potentially use this to crash Thunderbird or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2011-0084) It was discovered that web content could receive chrome privileges if it registered for drop events and a browser tab element was dropped into the content area. This could potentially allow a malicious website to run code with escalated privileges within Thunderbird. (CVE-2011-2984) It was discovered that appendChild contained a dangling pointer vulnerability. An attacker could potentially use this to crash Thunderbird or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2011-2378) It was discovered that data from other domains could be read when RegExp.input was set. This could potentially allow a malicious website access to private data from other domains. (CVE-2011-2983). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55982
    published2011-08-26
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55982
    titleUbuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerabilities (USN-1185-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_MOZILLATHUNDERBIRD-110826.NASL
    descriptionMozilla Thunderbird was updated to 3.1.12 fixing various bugs and security issues : Mozilla Foundation Security Advisory 2011-32 (MFSA 2011-32) http://www.mozilla.org/security/announce/2011/mfsa2011-32.html Many of the issues listed below are not exploitable through mail since JavaScript is disabled by default in Thunderbird. These particular issues may be triggered while viewing RSS feeds and displaying full remote content rather than the feed summary. Addons that expose browser functionality may also enable such issues to be exploited. - Miscellaneous memory safety hazards (rv:1.9.2.20) Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Thunderbird 3.1 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Thunderbird 3.1. (CVE-2011-2982) - Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id75666
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75666
    titleopenSUSE Security Update : MozillaThunderbird (openSUSE-SU-2011:0935-2)

Oval

accepted2014-10-06T04:01:27.333-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationDTCC
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
definition_extensions
  • commentMozilla Seamonkey is installed
    ovaloval:org.mitre.oval:def:6372
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
descriptionMozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.
familywindows
idoval:org.mitre.oval:def:14358
statusaccepted
submitted2011-11-25T18:25:47.000-05:00
titleMozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.
version32

Redhat

advisories
bugzilla
id730523
titleCVE-2011-2983 Mozilla: Private data leakage using RegExp.input
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • commentfirefox is earlier than 0:3.6.20-2.el4
      ovaloval:com.redhat.rhsa:tst:20111164001
    • commentfirefox is signed with Red Hat master key
      ovaloval:com.redhat.rhsa:tst:20060200002
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentxulrunner is earlier than 0:1.9.2.20-2.el5
          ovaloval:com.redhat.rhsa:tst:20111164004
        • commentxulrunner is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20080569004
      • AND
        • commentxulrunner-devel is earlier than 0:1.9.2.20-2.el5
          ovaloval:com.redhat.rhsa:tst:20111164006
        • commentxulrunner-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20080569006
      • AND
        • commentfirefox is earlier than 0:3.6.20-2.el5
          ovaloval:com.redhat.rhsa:tst:20111164008
        • commentfirefox is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070097008
  • AND
    • commentRed Hat Enterprise Linux 6 is installed
      ovaloval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • commentxulrunner is earlier than 0:1.9.2.20-2.el6_1
          ovaloval:com.redhat.rhsa:tst:20111164011
        • commentxulrunner is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100861002
      • AND
        • commentxulrunner-devel is earlier than 0:1.9.2.20-2.el6_1
          ovaloval:com.redhat.rhsa:tst:20111164013
        • commentxulrunner-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100861004
      • AND
        • commentfirefox is earlier than 0:3.6.20-2.el6_1
          ovaloval:com.redhat.rhsa:tst:20111164015
        • commentfirefox is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100861006
rhsa
idRHSA-2011:1164
released2011-08-16
severityCritical
titleRHSA-2011:1164: firefox security update (Critical)
rpms
  • firefox-0:3.6.20-2.el4
  • firefox-0:3.6.20-2.el5
  • firefox-0:3.6.20-2.el6_1
  • firefox-debuginfo-0:3.6.20-2.el4
  • firefox-debuginfo-0:3.6.20-2.el5
  • firefox-debuginfo-0:3.6.20-2.el6_1
  • xulrunner-0:1.9.2.20-2.el5
  • xulrunner-0:1.9.2.20-2.el6_1
  • xulrunner-debuginfo-0:1.9.2.20-2.el5
  • xulrunner-debuginfo-0:1.9.2.20-2.el6_1
  • xulrunner-devel-0:1.9.2.20-2.el5
  • xulrunner-devel-0:1.9.2.20-2.el6_1

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 49166 CVE ID: CVE-2011-0084,CVE-2011-2978,CVE-2011-2980,CVE-2011-2981,CVE-2011-2982,CVE-2011-2983,CVE-2011-2984,CVE-2011-2985,CVE-2011-2986,CVE-2011-2987,CVE-2011-2988,CVE-2011-2989,CVE-2011-2990,CVE-2011-2991,CVE-2011-2992,CVE-2011-2993 Firefox是一款非常流行的开源WEB浏览器。Thunderbird是一个邮件客户端,支持IMAP、POP邮件协议以及HTML邮件格式。SeaMonkey是开源的Web浏览器、邮件和新闻组客户端、IRC会话客户端和HTML编辑器。 Mozilla Firefox/Thunderbird/SeaMonkey在实现上存在多个漏洞,远程攻击者可利用此漏洞执行任意代码,使受影响应用程序崩溃,获取敏感信息。 Mozilla Thunderbird 3.x Mozilla Thunderbird 2.x 厂商补丁: Mozilla ------- Mozilla已经为此发布了一个安全公告(mfsa2011-29)以及相应补丁: mfsa2011-29:Mozilla Foundation Security Advisory 2011-29 链接:http://www.mozilla.org/security/announce/2011/mfsa2011-29.html
idSSV:20867
last seen2017-11-19
modified2011-08-18
published2011-08-18
reporterRoot
titleMozilla Firefox/Thunderbird/SeaMonkey多个安全漏洞