Vulnerabilities > CVE-2011-3671 - Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
mozilla
CWE-399
nessus

Summary

Use-after-free vulnerability in the nsHTMLSelectElement function in nsHTMLSelectElement.cpp in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allows remote attackers to execute arbitrary code via vectors involving removal of the parent node of an element.

Vulnerable Configurations

Part Description Count
Application
Mozilla
128

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyWindows
    NASL idSEAMONKEY_26.NASL
    descriptionThe installed version of SeaMonkey is earlier than 2.6.0. Such versions are potentially affected by the following security issues : - An out-of-bounds memory access error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id57353
    published2011-12-20
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57353
    titleSeaMonkey < 2.6.0 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57353);
      script_version("1.25");
      script_cvs_date("Date: 2018/11/15 20:50:28");
    
      script_cve_id(
        "CVE-2011-3658",
        "CVE-2011-3660",
        "CVE-2011-3661",
        "CVE-2011-3663",
        "CVE-2011-3665",
        "CVE-2011-3671"
      );
      script_bugtraq_id(
        51133,
        51134,
        51135,
        51136,
        51138,
        54080
      );
      script_xref(name:"EDB-ID", value:"18847");
    
      script_name(english:"SeaMonkey < 2.6.0 Multiple Vulnerabilities");
      script_summary(english:"Checks version of SeaMonkey");
    
      script_set_attribute(attribute:"synopsis",value:
    "The remote Windows host contains a web browser that is affected by
    several vulnerabilities.");
      script_set_attribute(attribute:"description",value:
    "The installed version of SeaMonkey is earlier than 2.6.0.  Such
    versions are potentially affected by the following security issues :
    
      - An out-of-bounds memory access error exists in the
        'SVG' implementation and can be triggered when 'SVG'
        elements are removed during a 'DOMAttrModified' event
        handler. (CVE-2011-3658)
    
      - Various memory safety errors exist that can lead to
        memory corruption and possible code execution.
        (CVE-2011-3660)
    
      - An error exists in the 'YARR' regular expression
        library that can cause application crashes when
        handling certain JavaScript statements. (CVE-2011-3661)
    
      - It is possible to detect keystrokes using 'SVG'
        animation 'accesskey' events even when JavaScript is
        disabled. (CVE-2011-3663)
    
      - It is possible to crash the application when 'OGG'
        'video' elements are scaled to extreme sizes.
        (CVE-2011-3665)
    
      - A use-after-free error exists related to the function
        'nsHTMLSelectElement' that can allow arbitrary code
        execution during operations such as removal of a
        parent node of an element. (CVE-2011-3671)"
      );
    
      script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-056/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-12-128/");
      script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/523754/30/0/threaded");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-53/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-54/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-55/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-56/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-58/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-41/");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=739343");
    
      script_set_attribute(attribute:"solution", value:"Upgrade to SeaMonkey 2.6.0 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox nsSVGValue Out-of-Bounds Access Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/12/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/20");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:seamonkey");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("SeaMonkey/Version");
      exit(0);
    }
    
    include("mozilla_version.inc");
    port = get_kb_item("SMB/transport");
    if (!port) port = 445;
    
    installs = get_kb_list("SMB/SeaMonkey/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "SeaMonkey");
    
    mozilla_check_version(installs:installs, product:'seamonkey', fix:'2.6.0', severity:SECURITY_HOLE);
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_9_0.NASL
    descriptionThe installed version of Thunderbird 8.x is potentially affected by the following security issues : - An out-of-bounds memory access error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id57361
    published2011-12-21
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57361
    titleThunderbird 8.x Multiple Vulnerabilities (Mac OS X)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57361);
      script_version("1.20");
      script_cvs_date("Date: 2018/07/16 12:48:31");
    
      script_cve_id(
        "CVE-2011-3658",
        "CVE-2011-3660",
        "CVE-2011-3661",
        "CVE-2011-3663",
        "CVE-2011-3664",
        "CVE-2011-3665",
        "CVE-2011-3671"
      );
      script_bugtraq_id(51133, 51134, 51135, 51136, 51137, 51138, 54080);
    
      script_name(english:"Thunderbird 8.x Multiple Vulnerabilities (Mac OS X)");
      script_summary(english:"Checks version of Thunderbird");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Mac OS X host contains an email client that is potentially
    affected by several vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Thunderbird 8.x is potentially affected by
    the following security issues :
    
      - An out-of-bounds memory access error exists in the
        'SVG' implementation and can be triggered when 'SVG'
        elements are removed during a 'DOMAttrModified' event
        handler. (CVE-2011-3658)
    
      - Various memory safety errors exist that can lead to
        memory corruption and possible code execution.
        (CVE-2011-3660)
    
      - An error exists in the 'YARR' regular expression
        library that can cause application crashes when
        handling certain JavaScript statements. (CVE-2011-3661)
    
      - It is possible to detect keystrokes using 'SVG'
        animation 'accesskey' events even when JavaScript is
        disabled. (CVE-2011-3663)
    
      - An error exists related to plugins that can allow a NULL
        pointer to be dereferenced when a plugin deletes its
        containing DOM frame during a call from that frame. It
        may be possible for a non-NULL pointer to be
        dereferenced thereby opening up the potential for
        further exploitation. (CVE-2011-3664)
    
      - It is possible to crash the application when 'OGG'
        'video' elements are scaled to extreme sizes.
        (CVE-2011-3665)
    
      - A use-after-free error exists related to the function
        'nsHTMLSelectElement' that can allow arbitrary code
        execution during operations such as removal of a
        parent node of an element. (CVE-2011-3671)");
    
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-12-128/");
      script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/523754/30/0/threaded");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-41/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-53/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-54/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-55/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-56/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-57/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-58/");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=739343");
    
      script_set_attribute(attribute:"solution", value:"Upgrade to Thunderbird 9.0 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox nsSVGValue Out-of-Bounds Access Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/12/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/21");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
    
      script_dependencies("macosx_thunderbird_installed.nasl");
      script_require_keys("MacOSX/Thunderbird/Installed");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("misc_func.inc");
    
    
    kb_base = "MacOSX/Thunderbird";
    get_kb_item_or_exit(kb_base+"/Installed");
    version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
    
    ver = split(version, sep:".", keep:FALSE);
    for (i=0; i<max_index(ver); i++)
      ver[i] = int(ver[i]);
    
    if (ver[0] == 8)
    {
      if (report_verbosity > 0)
      {
        info +=
          '\n  Installed version : ' + version +
          '\n  Fixed version     : 9.0' + '\n';
        security_hole(port:0, extra:info);
      }
      else security_hole(0);
      exit(0);
    }
    else exit(0, "Thunderbird 8.x is not installed.");
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_9_0.NASL
    descriptionThe installed version of Firefox 8.x is potentially affected by the following security issues : - An out-of-bounds memory access error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id57359
    published2011-12-21
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57359
    titleFirefox 8.x Multiple Vulnerabilities (Mac OS X)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57359);
      script_version("1.21");
      script_cvs_date("Date: 2018/07/16 12:48:31");
    
      script_cve_id(
        "CVE-2011-3658",
        "CVE-2011-3660",
        "CVE-2011-3661",
        "CVE-2011-3663",
        "CVE-2011-3664",
        "CVE-2011-3665",
        "CVE-2011-3671"
      );
      script_bugtraq_id(51133, 51134, 51135, 51136, 51137, 51138, 54080);
    
      script_name(english:"Firefox 8.x Multiple Vulnerabilities (Mac OS X)");
      script_summary(english:"Checks version of Firefox");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Mac OS X host contains a web browser that is potentially
    affected by several vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Firefox 8.x is potentially affected by the
    following security issues :
    
      - An out-of-bounds memory access error exists in the
        'SVG' implementation and can be triggered when 'SVG'
        elements are removed during a 'DOMAttrModified' event
        handler. (CVE-2011-3658)
    
      - Various memory safety errors exist that can lead to
        memory corruption and possible code execution.
        (CVE-2011-3660)
    
      - An error exists in the 'YARR' regular expression
        library that can cause application crashes when
        handling certain JavaScript statements. (CVE-2011-3661)
    
      - It is possible to detect keystrokes using 'SVG'
        animation 'accesskey' events even when JavaScript is
        disabled. (CVE-2011-3663)
    
      - An error exists related to plugins that can allow a NULL
        pointer to be dereferenced when a plugin deletes its 
        containing DOM frame during a call from that frame. It
        may be possible for a non-NULL pointer to be 
        dereferenced thereby opening up the potential for
        further exploitation. (CVE-2011-3664)
    
      - It is possible to crash the application when 'OGG'    
        'video' elements are scaled to extreme sizes.
        (CVE-2011-3665)
    
      - A use-after-free error exists related to the function
        'nsHTMLSelectElement' that can allow arbitrary code
        execution during operations such as removal of a
        parent node of an element. (CVE-2011-3671)");
    
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-12-128/");
      script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/523754/30/0/threaded");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-41/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-53/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-54/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-55/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-56/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-57/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-58/");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=739343");
    
      script_set_attribute(attribute:"solution", value:"Upgrade to Firefox 9.0 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox nsSVGValue Out-of-Bounds Access Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/12/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/21");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
    
      script_dependencies("macosx_firefox_installed.nasl");
      script_require_keys("MacOSX/Firefox/Installed");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    kb_base = "MacOSX/Firefox";
    get_kb_item_or_exit(kb_base+"/Installed");
    
    version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
    path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);
    
    mozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'9.0', skippat:'^3\\.6\\.', severity:SECURITY_HOLE);
    
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_90.NASL
    descriptionThe installed version of Thunderbird is earlier than 9.0 and thus, is potentially affected by the following security issues : - An out-of-bounds memory access error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id57352
    published2011-12-20
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57352
    titleMozilla Thunderbird < 9.0 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57352);
      script_version("1.25");
      script_cvs_date("Date: 2018/11/15 20:50:27");
    
      script_cve_id(
        "CVE-2011-3658",
        "CVE-2011-3660",
        "CVE-2011-3661",
        "CVE-2011-3663",
        "CVE-2011-3665",
        "CVE-2011-3671"
      );
      script_bugtraq_id(
        51133,
        51134,
        51135,
        51136,
        51138,
        54080
      );
      script_xref(name:"EDB-ID", value:"18847");
    
      script_name(english:"Mozilla Thunderbird < 9.0 Multiple Vulnerabilities");
      script_summary(english:"Checks version of Thunderbird");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a mail client that is potentially
    affected by several vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Thunderbird is earlier than 9.0 and thus, is
    potentially affected by the following security issues :
    
      - An out-of-bounds memory access error exists in the
        'SVG' implementation and can be triggered when 'SVG'
        elements are removed during a 'DOMAttrModified' event
        handler. (CVE-2011-3658)
    
      - Various memory safety errors exist that can lead to
        memory corruption and possible code execution. 
        (CVE-2011-3660)
    
      - An error exists in the 'YARR' regular expression
        library that can cause application crashes when
        handling certain JavaScript statements. (CVE-2011-3661)
    
      - It is possible to detect keystrokes using 'SVG'
        animation 'accesskey' events even when JavaScript is
        disabled. (CVE-2011-3663)
    
      - It is possible to crash the application when 'OGG'
        'video' elements are scaled to extreme sizes. 
        (CVE-2011-3665)
    
      - A use-after-free error exists related to the function
        'nsHTMLSelectElement' that can allow arbitrary code
        execution during operations such as removal of a
        parent node of an element. (CVE-2011-3671)"
      );
    
      script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-056/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-12-128/");
      script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/523754/30/0/threaded");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-41/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-53/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-54/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-55/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-56/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-58/");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=739343");
    
      script_set_attribute(attribute:"solution", value:"Upgrade to Thunderbird 9 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox nsSVGValue Out-of-Bounds Access Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/12/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/20");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Thunderbird/Version");
      exit(0);
    }
    
    include("mozilla_version.inc");
    port = get_kb_item_or_exit("SMB/transport");
    
    installs = get_kb_list("SMB/Mozilla/Thunderbird/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Thunderbird");
    
    mozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'9.0', skippat:'^3\\.1\\.', severity:SECURITY_HOLE);
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_90.NASL
    descriptionThe installed version of Firefox is earlier than 9.0 and thus, is potentially affected by the following security issues : - An out-of-bounds memory access error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id57351
    published2011-12-20
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57351
    titleFirefox < 9.0 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57351);
      script_version("1.25");
      script_cvs_date("Date: 2018/11/15 20:50:27");
    
      script_cve_id(
        "CVE-2011-3658",
        "CVE-2011-3660",
        "CVE-2011-3661",
        "CVE-2011-3663",
        "CVE-2011-3665",
        "CVE-2011-3671"
      );
      script_bugtraq_id(
        51133,
        51134,
        51135,
        51136,
        51138,
        54080
      );
      script_xref(name:"EDB-ID", value:"18847");
    
      script_name(english:"Firefox < 9.0 Multiple Vulnerabilities");
      script_summary(english:"Checks version of Firefox");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a web browser that is potentially
    affected by several vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Firefox is earlier than 9.0 and thus, is 
    potentially affected by the following security issues :
    
      - An out-of-bounds memory access error exists in the
        'SVG' implementation and can be triggered when 'SVG'
        elements are removed during a 'DOMAttrModified' event
        handler. (CVE-2011-3658)
    
      - Various memory safety errors exist that can lead to
        memory corruption and possible code execution. 
        (CVE-2011-3660)
    
      - An error exists in the 'YARR' regular expression
        library that can cause application crashes when
        handling certain JavaScript statements. (CVE-2011-3661)
    
      - It is possible to detect keystrokes using 'SVG'
        animation 'accesskey' events even when JavaScript is
        disabled. (CVE-2011-3663)
    
      - It is possible to crash the application when 'OGG'
        'video' elements are scaled to extreme sizes. 
        (CVE-2011-3665)
    
      - A use-after-free error exists related to the function
        'nsHTMLSelectElement' that can allow arbitrary code
        execution during operations such as removal of a
        parent node of an element. (CVE-2011-3671)"
      );
      script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-056/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-12-128/");
      script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/523754/30/0/threaded");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-53/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-54/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-55/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-56/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-58/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-41/");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=739343");
    
      script_set_attribute(attribute:"solution", value:"Upgrade to Firefox 9 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox nsSVGValue Out-of-Bounds Access Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/12/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/20");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Firefox/Version");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    port = get_kb_item_or_exit("SMB/transport"); 
    
    installs = get_kb_list("SMB/Mozilla/Firefox/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");
    
    mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'9.0', skippat:'^3\\.6\\.', severity:SECURITY_HOLE);