Vulnerabilities > CVE-2012-0444 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.

Vulnerable Configurations

Part	Description	Count
Application	Mozilla Mozilla Firefox - Mozilla Firefox 0.1 Mozilla Firefox 0.2 Mozilla Firefox 0.3 Mozilla Firefox 0.4 Mozilla Firefox 0.5 Mozilla Firefox 0.6 Mozilla Firefox 0.6.1 Mozilla Firefox 0.7 Mozilla Firefox 0.7.1 Mozilla Firefox 0.8 Mozilla Firefox 0.9 Mozilla Firefox 0.9.1 Mozilla Firefox 0.9.2 Mozilla Firefox 0.9.3 Mozilla Firefox 0.10 Mozilla Firefox 0.10.1 Mozilla Firefox 1.0 Mozilla Firefox 1.0.1 Mozilla Firefox 1.0.2 Mozilla Firefox 1.0.3 Mozilla Firefox 1.0.4 Mozilla Firefox 1.0.5 Mozilla Firefox 1.0.6 Mozilla Firefox 1.0.7 Mozilla Firefox 1.0.8 Mozilla Firefox 1.4.1 Mozilla Firefox 1.5 Mozilla Firefox 1.5.0.1 Mozilla Firefox 1.5.0.2 Mozilla Firefox 1.5.0.3 Mozilla Firefox 1.5.0.4 Mozilla Firefox 1.5.0.5 Mozilla Firefox 1.5.0.6 Mozilla Firefox 1.5.0.7 Mozilla Firefox 1.5.0.8 Mozilla Firefox 1.5.0.9 Mozilla Firefox 1.5.0.10 Mozilla Firefox 1.5.0.11 Mozilla Firefox 1.5.0.12 Mozilla Firefox 1.5.1 Mozilla Firefox 1.5.2 Mozilla Firefox 1.5.3 Mozilla Firefox 1.5.4 Mozilla Firefox 1.5.5 Mozilla Firefox 1.5.6 Mozilla Firefox 1.5.7 Mozilla Firefox 1.5.8 Mozilla Firefox 1.8 Mozilla Firefox 2.0 Mozilla Firefox 2.0.0.1 Mozilla Firefox 2.0.0.2 Mozilla Firefox 2.0.0.3 Mozilla Firefox 2.0.0.4 Mozilla Firefox 2.0.0.5 Mozilla Firefox 2.0.0.6 Mozilla Firefox 2.0.0.7 Mozilla Firefox 2.0.0.8 Mozilla Firefox 2.0.0.9 Mozilla Firefox 2.0.0.10 Mozilla Firefox 2.0.0.11 Mozilla Firefox 2.0.0.12 Mozilla Firefox 2.0.0.13 Mozilla Firefox 2.0.0.14 Mozilla Firefox 2.0.0.15 Mozilla Firefox 2.0.0.16 Mozilla Firefox 2.0.0.17 Mozilla Firefox 2.0.0.18 Mozilla Firefox 2.0.0.19 Mozilla Firefox 2.0.0.20 Mozilla Firefox 3.0 Mozilla Firefox 3.0.1 Mozilla Firefox 3.0.2 Mozilla Firefox 3.0.3 Mozilla Firefox 3.0.4 Mozilla Firefox 3.0.5 Mozilla Firefox 3.0.6 Mozilla Firefox 3.0.7 Mozilla Firefox 3.0.8 Mozilla Firefox 3.0.9 Mozilla Firefox 3.0.10 Mozilla Firefox 3.0.11 Mozilla Firefox 3.0.12 Mozilla Firefox 3.0.13 Mozilla Firefox 3.0.14 Mozilla Firefox 3.0.15 Mozilla Firefox 3.0.16 Mozilla Firefox 3.0.17 Mozilla Firefox 3.0.18 Mozilla Firefox 3.0.19 Mozilla Firefox 3.5 Mozilla Firefox 3.5.1 Mozilla Firefox 3.5.2 Mozilla Firefox 3.5.3 Mozilla Firefox 3.5.4 Mozilla Firefox 3.5.5 Mozilla Firefox 3.5.6 Mozilla Firefox 3.5.7 Mozilla Firefox 3.5.8 Mozilla Firefox 3.5.9 Mozilla Firefox 3.5.10 Mozilla Firefox 3.5.11 Mozilla Firefox 3.5.12 Mozilla Firefox 3.5.13 Mozilla Firefox 3.5.14 Mozilla Firefox 3.5.15 Mozilla Firefox 3.5.16 Mozilla Firefox 3.5.17 Mozilla Firefox 3.5.18 Mozilla Firefox 3.5.19 Mozilla Firefox 3.6 Mozilla Firefox 3.6.2 Mozilla Firefox 3.6.3 Mozilla Firefox 3.6.4 Mozilla Firefox 3.6.6 Mozilla Firefox 3.6.7 Mozilla Firefox 3.6.8 Mozilla Firefox 3.6.9 Mozilla Firefox 3.6.10 Mozilla Firefox 3.6.11 Mozilla Firefox 3.6.12 Mozilla Firefox 3.6.13 Mozilla Firefox 3.6.14 Mozilla Firefox 3.6.15 Mozilla Firefox 3.6.16 Mozilla Firefox 3.6.17 Mozilla Firefox 3.6.18 Mozilla Firefox 3.6.19 Mozilla Firefox 3.6.20 Mozilla Firefox 3.6.21 Mozilla Firefox 3.6.22 Mozilla Firefox 3.6.23 Mozilla Firefox 3.6.24 Mozilla Firefox 3.6.25 Mozilla Firefox 4.0.1 Mozilla Firefox 5.0 Mozilla Firefox 5.0.1 Mozilla Firefox 6.0 Mozilla Firefox 6.0.1 Mozilla Firefox 6.0.2 Mozilla Firefox 7.0 Mozilla Firefox 7.0.1 Mozilla Firefox 8.0 Mozilla Firefox 8.0.1 Mozilla Firefox 9.0 Mozilla Firefox 9.0.1 Mozilla Firefox 10.0 Mozilla Seamonkey - Mozilla Seamonkey 1.0 Mozilla Seamonkey 1.0.1 Mozilla Seamonkey 1.0.2 Mozilla Seamonkey 1.0.3 Mozilla Seamonkey 1.0.4 Mozilla Seamonkey 1.0.5 Mozilla Seamonkey 1.0.6 Mozilla Seamonkey 1.0.7 Mozilla Seamonkey 1.0.8 Mozilla Seamonkey 1.0.9 Mozilla Seamonkey 1.1 Mozilla Seamonkey 1.1.1 Mozilla Seamonkey 1.1.2 Mozilla Seamonkey 1.1.3 Mozilla Seamonkey 1.1.4 Mozilla Seamonkey 1.1.5 Mozilla Seamonkey 1.1.6 Mozilla Seamonkey 1.1.7 Mozilla Seamonkey 1.1.8 Mozilla Seamonkey 1.1.9 Mozilla Seamonkey 1.1.10 Mozilla Seamonkey 1.1.11 Mozilla Seamonkey 1.1.12 Mozilla Seamonkey 1.1.13 Mozilla Seamonkey 1.1.14 Mozilla Seamonkey 1.1.15 Mozilla Seamonkey 1.1.16 Mozilla Seamonkey 1.1.17 Mozilla Seamonkey 1.1.18 Mozilla Seamonkey 1.1.19 Mozilla Seamonkey 1.5.0.8 Mozilla Seamonkey 1.5.0.9 Mozilla Seamonkey 1.5.0.10 Mozilla Seamonkey 2.0 Mozilla Seamonkey 2.0.1 Mozilla Seamonkey 2.0.2 Mozilla Seamonkey 2.0.3 Mozilla Seamonkey 2.0.4 Mozilla Seamonkey 2.0.5 Mozilla Seamonkey 2.0.6 Mozilla Seamonkey 2.0.7 Mozilla Seamonkey 2.0.8 Mozilla Seamonkey 2.0.9 Mozilla Seamonkey 2.0.10 Mozilla Seamonkey 2.0.11 Mozilla Seamonkey 2.0.12 Mozilla Seamonkey 2.0.13 Mozilla Seamonkey 2.0.14 Mozilla Seamonkey 2.1 Mozilla Seamonkey 2.2 Mozilla Seamonkey 2.3 Mozilla Seamonkey 2.3.1 Mozilla Seamonkey 2.3.2 Mozilla Seamonkey 2.3.3 Mozilla Seamonkey 2.4 Mozilla Seamonkey 2.4.1 Mozilla Seamonkey 2.5 Mozilla Seamonkey 2.6 Mozilla Seamonkey 2.6.1 Mozilla Thunderbird - Mozilla Thunderbird 0.1 Mozilla Thunderbird 0.2 Mozilla Thunderbird 0.3 Mozilla Thunderbird 0.4 Mozilla Thunderbird 0.5 Mozilla Thunderbird 0.6 Mozilla Thunderbird 0.7 Mozilla Thunderbird 0.7.1 Mozilla Thunderbird 0.7.2 Mozilla Thunderbird 0.7.3 Mozilla Thunderbird 0.8 Mozilla Thunderbird 0.9 Mozilla Thunderbird 1.0 Mozilla Thunderbird 1.0.2 Mozilla Thunderbird 1.0.5 Mozilla Thunderbird 1.0.6 Mozilla Thunderbird 1.0.7 Mozilla Thunderbird 1.0.8 Mozilla Thunderbird 1.1 Mozilla Thunderbird 1.5 Mozilla Thunderbird 1.5.0.2 Mozilla Thunderbird 1.5.0.4 Mozilla Thunderbird 1.5.0.5 Mozilla Thunderbird 1.5.0.7 Mozilla Thunderbird 1.5.0.8 Mozilla Thunderbird 1.5.0.9 Mozilla Thunderbird 1.5.0.10 Mozilla Thunderbird 1.5.0.12 Mozilla Thunderbird 1.5.0.13 Mozilla Thunderbird 1.5.0.14 Mozilla Thunderbird 2.0 Mozilla Thunderbird 2.0.0.0 Mozilla Thunderbird 2.0.0.4 Mozilla Thunderbird 2.0.0.5 Mozilla Thunderbird 2.0.0.6 Mozilla Thunderbird 2.0.0.9 Mozilla Thunderbird 2.0.0.12 Mozilla Thunderbird 2.0.0.14 Mozilla Thunderbird 2.0.0.16 Mozilla Thunderbird 2.0.0.17 Mozilla Thunderbird 2.0.0.18 Mozilla Thunderbird 2.0.0.19 Mozilla Thunderbird 2.0.0.21 Mozilla Thunderbird 2.0.0.22 Mozilla Thunderbird 2.0.0.23 Mozilla Thunderbird 2.0.0.24 Mozilla Thunderbird 2.0.14 Mozilla Thunderbird 3.0 Mozilla Thunderbird 3.0.1 Mozilla Thunderbird 3.0.2 Mozilla Thunderbird 3.0.3 Mozilla Thunderbird 3.0.4 Mozilla Thunderbird 3.0.5 Mozilla Thunderbird 3.0.6 Mozilla Thunderbird 3.0.7 Mozilla Thunderbird 3.0.8 Mozilla Thunderbird 3.0.9 Mozilla Thunderbird 3.0.10 Mozilla Thunderbird 3.0.11 Mozilla Thunderbird 3.1 Mozilla Thunderbird 3.1.1 Mozilla Thunderbird 3.1.2 Mozilla Thunderbird 3.1.3 Mozilla Thunderbird 3.1.4 Mozilla Thunderbird 3.1.5 Mozilla Thunderbird 3.1.6 Mozilla Thunderbird 3.1.7 Mozilla Thunderbird 3.1.8 Mozilla Thunderbird 3.1.9 Mozilla Thunderbird 3.1.10 Mozilla Thunderbird 3.1.11 Mozilla Thunderbird 3.1.12 Mozilla Thunderbird 3.1.13 Mozilla Thunderbird 3.1.14 Mozilla Thunderbird 3.1.15 Mozilla Thunderbird 3.1.16 Mozilla Thunderbird 3.1.17 Mozilla Thunderbird 6.0 Mozilla Thunderbird 6.0.1 Mozilla Thunderbird 6.0.2 Mozilla Thunderbird 7.0 Mozilla Thunderbird 7.0.1 Mozilla Thunderbird 8.0 Mozilla Thunderbird 9.0 Mozilla Thunderbird 9.0.1 Mozilla Thunderbird 10.0	393
OS	Debian Debian Debian Linux 5.0 Debian Debian Linux 6.0	2
OS	Opensuse Opensuse Opensuse 11.4	1
OS	Suse Suse Linux Enterprise Desktop 10 Suse Linux Enterprise Desktop 11 Suse Linux Enterprise Server 10 Suse Linux Enterprise Server 11 Suse Linux Enterprise Software Development KIT 10 Suse Linux Enterprise Software Development KIT 11	7
OS	Canonical Canonical Ubuntu Linux 10.04 Canonical Ubuntu Linux 10.10 Canonical Ubuntu Linux 11.04 Canonical Ubuntu Linux 11.10	4

Common Weakness Enumeration (CWE)

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-2406.NASL
description	Several vulnerabilities have been discovered in Icedove, Debian
last seen	2020-03-17
modified	2012-02-10
plugin id	57879
published	2012-02-10
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57879
title	Debian DSA-2406-1 : icedove - several vulnerabilities
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2406. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(57879); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2011-3670", "CVE-2012-0442", "CVE-2012-0444", "CVE-2012-0449"); script_bugtraq_id(51753, 51754, 51756, 51786); script_xref(name:"DSA", value:"2406"); script_name(english:"Debian DSA-2406-1 : icedove - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in Icedove, Debian's variant of the Mozilla Thunderbird code base. - CVE-2011-3670 Icedove does not not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. - CVE-2012-0442 Memory corruption bugs could cause Icedove to crash or possibly execute arbitrary code. - CVE-2012-0444 Icedove does not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file. - CVE-2012-0449 Icedove allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-3670" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-0442" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-0444" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-0449" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze/icedove" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2012/dsa-2406" ); script_set_attribute( attribute:"solution", value: "Upgrade the icedove packages. For the stable distribution (squeeze), this problem has been fixed in version 3.0.11-1+squeeze7." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icedove"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2012/02/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"icedove", reference:"3.0.11-1+squeeze7")) flag++; if (deb_check(release:"6.0", prefix:"icedove-dbg", reference:"3.0.11-1+squeeze7")) flag++; if (deb_check(release:"6.0", prefix:"icedove-dev", reference:"3.0.11-1+squeeze7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2012-0079.NASL
description	Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in the way Firefox removed nsDOMAttribute child nodes. In certain circumstances, due to the premature notification of AttributeChildRemoved, a malicious script could possibly use this flaw to cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3659) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0442) A flaw was found in the way Firefox parsed Ogg Vorbis media files. A web page containing a malicious Ogg Vorbis media file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0444) A flaw was found in the way Firefox parsed certain Scalable Vector Graphics (SVG) image files that contained eXtensible Style Sheet Language Transformations (XSLT). A web page containing a malicious SVG image file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0449) The same-origin policy in Firefox treated http://example.com and http://[example.com] as interchangeable. A malicious script could possibly use this flaw to gain access to sensitive information (such as a client
last seen	2020-06-01
modified	2020-06-02
plugin id	57777
published	2012-02-02
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57777
title	CentOS 4 / 5 / 6 : firefox (CESA-2012:0079)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:0079 and # CentOS Errata and Security Advisory 2012:0079 respectively. # include("compat.inc"); if (description) { script_id(57777); script_version("1.14"); script_cvs_date("Date: 2020/02/18"); script_cve_id("CVE-2011-3659", "CVE-2011-3670", "CVE-2012-0442", "CVE-2012-0444", "CVE-2012-0449"); script_bugtraq_id(51753, 51754, 51755, 51756); script_xref(name:"RHSA", value:"2012:0079"); script_name(english:"CentOS 4 / 5 / 6 : firefox (CESA-2012:0079)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in the way Firefox removed nsDOMAttribute child nodes. In certain circumstances, due to the premature notification of AttributeChildRemoved, a malicious script could possibly use this flaw to cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3659) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0442) A flaw was found in the way Firefox parsed Ogg Vorbis media files. A web page containing a malicious Ogg Vorbis media file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0444) A flaw was found in the way Firefox parsed certain Scalable Vector Graphics (SVG) image files that contained eXtensible Style Sheet Language Transformations (XSLT). A web page containing a malicious SVG image file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0449) The same-origin policy in Firefox treated http://example.com and http://[example.com] as interchangeable. A malicious script could possibly use this flaw to gain access to sensitive information (such as a client's IP and user e-mail address, or httpOnly cookies) that may be included in HTTP proxy error replies, generated in response to invalid URLs using square brackets. (CVE-2011-3670) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.26. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.26, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect." ); # https://lists.centos.org/pipermail/centos-announce/2012-February/018407.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7fa2cbb6" ); # https://lists.centos.org/pipermail/centos-announce/2012-January/018404.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?99054853" ); # https://lists.centos.org/pipermail/centos-announce/2012-January/018405.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?902b2dfa" ); script_set_attribute( attribute:"solution", value:"Update the affected firefox packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2011-3659"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox 8/9 AttributeChildRemoved() Use-After-Free'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xulrunner"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xulrunner-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/02/01"); script_set_attribute(attribute:"patch_publication_date", value:"2012/02/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) \|\| "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(4\|5\|6)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x / 5.x / 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"firefox-3.6.26-2.el4.centos", allowmaj:TRUE)) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"firefox-3.6.26-2.el4.centos", allowmaj:TRUE)) flag++; if (rpm_check(release:"CentOS-5", reference:"firefox-3.6.26-1.el5.centos", allowmaj:TRUE)) flag++; if (rpm_check(release:"CentOS-5", reference:"xulrunner-1.9.2.26-1.el5_7", allowmaj:TRUE)) flag++; if (rpm_check(release:"CentOS-5", reference:"xulrunner-devel-1.9.2.26-1.el5_7", allowmaj:TRUE)) flag++; if (rpm_check(release:"CentOS-6", reference:"firefox-3.6.26-1.el6.centos", allowmaj:TRUE)) flag++; if (rpm_check(release:"CentOS-6", reference:"xulrunner-1.9.2.26-1.el6.centos", allowmaj:TRUE)) flag++; if (rpm_check(release:"CentOS-6", reference:"xulrunner-devel-1.9.2.26-1.el6.centos", allowmaj:TRUE)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / xulrunner / xulrunner-devel"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_4_LIBVORBIS-120221.NASL
description	Specially crafted ogg files could cause a heap-based buffer overflow in the vorbis audio compression library that could potentially be exploited by attackers to cause a crash or execute arbitrary code (CVE-2012-0444).
last seen	2020-06-05
modified	2014-06-13
plugin id	75933
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/75933
title	openSUSE Security Update : libvorbis (openSUSE-SU-2012:0319-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update libvorbis-5850. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75933); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-0444"); script_name(english:"openSUSE Security Update : libvorbis (openSUSE-SU-2012:0319-1)"); script_summary(english:"Check for the libvorbis-5850 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Specially crafted ogg files could cause a heap-based buffer overflow in the vorbis audio compression library that could potentially be exploited by attackers to cause a crash or execute arbitrary code (CVE-2012-0444)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=747912" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2012-03/msg00000.html" ); script_set_attribute( attribute:"solution", value:"Update the affected libvorbis packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvorbis-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvorbis-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvorbis0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvorbis0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvorbis0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvorbis0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvorbisenc2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvorbisenc2-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvorbisenc2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvorbisenc2-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvorbisfile3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvorbisfile3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvorbisfile3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvorbisfile3-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4"); script_set_attribute(attribute:"patch_publication_date", value:"2012/02/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.4", reference:"libvorbis-debugsource-1.3.2-6.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libvorbis-devel-1.3.2-6.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libvorbis0-1.3.2-6.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libvorbis0-debuginfo-1.3.2-6.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libvorbisenc2-1.3.2-6.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libvorbisenc2-debuginfo-1.3.2-6.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libvorbisfile3-1.3.2-6.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libvorbisfile3-debuginfo-1.3.2-6.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libvorbis0-32bit-1.3.2-6.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libvorbis0-debuginfo-32bit-1.3.2-6.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libvorbisenc2-32bit-1.3.2-6.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libvorbisenc2-debuginfo-32bit-1.3.2-6.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libvorbisfile3-32bit-1.3.2-6.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libvorbisfile3-debuginfo-32bit-1.3.2-6.7.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvorbis"); }

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_THUNDERBIRD_3_1_18.NASL
description	The installed version of Thunderbird 3.1 is earlier than 3.1.18. Such versions are potentially affected by multiple vulnerabilities : - A use-after-free error exists related to removed nsDOMAttribute child nodes.(CVE-2011-3659) - The IPv6 literal syntax in web addresses is not being properly enforced. (CVE-2011-3670) - Various memory safety issues exist. (CVE-2012-0442) - Memory corruption errors exist related to the decoding of Ogg Vorbis files and processing of malformed XSLT stylesheets. (CVE-2012-0444, CVE-2012-0449)
last seen	2020-06-01
modified	2020-06-02
plugin id	57776
published	2012-02-01
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57776
title	Thunderbird 3.1 < 3.1.18 Multiple Vulnerabilities (Mac OS X)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(57776); script_version("1.19"); script_cvs_date("Date: 2018/07/14 1:59:36"); script_cve_id( "CVE-2011-3659", "CVE-2011-3670", "CVE-2012-0442", "CVE-2012-0444", "CVE-2012-0449" ); script_bugtraq_id( 51753, 51754, 51755, 51756, 51786 ); script_name(english:"Thunderbird 3.1 < 3.1.18 Multiple Vulnerabilities (Mac OS X)"); script_summary(english:"Checks version of Thunderbird"); script_set_attribute(attribute:"synopsis", value: "The remote Mac OS X host contains an email client that is potentially affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The installed version of Thunderbird 3.1 is earlier than 3.1.18. Such versions are potentially affected by multiple vulnerabilities : - A use-after-free error exists related to removed nsDOMAttribute child nodes.(CVE-2011-3659) - The IPv6 literal syntax in web addresses is not being properly enforced. (CVE-2011-3670) - Various memory safety issues exist. (CVE-2012-0442) - Memory corruption errors exist related to the decoding of Ogg Vorbis files and processing of malformed XSLT stylesheets. (CVE-2012-0444, CVE-2012-0449)" ); script_set_attribute(attribute:"see_also", value:"http://www.ietf.org/rfc/rfc3986.txt"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-01/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-02/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-04/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-07/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-08/"); script_set_attribute(attribute:"solution", value:"Upgrade to Thunderbird 3.1.18 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox 8/9 AttributeChildRemoved() Use-After-Free'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus'); script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/31"); script_set_attribute(attribute:"patch_publication_date", value:"2012/01/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/01"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("macosx_thunderbird_installed.nasl"); script_require_keys("MacOSX/Thunderbird/Installed"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); kb_base = "MacOSX/Thunderbird"; get_kb_item_or_exit(kb_base+"/Installed"); version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1); ver = split(version, sep:".", keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); # nb: make sure we have at least 3 parts for the check. for (i=max_index(ver); i<3; i++) ver[i] = 0; if (ver[0] == 3 && ver[1] == 1 && ver[2] < 18) { if (report_verbosity > 0) { info += '\n Installed version : ' + version + '\n Fixed version : 3.1.18' + '\n'; security_hole(port:0, extra:info); } else security_hole(0); exit(0); } else { if (ver[0] == 3 && ver[1] == 1) exit(0, "The Thunderbird "+version+" install is not affected."); else exit(0, "Thunderbird 3.1.x is not installed."); }

NASL family	Windows
NASL id	MOZILLA_THUNDERBIRD_100.NASL
description	The installed version of Thunderbird is earlier than 10.0 and thus, is potentially affected by the following security issues : - A use-after-free error exists related to removed nsDOMAttribute child nodes.(CVE-2011-3659) - Various memory safety issues exist. (CVE-2012-0442, CVE-2012-0443) - Memory corruption errors exist related to the decoding of Ogg Vorbis files and processing of malformed XSLT stylesheets. (CVE-2012-0444, CVE-2012-0449) - The HTML5 frame navigation policy can be violated by allowing an attacker to replace a sub-frame in another domain
last seen	2020-06-01
modified	2020-06-02
plugin id	57770
published	2012-02-01
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57770
title	Mozilla Thunderbird < 10.0 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(57770); script_version("1.23"); script_cvs_date("Date: 2018/11/15 20:50:27"); script_cve_id( "CVE-2011-3659", "CVE-2012-0442", "CVE-2012-0443", "CVE-2012-0444", "CVE-2012-0445", "CVE-2012-0446", "CVE-2012-0447", "CVE-2012-0449" ); script_bugtraq_id( 51752, 51753, 51754, 51755, 51756, 51757, 51765 ); script_name(english:"Mozilla Thunderbird < 10.0 Multiple Vulnerabilities"); script_summary(english:"Checks version of Thunderbird"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a mail client that is potentially affected by several vulnerabilities."); script_set_attribute(attribute:"description", value: "The installed version of Thunderbird is earlier than 10.0 and thus, is potentially affected by the following security issues : - A use-after-free error exists related to removed nsDOMAttribute child nodes.(CVE-2011-3659) - Various memory safety issues exist. (CVE-2012-0442, CVE-2012-0443) - Memory corruption errors exist related to the decoding of Ogg Vorbis files and processing of malformed XSLT stylesheets. (CVE-2012-0444, CVE-2012-0449) - The HTML5 frame navigation policy can be violated by allowing an attacker to replace a sub-frame in another domain's document. (CVE-2012-0445) - Scripts in frames are able to bypass security restrictions in XPConnect. This bypass can allow malicious websites to carry out cross-site scripting attacks. (CVE-2012-0446) - An information disclosure issue exists when uninitialized memory is used as padding when encoding icon images. (CVE-2012-0447)" ); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-059/"); script_set_attribute(attribute:"see_also", value:"http://dev.w3.org/html5/spec/browsers.html#security-nav"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-01/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-03/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-04/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-05/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-06/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-07/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-08/"); script_set_attribute(attribute:"solution", value:"Upgrade to Thunderbird 10.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox 8/9 AttributeChildRemoved() Use-After-Free'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus'); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/31"); script_set_attribute(attribute:"patch_publication_date", value:"2012/01/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/01"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Thunderbird/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item_or_exit("SMB/transport"); installs = get_kb_list("SMB/Mozilla/Thunderbird/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Thunderbird"); mozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'10.0', skippat:'^3\\.6\\.', severity:SECURITY_HOLE, xss:TRUE);

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1355-1.NASL
description	It was discovered that if a user chose to export their Firefox Sync key the
last seen	2020-06-01
modified	2020-06-02
plugin id	57844
published	2012-02-06
reporter	Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57844
title	Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : firefox vulnerabilities (USN-1355-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1355-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(57844); script_version("1.15"); script_cvs_date("Date: 2019/09/19 12:54:27"); script_cve_id("CVE-2011-3659", "CVE-2012-0442", "CVE-2012-0443", "CVE-2012-0444", "CVE-2012-0445", "CVE-2012-0446", "CVE-2012-0447", "CVE-2012-0449", "CVE-2012-0450"); script_bugtraq_id(51752, 51753, 51754, 51755, 51756, 51757, 51765, 51787); script_xref(name:"USN", value:"1355-1"); script_name(english:"Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : firefox vulnerabilities (USN-1355-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "It was discovered that if a user chose to export their Firefox Sync key the 'Firefox Recovery Key.html' file is saved with incorrect permissions, making the file contents potentially readable by other users. (CVE-2012-0450) Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-0449) It was discovered that memory corruption could occur during the decoding of Ogg Vorbis files. If the user were tricked into opening a specially crafted file, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-0444) Tim Abraldes discovered that when encoding certain images types the resulting data was always a fixed size. There is the possibility of sensitive data from uninitialized memory being appended to these images. (CVE-2012-0447) It was discovered that Firefox did not properly perform XPConnect security checks. An attacker could exploit this to conduct cross-site scripting (XSS) attacks through web pages and Firefox extensions. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. (CVE-2012-0446) It was discovered that Firefox did not properly handle node removal in the DOM. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2011-3659) Alex Dvorov discovered that Firefox did not properly handle sub-frames in form submissions. An attacker could exploit this to conduct phishing attacks using HTML5 frames. (CVE-2012-0445) Ben Hawkes, Christian Holler, Honza Bombas, Jason Orendorff, Jesse Ruderman, Jan Odvarko, Peter Van Der Beken, Bob Clary, and Bill McCloskey discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-0442, CVE-2012-0443). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1355-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected firefox package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox 8/9 AttributeChildRemoved() Use-After-Free'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/02/01"); script_set_attribute(attribute:"patch_publication_date", value:"2012/02/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(10\.04\|10\.10\|11\.04\|11\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 10.10 / 11.04 / 11.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"10.04", pkgname:"firefox", pkgver:"10.0+build1-0ubuntu0.10.04.2")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"firefox", pkgver:"10.0+build1-0ubuntu0.10.10.1")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"firefox", pkgver:"10.0+build1-0ubuntu0.11.04.1")) flag++; if (ubuntu_check(osver:"11.10", pkgname:"firefox", pkgver:"10.0+build1-0ubuntu0.11.10.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox"); }

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2012-47.NASL
description	A heap-based buffer overflow flaw was found in the way the libvorbis library parsed Ogg Vorbis media files. If a specially crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-0444)
last seen	2020-06-01
modified	2020-06-02
plugin id	69654
published	2013-09-04
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/69654
title	Amazon Linux AMI : libvorbis (ALAS-2012-47)

NASL family	Windows
NASL id	MOZILLA_THUNDERBIRD_3118.NASL
description	The installed version of Thunderbird 3.1.x is earlier than 3.1.18 and is, therefore, potentially affected by the following vulnerabilities: - A use-after-free error exists related to removed nsDOMAttribute child nodes.(CVE-2011-3659) - The IPv6 literal syntax in web addresses is not being properly enforced. (CVE-2011-3670) - Various memory safety issues exist. (CVE-2012-0442) - Memory corruption errors exist related to the decoding of Ogg Vorbis files and processing of malformed XSLT stylesheets. (CVE-2012-0444, CVE-2012-0449)
last seen	2020-06-01
modified	2020-06-02
plugin id	57771
published	2012-02-01
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57771
title	Mozilla Thunderbird 3.1.x < 3.1.18 Multiple Vulnerabilities

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20120215_LIBVORBIS_ON_SL4_X.NASL
description	The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. A heap-based buffer overflow flaw was found in the way the libvorbis library parsed Ogg Vorbis media files. If a specially crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-0444) Users of libvorbis should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.
last seen	2020-03-18
modified	2012-08-01
plugin id	61249
published	2012-08-01
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/61249
title	Scientific Linux Security Update : libvorbis on SL4.x, SL5.x, SL6.x i386/x86_64 (20120215)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_THUNDERBIRD_10_0.NASL
description	The installed version of Thunderbird 9.x is potentially affected by the following security issues : - A use-after-free error exists related to removed nsDOMAttribute child nodes.(CVE-2011-3659) - Various memory safety issues exist. (CVE-2012-0442, CVE-2012-0443) - Memory corruption errors exist related to the decoding of Ogg Vorbis files and processing of malformed XSLT stylesheets. (CVE-2012-0444, CVE-2012-0449) - The HTML5 frame navigation policy can be violated by allowing an attacker to replace a sub-frame in another domain
last seen	2020-06-01
modified	2020-06-02
plugin id	57775
published	2012-02-01
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57775
title	Thunderbird 9.x Multiple Vulnerabilities (Mac OS X)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_FIREFOX_3_6_26.NASL
description	The installed version of Firefox 3.6 is earlier than 3.6.26. Such versions are potentially affected by multiple vulnerabilities : - A use-after-free error exists related to removed nsDOMAttribute child nodes.(CVE-2011-3659) - The IPv6 literal syntax in web addresses is not being properly enforced. (CVE-2011-3670) - Various memory safety issues exist. (CVE-2012-0442) - Memory corruption errors exist related to the decoding of Ogg Vorbis files and processing of malformed XSLT stylesheets. (CVE-2012-0444, CVE-2012-0449)
last seen	2020-06-01
modified	2020-06-02
plugin id	57774
published	2012-02-01
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57774
title	Firefox 3.6 < 3.6.26 Multiple Vulnerabilities (Mac OS X)

NASL family	SuSE Local Security Checks
NASL id	SUSE_LIBVORBIS-7984.NASL
description	Specially crafted Ogg files could cause a heap-based buffer overflow in the vorbis audio compression library that could potentially be exploited by attackers to cause a crash or execute arbitrary code. (CVE-2012-0444)
last seen	2020-06-05
modified	2012-03-02
plugin id	58196
published	2012-03-02
reporter	This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/58196
title	SuSE 10 Security Update : libvorbis (ZYPP Patch Number 7984)

NASL family	Windows
NASL id	SEAMONKEY_27.NASL
description	The installed version of SeaMonkey is earlier than 2.7.0. Such versions are potentially affected by the following security issues : - A use-after-free error exists related to removed nsDOMAttribute child nodes.(CVE-2011-3659) - Various memory safety issues exist. (CVE-2012-0442, CVE-2012-0443) - Memory corruption errors exist related to the decoding of Ogg Vorbis files and processing of malformed XSLT stylesheets. (CVE-2012-0444, CVE-2012-0449) - The HTML5 frame navigation policy can be violated by allowing an attacker to replace a sub-frame in another domain
last seen	2020-06-01
modified	2020-06-02
plugin id	57772
published	2012-02-01
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57772
title	SeaMonkey < 2.7.0 Multiple Vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_4_MOZILLATHUNDERBIRD-120201.NASL
description	Mozilla Thunderbird was updated to 3.1.18 security update, fixing security issues and bugs. Following security bugs were fixed : MFSA 2012-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References CVE-2012-0442: Jesse Ruderman and Bob Clary reported memory safety problems that were fixed in both Firefox 10 and Firefox 3.6.26. MFSA 2012-02/CVE-2011-3670: For historical reasons Firefox has been generous in its interpretation of web addresses containing square brackets around the host. If this host was not a valid IPv6 literal address, Firefox attempted to interpret the host as a regular domain name. Gregory Fleischer reported that requests made using IPv6 syntax using XMLHttpRequest objects through a proxy may generate errors depending on proxy configuration for IPv6. The resulting error messages from the proxy may disclose sensitive data because Same-Origin Policy (SOP) will allow the XMLHttpRequest object to read these error messages, allowing user privacy to be eroded. Firefox now enforces RFC 3986 IPv6 literal syntax and that may break links written using the non-standard Firefox-only forms that were previously accepted. This was fixed previously for Firefox 7.0, Thunderbird 7.0, and SeaMonkey 2.4 but only fixed in Firefox 3.6.26 and Thunderbird 3.1.18 during 2012. MFSA 2012-04/CVE-2011-3659: Security researcher regenrecht reported via TippingPoint
last seen	2020-06-05
modified	2014-06-13
plugin id	75969
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/75969
title	openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-5751)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2012-0079.NASL
description	From Red Hat Security Advisory 2012:0079 : Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in the way Firefox removed nsDOMAttribute child nodes. In certain circumstances, due to the premature notification of AttributeChildRemoved, a malicious script could possibly use this flaw to cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3659) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0442) A flaw was found in the way Firefox parsed Ogg Vorbis media files. A web page containing a malicious Ogg Vorbis media file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0444) A flaw was found in the way Firefox parsed certain Scalable Vector Graphics (SVG) image files that contained eXtensible Style Sheet Language Transformations (XSLT). A web page containing a malicious SVG image file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0449) The same-origin policy in Firefox treated http://example.com and http://[example.com] as interchangeable. A malicious script could possibly use this flaw to gain access to sensitive information (such as a client
last seen	2020-05-31
modified	2013-07-12
plugin id	68443
published	2013-07-12
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68443
title	Oracle Linux 4 / 5 / 6 : firefox (ELSA-2012-0079)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_4_MOZILLAFIREFOX-120201.NASL
description	Mozilla Firefox was updated to version 10 to fix bugs and security issues. MFSA 2012-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References CVE-2012-0443: Ben Hawkes, Christian Holler, Honza Bombas, Jason Orendorff, Jesse Ruderman, Jan Odvarko, Peter Van Der Beken, and Bill McCloskey reported memory safety problems that were fixed in Firefox 10. CVE-2012-0442: Jesse Ruderman and Bob Clary reported memory safety problems that were fixed in both Firefox 10 and Firefox 3.6.26. MFSA 2012-02/CVE-2011-3670: For historical reasons Firefox has been generous in its interpretation of web addresses containing square brackets around the host. If this host was not a valid IPv6 literal address, Firefox attempted to interpret the host as a regular domain name. Gregory Fleischer reported that requests made using IPv6 syntax using XMLHttpRequest objects through a proxy may generate errors depending on proxy configuration for IPv6. The resulting error messages from the proxy may disclose sensitive data because Same-Origin Policy (SOP) will allow the XMLHttpRequest object to read these error messages, allowing user privacy to be eroded. Firefox now enforces RFC 3986 IPv6 literal syntax and that may break links written using the non-standard Firefox-only forms that were previously accepted. This was fixed previously for Firefox 7.0, Thunderbird 7.0, and SeaMonkey 2.4 but only fixed in Firefox 3.6.26 and Thunderbird 3.1.18 during 2012. MFSA 2012-03/CVE-2012-0445: Alex Dvorov reported that an attacker could replace a sub-frame in another domain
last seen	2020-06-05
modified	2014-06-13
plugin id	75951
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/75951
title	openSUSE Security Update : MozillaFirefox (MozillaFirefox-5750)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2012-0136.NASL
description	Updated libvorbis packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. A heap-based buffer overflow flaw was found in the way the libvorbis library parsed Ogg Vorbis media files. If a specially crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-0444) Users of libvorbis should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	57962
published	2012-02-16
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57962
title	CentOS 4 / 5 / 6 : libvorbis (CESA-2012:0136)

NASL family	Windows
NASL id	MOZILLA_FIREFOX_3626.NASL
description	The installed version of Firefox 3.6.x is earlier than 3.6.26 and is, therefore, potentially affected by the following security issues : - A use-after-free error exists related to removed nsDOMAttribute child nodes.(CVE-2011-3659) - The IPv6 literal syntax in web addresses is not being properly enforced. (CVE-2011-3670) - Various memory safety issues exist. (CVE-2012-0442) - Memory corruption errors exist related to the decoding of Ogg Vorbis files and processing of malformed XSLT stylesheets. (CVE-2012-0444, CVE-2012-0449)
last seen	2020-06-01
modified	2020-06-02
plugin id	57769
published	2012-02-01
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57769
title	Firefox 3.6.x < 3.6.26 Multiple Vulnerabilities

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2012-013.NASL
description	Security issues were identified and fixed in mozilla firefox and thunderbird : Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes (CVE-2011-3659). Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages (CVE-2011-3670). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2012-0442). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2012-0443). Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file (CVE-2012-0444). Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame
last seen	2020-06-01
modified	2020-06-02
plugin id	57833
published	2012-02-06
reporter	This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57833
title	Mandriva Linux Security Advisory : mozilla (MDVSA-2012:013)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-2412.NASL
description	It was discovered that a heap overflow in the Vorbis audio compression library could lead to the execution of arbitrary code if a malformed Ogg Vorbis file is processed.
last seen	2020-03-17
modified	2012-02-20
plugin id	58012
published	2012-02-20
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/58012
title	Debian DSA-2412-1 : libvorbis - buffer overflow

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2012-0136.NASL
description	Updated libvorbis packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. A heap-based buffer overflow flaw was found in the way the libvorbis library parsed Ogg Vorbis media files. If a specially crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-0444) Users of libvorbis should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.
last seen	2020-04-16
modified	2012-02-15
plugin id	57957
published	2012-02-15
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57957
title	RHEL 4 / 5 / 6 : libvorbis (RHSA-2012:0136)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_MOZILLA-XULRUNNER192-120206.NASL
description	Mozilla XULrunner was updated to 1.9.2.26 security update, fixing security issues and bugs. The following security bugs have been fixed : - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2012-01) In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References - Jesse Ruderman and Bob Clary reported memory safety problems that were fixed in both Firefox 10 and Firefox 3.6.26. (CVE-2012-0442) - For historical reasons Firefox has been generous in its interpretation of web addresses containing square brackets around the host. If this host was not a valid IPv6 literal address, Firefox attempted to interpret the host as a regular domain name. Gregory Fleischer reported that requests made using IPv6 syntax using XMLHttpRequest objects through a proxy may generate errors depending on proxy configuration for IPv6. The resulting error messages from the proxy may disclose sensitive data because Same-Origin Policy (SOP) will allow the XMLHttpRequest object to read these error messages, allowing user privacy to be eroded. Firefox now enforces RFC 3986 IPv6 literal syntax and that may break links written using the non-standard Firefox-only forms that were previously accepted. (MFSA 2012-02 / CVE-2011-3670) This was fixed previously for Firefox 7.0, Thunderbird 7.0, and SeaMonkey 2.4 but only fixed in Firefox 3.6.26 and Thunderbird 3.1.18 during 2012. - Security researcher regenrecht reported via TippingPoint
last seen	2020-06-05
modified	2012-02-10
plugin id	57886
published	2012-02-10
reporter	This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57886
title	SuSE 11.1 Security Update : Mozilla XULrunner (SAT Patch Number 5764)

NASL family	SuSE Local Security Checks
NASL id	SUSE_MOZILLAFIREFOX-7949.NASL
description	Mozilla Firefox was updated to 3.6.26 fixing bugs and security issues. The following security issues have been fixed by this update : - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2012-01) In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References - Jesse Ruderman and Bob Clary reported memory safety problems that were fixed in both Firefox 10 and Firefox 3.6.26. (CVE-2012-0442) - For historical reasons Firefox has been generous in its interpretation of web addresses containing square brackets around the host. If this host was not a valid IPv6 literal address, Firefox attempted to interpret the host as a regular domain name. Gregory Fleischer reported that requests made using IPv6 syntax using XMLHttpRequest objects through a proxy may generate errors depending on proxy configuration for IPv6. The resulting error messages from the proxy may disclose sensitive data because Same-Origin Policy (SOP) will allow the XMLHttpRequest object to read these error messages, allowing user privacy to be eroded. Firefox now enforces RFC 3986 IPv6 literal syntax and that may break links written using the non-standard Firefox-only forms that were previously accepted. (MFSA 2012-02 / CVE-2011-3670) This was fixed previously for Firefox 7.0, Thunderbird 7.0, and SeaMonkey 2.4 but only fixed in Firefox 3.6.26 and Thunderbird 3.1.18 during 2012. - Security researcher regenrecht reported via TippingPoint
last seen	2020-06-05
modified	2012-02-08
plugin id	57858
published	2012-02-08
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57858
title	SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7949)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_LIBVORBIS-120221.NASL
description	Specially crafted Ogg files could cause a heap-based buffer overflow in the vorbis audio compression library that could potentially be exploited by attackers to cause a crash or execute arbitrary code. (CVE-2012-0444)
last seen	2020-06-05
modified	2012-03-02
plugin id	58195
published	2012-03-02
reporter	This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/58195
title	SuSE 11.1 Security Update : libvorbis (SAT Patch Number 5851)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_FIREFOX-10-120202.NASL
description	This update provides Mozilla Firefox 10, which provides many fixes, security and feature enhancements. For a detailed list, please have a look at http://www.mozilla.org/en-US/firefox/10.0/releasenotes/ and http://www.mozilla.org/de/firefox/features/ The following security issues have been fixed in this update : - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2012-01 / CVE-2012-0442 / CVE-2012-0443) - Alex Dvorov reported that an attacker could replace a sub-frame in another domain
last seen	2020-06-05
modified	2012-02-06
plugin id	57838
published	2012-02-06
reporter	This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57838
title	SuSE 11.1 Security Update : MozillaFirefox (SAT Patch Number 5754)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1369-1.NASL
description	Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Thunderbird can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-0449) It was discovered that memory corruption could occur during the decoding of Ogg Vorbis files. If the user were tricked into opening a specially crafted file, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-0444) Tim Abraldes discovered that when encoding certain image types the resulting data was always a fixed size. There is the possibility of sensitive data from uninitialized memory being appended to these images. (CVE-2012-0447) It was discovered that Thunderbird did not properly perform XPConnect security checks. An attacker could exploit this to conduct cross-site scripting (XSS) attacks through web pages and Thunderbird extensions. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. (CVE-2012-0446) It was discovered that Thunderbird did not properly handle node removal in the DOM. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2011-3659) Alex Dvorov discovered that Thunderbird did not properly handle sub-frames in form submissions. An attacker could exploit this to conduct phishing attacks using HTML5 frames. (CVE-2012-0445) Ben Hawkes, Christian Holler, Honza Bombas, Jason Orendorff, Jesse Ruderman, Jan Odvarko, Peter Van Der Beken, Bob Clary, and Bill McCloskey discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-0442, CVE-2012-0443) Andrew McCreight and Olli Pettay discovered a use-after-free vulnerability in the XBL bindings. An attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-0452) Jueri Aedla discovered that libpng, which is in Thunderbird, did not properly verify the size used when allocating memory during chunk decompression. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. (CVE-2011-3026). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	58037
published	2012-02-20
reporter	Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/58037
title	Ubuntu 11.10 : thunderbird vulnerabilities (USN-1369-1)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2012-0422.NASL
description	An updated rhev-hypervisor6 package that fixes two security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way the Linux kernel
last seen	2020-06-01
modified	2020-06-02
plugin id	79285
published	2014-11-17
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/79285
title	RHEL 6 : rhev-hypervisor6 (RHSA-2012:0422)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2012-1652.NASL
description	libvorbis 1.3.3 from upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2012-02-17
plugin id	57989
published	2012-02-17
reporter	This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57989
title	Fedora 16 : libvorbis-1.3.3-1.fc16 (2012-1652)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1370-1.NASL
description	It was discovered that libvorbis did not correctly handle certain malformed ogg files. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could cause a denial of service or possibly execute arbitrary code with the user
last seen	2020-06-01
modified	2020-06-02
plugin id	58069
published	2012-02-21
reporter	Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/58069
title	Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : libvorbis vulnerability (USN-1370-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_4_MOZILLA-JS192-120201.NASL
description	mozilla xulrunner was updated to 1.9.2.26 security update, fixing security issues and bugs. Following security bugs were fixed : MFSA 2012-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References CVE-2012-0442: Jesse Ruderman and Bob Clary reported memory safety problems that were fixed in both Firefox 10 and Firefox 3.6.26. MFSA 2012-02/CVE-2011-3670: For historical reasons Firefox has been generous in its interpretation of web addresses containing square brackets around the host. If this host was not a valid IPv6 literal address, Firefox attempted to interpret the host as a regular domain name. Gregory Fleischer reported that requests made using IPv6 syntax using XMLHttpRequest objects through a proxy may generate errors depending on proxy configuration for IPv6. The resulting error messages from the proxy may disclose sensitive data because Same-Origin Policy (SOP) will allow the XMLHttpRequest object to read these error messages, allowing user privacy to be eroded. Firefox now enforces RFC 3986 IPv6 literal syntax and that may break links written using the non-standard Firefox-only forms that were previously accepted. This was fixed previously for Firefox 7.0, Thunderbird 7.0, and SeaMonkey 2.4 but only fixed in Firefox 3.6.26 and Thunderbird 3.1.18 during 2012. MFSA 2012-04/CVE-2011-3659: Security researcher regenrecht reported via TippingPoint
last seen	2020-06-05
modified	2014-06-13
plugin id	75961
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/75961
title	openSUSE Security Update : mozilla-js192 (mozilla-js192-5749)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20120131_FIREFOX_ON_SL4_X.NASL
description	Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in the way Firefox removed nsDOMAttribute child nodes. In certain circumstances, due to the premature notification of AttributeChildRemoved, a malicious script could possibly use this flaw to cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3659) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0442) A flaw was found in the way Firefox parsed Ogg Vorbis media files. A web page containing a malicious Ogg Vorbis media file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0444) A flaw was found in the way Firefox parsed certain Scalable Vector Graphics (SVG) image files that contained eXtensible Style Sheet Language Transformations (XSLT). A web page containing a malicious SVG image file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0449) The same-origin policy in Firefox treated http://example.com and http://[example.com] as interchangeable. A malicious script could possibly use this flaw to gain access to sensitive information (such as a client
last seen	2020-03-18
modified	2012-08-01
plugin id	61230
published	2012-08-01
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/61230
title	Scientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64 (20120131)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2012-0079.NASL
description	Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in the way Firefox removed nsDOMAttribute child nodes. In certain circumstances, due to the premature notification of AttributeChildRemoved, a malicious script could possibly use this flaw to cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3659) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0442) A flaw was found in the way Firefox parsed Ogg Vorbis media files. A web page containing a malicious Ogg Vorbis media file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0444) A flaw was found in the way Firefox parsed certain Scalable Vector Graphics (SVG) image files that contained eXtensible Style Sheet Language Transformations (XSLT). A web page containing a malicious SVG image file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0449) The same-origin policy in Firefox treated http://example.com and http://[example.com] as interchangeable. A malicious script could possibly use this flaw to gain access to sensitive information (such as a client
last seen	2020-05-31
modified	2012-02-01
plugin id	57760
published	2012-02-01
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57760
title	RHEL 4 / 5 / 6 : firefox (RHSA-2012:0079)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-2400.NASL
description	Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. - CVE-2011-3670 Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed, resulting in potential information disclosure. - CVE-2012-0442 Jesse Ruderman and Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code. - CVE-2012-0444
last seen	2020-03-17
modified	2012-02-03
plugin id	57811
published	2012-02-03
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57811
title	Debian DSA-2400-1 : iceweasel - several vulnerabilities

NASL family	Solaris Local Security Checks
NASL id	SOLARIS11_LIBVORBIS_20120626.NASL
description	The remote Solaris system is missing necessary patches to address security updates : - Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file. (CVE-2012-0444)
last seen	2020-06-01
modified	2020-06-02
plugin id	80686
published	2015-01-19
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/80686
title	Oracle Solaris Third-Party Patch Update : libvorbis (cve_2012_0444_memory_corruption)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1353-1.NASL
description	Jesse Ruderman and Bob Clary discovered memory safety issues affecting the Gecko Browser engine. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Xulrunner. (CVE-2012-0442) It was discovered that the Gecko Browser engine did not properly handle node removal in the DOM. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Xulrunner. (CVE-2011-3659) It was discovered that memory corruption could occur during the decoding of Ogg Vorbis files. If the user were tricked into opening a specially crafted file, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Xulrunner. (CVE-2012-0444) Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Xulrunner can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Xulrunner. (CVE-2012-0449) Gregory Fleischer discovered that requests using IPv6 hostname syntax through certain proxies might generate errors. An attacker might be able to use this to read sensitive data from the error messages. (CVE-2011-3670). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	57874
published	2012-02-09
reporter	Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57874
title	Ubuntu 10.04 LTS / 10.10 : xulrunner-1.9.2 vulnerabilities (USN-1353-1)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1355-2.NASL
description	USN-1355-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko package for use with the latest Firefox. It was discovered that if a user chose to export their Firefox Sync key the
last seen	2020-06-01
modified	2020-06-02
plugin id	57845
published	2012-02-06
reporter	Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57845
title	Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : mozvoikko update (USN-1355-2)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201301-01.NASL
description	The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	63402
published	2013-01-08
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/63402
title	GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)

NASL family	OracleVM Local Security Checks
NASL id	ORACLEVM_OVMSA-2018-0030.NASL
description	The remote OracleVM system is missing necessary patches to address critical security updates : - Backport fix for (CVE-2018-5146) - fix CVE-2012-0444 (#787077)
last seen	2020-06-01
modified	2020-06-02
plugin id	108940
published	2018-04-10
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/108940
title	OracleVM 3.4 : libvorbis (OVMSA-2018-0030)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2012-83.NASL
description	Changes in MozillaFirefox : - update to Firefox 10.0 (bnc#744275) - MFSA 2012-01/CVE-2012-0442/CVE-2012-0443 Miscellaneous memory safety hazards - MFSA 2012-03/CVE-2012-0445 (bmo#701071) <iframe> element exposed across domains via name attribute - MFSA 2012-04/CVE-2011-3659 (bmo#708198) Child nodes from nsDOMAttribute still accessible after removal of nodes - MFSA 2012-05/CVE-2012-0446 (bmo#705651) Frame scripts calling into untrusted objects bypass security checks - MFSA 2012-06/CVE-2012-0447 (bmo#710079) Uninitialized memory appended when encoding icon images may cause information disclosure - MFSA 2012-07/CVE-2012-0444 (bmo#719612) Potential Memory Corruption When Decoding Ogg Vorbis files - MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466) Crash with malformed embedded XSLT stylesheets - KDE integration has been disabled since it needs refactoring - removed obsolete ppc64 patch - Disable neon for arm as it doesn
last seen	2020-06-05
modified	2014-06-13
plugin id	74833
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/74833
title	openSUSE Security Update : MozillaFirefox / MozillaThunderbird / chmsee / etc (openSUSE-2012-83)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2012-141.NASL
description	Specially crafted ogg files could cause a heap-based buffer overflow in the vorbis audio compression library that could potentially be exploited by attackers to cause a crash or execute arbitrary code
last seen	2020-06-05
modified	2014-06-13
plugin id	74562
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/74562
title	openSUSE Security Update : libvorbis (openSUSE-2012-141)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_40497E81FEE34E549D5F175A5C633B73.NASL
description	The Mozilla Project reports : Security researcher regenrecht reported via TippingPoint
last seen	2020-06-01
modified	2020-06-02
plugin id	85640
published	2015-08-26
reporter	This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85640
title	FreeBSD : libtremor -- memory corruption (40497e81-fee3-4e54-9d5f-175a5c633b73)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1350-1.NASL
description	Jesse Ruderman and Bob Clary discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-0442) It was discovered that Thunderbird did not properly handle node removal in the DOM. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2011-3659) It was discovered that memory corruption could occur during the decoding of Ogg Vorbis files. If the user were tricked into opening a specially crafted file, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-0444) Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Thunderbird can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-0449) Gregory Fleischer discovered that requests using IPv6 hostname syntax through certain proxies might generate errors. An attacker might be able to use this to read sensitive data from the error messages. (CVE-2011-3670). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	57873
published	2012-02-09
reporter	Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57873
title	Ubuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerabilities (USN-1350-1)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-2402.NASL
description	Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of SeaMonkey : - CVE-2011-3670 Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed, resulting in potential information disclosure. - CVE-2012-0442 Jesse Ruderman and Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code. - CVE-2012-0444
last seen	2020-03-17
modified	2012-02-03
plugin id	57813
published	2012-02-03
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57813
title	Debian DSA-2402-1 : iceape - several vulnerabilities

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2012-0136.NASL
description	From Red Hat Security Advisory 2012:0136 : Updated libvorbis packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. A heap-based buffer overflow flaw was found in the way the libvorbis library parsed Ogg Vorbis media files. If a specially crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-0444) Users of libvorbis should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	68460
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68460
title	Oracle Linux 4 / 5 / 6 : libvorbis (ELSA-2012-0136)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_4_SEAMONKEY-120207.NASL
description	Mozilla SeaMonkey was updated to 2.7 security update, fixing security issues and bugs. Following security bugs were fixed : MFSA 2012-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References CVE-2012-0442: Jesse Ruderman and Bob Clary reported memory safety problems that were fixed in both Firefox 10 and Firefox 3.6.26. MFSA 2012-02/CVE-2011-3670: For historical reasons Firefox has been generous in its interpretation of web addresses containing square brackets around the host. If this host was not a valid IPv6 literal address, Firefox attempted to interpret the host as a regular domain name. Gregory Fleischer reported that requests made using IPv6 syntax using XMLHttpRequest objects through a proxy may generate errors depending on proxy configuration for IPv6. The resulting error messages from the proxy may disclose sensitive data because Same-Origin Policy (SOP) will allow the XMLHttpRequest object to read these error messages, allowing user privacy to be eroded. Firefox now enforces RFC 3986 IPv6 literal syntax and that may break links written using the non-standard Firefox-only forms that were previously accepted. This was fixed previously for Firefox 7.0, Thunderbird 7.0, and SeaMonkey 2.4 but only fixed in Firefox 3.6.26 and Thunderbird 3.1.18 during 2012. MFSA 2012-04/CVE-2011-3659: Security researcher regenrecht reported via TippingPoint
last seen	2020-06-05
modified	2014-06-13
plugin id	76026
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/76026
title	openSUSE Security Update : seamonkey (seamonkey-5768)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_FIREFOX_10_0.NASL
description	The installed version of Firefox 9.x is potentially affected by the following security issues : - A use-after-free error exists related to removed nsDOMAttribute child nodes.(CVE-2011-3659) - Various memory safety issues exist. (CVE-2012-0442, CVE-2012-0443) - Memory corruption errors exist related to the decoding of Ogg Vorbis files and processing of malformed XSLT stylesheets. (CVE-2012-0444, CVE-2012-0449) - The HTML5 frame navigation policy can be violated by allowing an attacker to replace a sub-frame in another domain
last seen	2020-06-01
modified	2020-06-02
plugin id	57773
published	2012-02-01
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57773
title	Firefox < 10.0 Multiple Vulnerabilities (Mac OS X)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1355-3.NASL
description	USN-1355-1 fixed vulnerabilities in Firefox. This update provides updated ubufox and webfav packages for use with the latest Firefox. It was discovered that if a user chose to export their Firefox Sync key the
last seen	2020-06-01
modified	2020-06-02
plugin id	57846
published	2012-02-06
reporter	Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57846
title	Ubuntu 10.04 LTS / 10.10 : ubufox and webfav update (USN-1355-3)

NASL family	OracleVM Local Security Checks
NASL id	ORACLEVM_OVMSA-2018-0031.NASL
description	The remote OracleVM system is missing necessary patches to address critical security updates : - Backport fix for (CVE-2018-5146) - fix CVE-2012-0444 (#787077)
last seen	2020-06-01
modified	2020-06-02
plugin id	108941
published	2018-04-10
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/108941
title	OracleVM 3.3 : libvorbis (OVMSA-2018-0031)

NASL family	Windows
NASL id	MOZILLA_FIREFOX_100.NASL
description	The installed version of Firefox is earlier than 10.0 and thus, is potentially affected by the following security issues : - A use-after-free error exists related to removed nsDOMAttribute child nodes.(CVE-2011-3659) - Various memory safety issues exist. (CVE-2012-0442, CVE-2012-0443) - Memory corruption errors exist related to the decoding of Ogg Vorbis files and processing of malformed XSLT stylesheets. (CVE-2012-0444, CVE-2012-0449) - The HTML5 frame navigation policy can be violated by allowing an attacker to replace a sub-frame in another domain
last seen	2020-06-01
modified	2020-06-02
plugin id	57768
published	2012-02-01
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57768
title	Firefox < 10.0 Multiple Vulnerabilities

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2012-052.NASL
description	A vulnerability has been found and corrected in libvorbis : If a specially crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application (CVE-2012-0444). The updated packages have been patched to correct this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	58585
published	2012-04-04
reporter	This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/58585
title	Mandriva Linux Security Advisory : libvorbis (MDVSA-2012:052)

Oval

accepted

2014-10-06T04:01:31.885-04:00

class

vulnerability

contributors

name Aharon Chernin
organization DTCC
name Scott Quint
organization DTCC
name Sergey Artykhov
organization ALTX-SOFT
name Sergey Artykhov
organization ALTX-SOFT
name Maria Kedovskaya
organization ALTX-SOFT
name Shane Shaffer
organization G2, Inc.
name Maria Kedovskaya
organization ALTX-SOFT
name Maria Mikhno
organization ALTX-SOFT
name Richard Helbing
organization baramundi software
name Evgeniy Pavlov
organization ALTX-SOFT
name Evgeniy Pavlov
organization ALTX-SOFT
name Evgeniy Pavlov
organization ALTX-SOFT
name Evgeniy Pavlov
organization ALTX-SOFT
name Evgeniy Pavlov
organization ALTX-SOFT

definition_extensions

comment Mozilla Firefox Mainline release is installed
oval oval:org.mitre.oval:def:22259
comment Mozilla Firefox Mainline release is installed
oval oval:org.mitre.oval:def:22259
comment Mozilla Firefox Mainline release is installed
oval oval:org.mitre.oval:def:22259
comment Mozilla Firefox Mainline release is installed
oval oval:org.mitre.oval:def:22259
comment Mozilla Thunderbird Mainline release is installed
oval oval:org.mitre.oval:def:22093
comment Mozilla Thunderbird Mainline release is installed
oval oval:org.mitre.oval:def:22093
comment Mozilla Thunderbird Mainline release is installed
oval oval:org.mitre.oval:def:22093
comment Mozilla Thunderbird Mainline release is installed
oval oval:org.mitre.oval:def:22093
comment Mozilla Firefox Mainline release is installed
oval oval:org.mitre.oval:def:22259
comment Mozilla Firefox Mainline release is installed
oval oval:org.mitre.oval:def:22259
comment Mozilla Firefox Mainline release is installed
oval oval:org.mitre.oval:def:22259
comment Mozilla Firefox Mainline release is installed
oval oval:org.mitre.oval:def:22259
comment Mozilla Firefox Mainline release is installed
oval oval:org.mitre.oval:def:22259
comment Mozilla Firefox Mainline release is installed
oval oval:org.mitre.oval:def:22259
comment Mozilla Thunderbird Mainline release is installed
oval oval:org.mitre.oval:def:22093
comment Mozilla Thunderbird Mainline release is installed
oval oval:org.mitre.oval:def:22093
comment Mozilla Thunderbird Mainline release is installed
oval oval:org.mitre.oval:def:22093
comment Mozilla Thunderbird Mainline release is installed
oval oval:org.mitre.oval:def:22093
comment Mozilla Thunderbird Mainline release is installed
oval oval:org.mitre.oval:def:22093
comment Mozilla Seamonkey is installed
oval oval:org.mitre.oval:def:6372
comment Mozilla Seamonkey is installed
oval oval:org.mitre.oval:def:6372

description

family

windows

oval:org.mitre.oval:def:14464

status

accepted

submitted

2012-02-06T08:10:17.000-05:00

title

version

Redhat

advisories

bugzilla

id	786026
title	CVE-2012-0444 Firefox: Ogg Vorbis Decoding Memory Corruption (MFSA 2012-07)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025

AND
comment libvorbis-devel is earlier than 1:1.1.0-4.el4.5
oval oval:com.redhat.rhsa:tst:20120136001
comment libvorbis-devel is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20070845002
AND
comment libvorbis is earlier than 1:1.1.0-4.el4.5
oval oval:com.redhat.rhsa:tst:20120136003
comment libvorbis is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20070845004

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND

comment libvorbis-devel is earlier than 1:1.1.2-3.el5_7.6
oval oval:com.redhat.rhsa:tst:20120136006
comment libvorbis-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070845009

AND
comment libvorbis is earlier than 1:1.1.2-3.el5_7.6
oval oval:com.redhat.rhsa:tst:20120136008
comment libvorbis is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070845007

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND
comment libvorbis is earlier than 1:1.2.3-4.el6_2.1
oval oval:com.redhat.rhsa:tst:20120136011
comment libvorbis is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120136012

AND

comment libvorbis-devel-docs is earlier than 1:1.2.3-4.el6_2.1
oval oval:com.redhat.rhsa:tst:20120136013
comment libvorbis-devel-docs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120136014

AND

comment libvorbis-devel is earlier than 1:1.2.3-4.el6_2.1
oval oval:com.redhat.rhsa:tst:20120136015
comment libvorbis-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120136016

rhsa

id	RHSA-2012:0136
released	2012-02-15
severity	Important
title	RHSA-2012:0136: libvorbis security update (Important)

rpms

firefox-0:3.6.26-1.el5_7
firefox-0:3.6.26-1.el6_2
firefox-0:3.6.26-2.el4
firefox-debuginfo-0:3.6.26-1.el5_7
firefox-debuginfo-0:3.6.26-1.el6_2
firefox-debuginfo-0:3.6.26-2.el4
xulrunner-0:1.9.2.26-1.el5_7
xulrunner-0:1.9.2.26-1.el6_2
xulrunner-debuginfo-0:1.9.2.26-1.el5_7
xulrunner-debuginfo-0:1.9.2.26-1.el6_2
xulrunner-devel-0:1.9.2.26-1.el5_7
xulrunner-devel-0:1.9.2.26-1.el6_2
libvorbis-1:1.1.0-4.el4.5
libvorbis-1:1.1.2-3.el5_7.6
libvorbis-1:1.2.3-4.el6_2.1
libvorbis-debuginfo-1:1.1.0-4.el4.5
libvorbis-debuginfo-1:1.1.2-3.el5_7.6
libvorbis-debuginfo-1:1.2.3-4.el6_2.1
libvorbis-devel-1:1.1.0-4.el4.5
libvorbis-devel-1:1.1.2-3.el5_7.6
libvorbis-devel-1:1.2.3-4.el6_2.1
libvorbis-devel-docs-1:1.2.3-4.el6_2.1

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Oval

Redhat

References