Vulnerabilities > CVE-2012-1960 - Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
mozilla
CWE-200
nessus

Summary

The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation.

Vulnerable Configurations

Part Description Count
Application
Mozilla
169

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_140.NASL
    descriptionThe installed version of Firefox is earlier than 14.0 and thus, is potentially affected by the following security issues : - Several memory safety issues exist, some of which could potentially allow arbitrary code execution. (CVE-2012-1948, CVE-2012-1949) - An error related to drag and drop can allow incorrect URLs to be displayed. (CVE-2012-1950) - Several memory safety issues exist related to the Gecko layout engine. (CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954) - An error related to JavaScript functions
    last seen2020-06-01
    modified2020-06-02
    plugin id60043
    published2012-07-19
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60043
    titleFirefox < 14.0 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60043);
      script_version("1.14");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id(
        "CVE-2012-1948",
        "CVE-2012-1949",
        "CVE-2012-1950",
        "CVE-2012-1951",
        "CVE-2012-1952",
        "CVE-2012-1953",
        "CVE-2012-1954",
        "CVE-2012-1955",
        "CVE-2012-1957",
        "CVE-2012-1958",
        "CVE-2012-1959",
        "CVE-2012-1960",
        "CVE-2012-1961",
        "CVE-2012-1962",
        "CVE-2012-1963",
        "CVE-2012-1965",
        "CVE-2012-1966",
        "CVE-2012-1967"
      );
      script_bugtraq_id(
        54572,
        54573,
        54574,
        54575,
        54576,
        54577,
        54578,
        54579,
        54580,
        54582,
        54583,
        54584,
        54585,
        54586
      );
    
      script_name(english:"Firefox < 14.0 Multiple Vulnerabilities");
      script_summary(english:"Checks version of Firefox");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a web browser that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Firefox is earlier than 14.0 and thus, is 
    potentially affected by the following security issues :
    
      - Several memory safety issues exist, some of which could
        potentially allow arbitrary code execution.
        (CVE-2012-1948, CVE-2012-1949)
    
      - An error related to drag and drop can allow incorrect
        URLs to be displayed. (CVE-2012-1950)
    
      - Several memory safety issues exist related to the Gecko
        layout engine. (CVE-2012-1951, CVE-2012-1952,
        CVE-2012-1953, CVE-2012-1954)
    
      - An error related to JavaScript functions
        'history.forward' and 'history.back' can allow
        incorrect URLs to be displayed. (CVE-2012-1955)
    
      - Cross-site scripting attacks are possible due to an
        error related to the '<embed>' tag within an RSS
        '<description>' element. (CVE-2012-1957)
    
      - A use-after-free error exists related to the method
        'nsGlobalWindow::PageHidden'. (CVE-2012-1958)
    
      - An error exists that can allow 'same-compartment
        security wrappers' (SCSW) to be bypassed.
        (CVE-2012-1959)
    
      - An out-of-bounds read error exists related to the color
        management library (QCMS). (CVE-2012-1960)
      
      - The 'X-Frames-Options' header is ignored if it is
        duplicated. (CVE-2012-1961)
    
      - A memory corruption error exists related to the method
        'JSDependentString::undepend'. (CVE-2012-1962)
    
      - An error related to the 'Content Security Policy' (CSP)
        implementation can allow the disclosure of OAuth 2.0
        access tokens and OpenID credentials. (CVE-2012-1963)
    
      - An error exists related to the 'feed:' URL that can
        allow cross-site scripting attacks. (CVE-2012-1965)
    
      - Cross-site scripting attacks are possible due to an
        error related to the 'data:' URL and context menus.
        (CVE-2012-1966)
    
      - An error exists related to the 'javascript:' URL that
        can allow scripts to run at elevated privileges outside
        the sandbox. (CVE-2012-1967)");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-42/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-43/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-44/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-45/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-46/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-47/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-48/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-49/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-50/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-51/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-52/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-53/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-55/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-56/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Firefox 14.0 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-1967");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/07/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/19");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Firefox/Version");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    port = get_kb_item_or_exit("SMB/transport"); 
    
    installs = get_kb_list("SMB/Mozilla/Firefox/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");
    
    mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'14.0', severity:SECURITY_HOLE, xss:TRUE);
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_FIREFOX-201207-120719.NASL
    descriptionMozilla Firefox has been updated to the 10.0.6ESR security release fixing various bugs and several security issues, some critical. The following security issues have been fixed : - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2012-42) - Benoit Jacob, Jesse Ruderman, Christian Holler, and Bill McCloskey reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 13. (CVE-2012-1948) - Security researcher Mario Gomes andresearch firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the addressbar by canceling the page load. This causes the address of the previously site entered to be displayed in the addressbar instead of the currently loaded page. This could lead to potential phishing attacks on users. (MFSA 2012-43 / CVE-2012-1950) - Google security researcher Abhishek Arya used the Address Sanitizer tool to uncover four issues: two use-after-free problems, one out of bounds read bug, and a bad cast. The first use-afte.r-free problem is caused when an array of nsSMILTimeValueSpec objects is destroyed but attempts are made to call into objects in this array later. The second use-after-free problem is in nsDocument::AdoptNode when it adopts into an empty document and then adopts into another document, emptying the first one. The heap buffer overflow is in ElementAnimations when data is read off of end of an array and then pointers are dereferenced. The bad cast happens when nsTableFrame::InsertFrames is called with frames in aFrameList that are a mix of row group frames and column group frames. AppendFrames is not able to handle this mix. (MFSA 2012-44) All four of these issues are potentially exploitable. - Heap-use-after-free in nsSMILTimeValueSpec::IsEventBased. (CVE-2012-1951) - Heap-use-after-free in nsDocument::AdoptNode. (CVE-2012-1954) - Out of bounds read in ElementAnimations::EnsureStyleRuleFor. (CVE-2012-1953) - Bad cast in nsTableFrame::InsertFrames. (CVE-2012-1952) - Security researcher Mariusz Mlynski reported an issue with spoofing of the location property. In this issue, calls to history.forward and history.back are used to navigate to a site while displaying the previous site in the addressbar but changing the baseURI to the newer site. This can be used for phishing by allowing the user input form or other data on the newer, attacking, site while appearing to be on the older, displayed site. (MFSA 2012-45 / CVE-2012-1955) - Mozilla security researcher moz_bug_r_a4 reported a cross-site scripting (XSS) attack through the context menu using a data: URL. In this issue, context menu functionality (
    last seen2020-06-05
    modified2013-01-25
    plugin id64131
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64131
    titleSuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 6574)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(64131);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-1948", "CVE-2012-1949", "CVE-2012-1950", "CVE-2012-1951", "CVE-2012-1952", "CVE-2012-1953", "CVE-2012-1954", "CVE-2012-1955", "CVE-2012-1957", "CVE-2012-1958", "CVE-2012-1959", "CVE-2012-1960", "CVE-2012-1961", "CVE-2012-1962", "CVE-2012-1963", "CVE-2012-1964", "CVE-2012-1965", "CVE-2012-1966", "CVE-2012-1967");
    
      script_name(english:"SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 6574)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Mozilla Firefox has been updated to the 10.0.6ESR security release
    fixing various bugs and several security issues, some critical.
    
    The following security issues have been fixed :
    
      - Mozilla developers identified and fixed several memory
        safety bugs in the browser engine used in Firefox and
        other Mozilla-based products. Some of these bugs showed
        evidence of memory corruption under certain
        circumstances, and we presume that with enough effort at
        least some of these could be exploited to run arbitrary
        code. (MFSA 2012-42)
    
      - Benoit Jacob, Jesse Ruderman, Christian Holler, and Bill
        McCloskey reported memory safety problems and crashes
        that affect Firefox ESR 10 and Firefox 13.
        (CVE-2012-1948)
    
      - Security researcher Mario Gomes andresearch firm Code
        Audit Labs reported a mechanism to short-circuit page
        loads through drag and drop to the addressbar by
        canceling the page load. This causes the address of the
        previously site entered to be displayed in the
        addressbar instead of the currently loaded page. This
        could lead to potential phishing attacks on users. (MFSA
        2012-43 / CVE-2012-1950)
    
      - Google security researcher Abhishek Arya used the
        Address Sanitizer tool to uncover four issues: two
        use-after-free problems, one out of bounds read bug, and
        a bad cast. The first use-afte.r-free problem is caused
        when an array of nsSMILTimeValueSpec objects is
        destroyed but attempts are made to call into objects in
        this array later. The second use-after-free problem is
        in nsDocument::AdoptNode when it adopts into an empty
        document and then adopts into another document, emptying
        the first one. The heap buffer overflow is in
        ElementAnimations when data is read off of end of an
        array and then pointers are dereferenced. The bad cast
        happens when nsTableFrame::InsertFrames is called with
        frames in aFrameList that are a mix of row group frames
        and column group frames. AppendFrames is not able to
        handle this mix. (MFSA 2012-44)
    
        All four of these issues are potentially exploitable.
    
      - Heap-use-after-free in
        nsSMILTimeValueSpec::IsEventBased. (CVE-2012-1951)
    
      - Heap-use-after-free in nsDocument::AdoptNode.
        (CVE-2012-1954)
    
      - Out of bounds read in
        ElementAnimations::EnsureStyleRuleFor. (CVE-2012-1953)
    
      - Bad cast in nsTableFrame::InsertFrames. (CVE-2012-1952)
    
      - Security researcher Mariusz Mlynski reported an issue
        with spoofing of the location property. In this issue,
        calls to history.forward and history.back are used to
        navigate to a site while displaying the previous site in
        the addressbar but changing the baseURI to the newer
        site. This can be used for phishing by allowing the user
        input form or other data on the newer, attacking, site
        while appearing to be on the older, displayed site.
        (MFSA 2012-45 / CVE-2012-1955)
    
      - Mozilla security researcher moz_bug_r_a4 reported a
        cross-site scripting (XSS) attack through the context
        menu using a data: URL. In this issue, context menu
        functionality ('View Image', 'Show only this frame', and
        'View background image') are disallowed in a javascript:
        URL but allowed in a data: URL, allowing for XSS. This
        can lead to arbitrary code execution. (MFSA 2012-46 /
        CVE-2012-1966)
    
      - Security researcher Mario Heiderich reported that
        JavaScript could be executed in the HTML feed-view using
        tag within the RSS . This problem is due to tags not
        being filtered out during parsing and can lead to a
        potential cross-site scripting (XSS) attack. The flaw
        existed in a parser utility class and could affect other
        parts of the browser or add-ons which rely on that class
        to sanitize untrusted input. (MFSA 2012-47 /
        CVE-2012-1957)
    
      - Security researcher Arthur Gerkis used the Address
        Sanitizer tool to find a use-after-free in
        nsGlobalWindow::PageHidden when mFocusedContent is
        released and oldFocusedContent is used afterwards. This
        use-after-free could possibly allow for remote code
        execution. (MFSA 2012-48 / CVE-2012-1958)
    
      - Mozilla developer Bobby Holley found that
        same-compartment security wrappers (SCSW) can be
        bypassed by passing them to another compartment.
        Cross-compartment wrappers often do not go through SCSW,
        but have a filtering policy built into them. When an
        object is wrapped cross-compartment, the SCSW is
        stripped off and, when the object is read read back, it
        is not known that SCSW was previously present, resulting
        in a bypassing of SCSW. This could result in untrusted
        content having access to the XBL that implements browser
        functionality. (MFSA 2012-49 / CVE-2012-1959)
    
      - Google developer Tony Payne reported an out of bounds
        (OOB) read in QCMS, Mozilla's color management library.
        With a carefully crafted color profile portions of a
        user's memory could be incorporated into a transformed
        image and possibly deciphered. (MFSA 2012-50 /
        CVE-2012-1960)
    
      - Bugzilla developer Frederic Buclin reported that the
        'X-Frame-Options header is ignored when the value is
        duplicated, for example X-Frame-Options: SAMEORIGIN,
        SAMEORIGIN. This duplication occurs for unknown reasons
        on some websites and when it occurs results in Mozilla
        browsers not being protected against possible
        clickjacking attacks on those pages. (MFSA 2012-51 /
        CVE-2012-1961)
    
      - Security researcher Bill Keese reported a memory
        corruption. This is caused by
        JSDependentString::undepend changing a dependent string
        into a fixed string when there are additional dependent
        strings relying on the same base. When the undepend
        occurs during conversion, the base data is freed,
        leaving other dependent strings with dangling pointers.
        This can lead to a potentially exploitable crash. (MFSA
        2012-52 / CVE-2012-1962)
    
      - Security researcher Karthikeyan Bhargavan of Prosecco at
        INRIA reported Content Security Policy (CSP) 1.0
        implementation errors. CSP violation reports generated
        by Firefox and sent to the 'report-uri' location include
        sensitive data within the 'blocked-uri' parameter. These
        include fragment components and query strings even if
        the 'blocked-uri' parameter has a different origin than
        the protected resource. This can be used to retrieve a
        user's OAuth 2.0 access tokens and OpenID credentials by
        malicious sites. (MFSA 2012-53 / CVE-2012-1963)
    
      - Security Researcher Matt McCutchen reported that a
        clickjacking attack using the certificate warning page.
        A man-in-the-middle (MITM) attacker can use an iframe to
        display its own certificate error warning page
        (about:certerror) with the 'Add Exception' button of a
        real warning page from a malicious site. This can
        mislead users to adding a certificate exception for a
        different site than the perceived one. This can lead to
        compromised communications with the user perceived site
        through the MITM attack once the certificate exception
        has been added. (MFSA 2012-54 / CVE-2012-1964)
    
      - Security researchers Mario Gomes and Soroush Dalili
        reported that since Mozilla allows the pseudo-protocol
        feed: to prefix any valid URL, it is possible to
        construct feed:javascript: URLs that will execute
        scripts in some contexts. On some sites it may be
        possible to use this to evade output filtering that
        would otherwise strip javascript: URLs and thus
        contribute to cross-site scripting (XSS) problems on
        these sites. (MFSA 2012-55 / CVE-2012-1965)
    
      - Mozilla security researcher moz_bug_r_a4 reported a
        arbitrary code execution attack using a javascript: URL.
        The Gecko engine features a JavaScript sandbox utility
        that allows the browser or add-ons to safely execute
        script in the context of a web page. In certain cases,
        javascript: URLs are executed in such a sandbox with
        insufficient context that can allow those scripts to
        escape from the sandbox and run with elevated privilege.
        This can lead to arbitrary code execution. (MFSA 2012-56
        / CVE-2012-1967)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-42.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-43.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-44.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-45.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-46.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-47.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-48.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-49.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-50.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-51.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-52.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-53.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-54.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-55.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-56.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=771583"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1948.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1949.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1950.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1951.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1952.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1953.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1954.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1955.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1957.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1958.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1959.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1960.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1961.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1962.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1963.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1964.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1965.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1966.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-1967.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 6574.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:MozillaFirefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-branding-SLED");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/07/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"MozillaFirefox-10.0.6-0.4.1")) flag++;
    if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"MozillaFirefox-branding-SLED-7-0.6.7.70")) flag++;
    if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"MozillaFirefox-translations-10.0.6-0.4.1")) flag++;
    if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"MozillaFirefox-10.0.6-0.4.1")) flag++;
    if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"MozillaFirefox-branding-SLED-7-0.6.7.70")) flag++;
    if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"MozillaFirefox-translations-10.0.6-0.4.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, reference:"MozillaFirefox-10.0.6-0.4.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, reference:"MozillaFirefox-branding-SLED-7-0.6.7.70")) flag++;
    if (rpm_check(release:"SLES11", sp:1, reference:"MozillaFirefox-translations-10.0.6-0.4.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_14_0.NASL
    descriptionThe installed version of Firefox is earlier than 14.0 and thus, is potentially affected by the following security issues : - Several memory safety issues exist, some of which could potentially allow arbitrary code execution. (CVE-2012-1948, CVE-2012-1949) - An error related to drag and drop can allow incorrect URLs to be displayed. (CVE-2012-1950) - Several memory safety issues exist related to the Gecko layout engine. (CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954) - An error related to JavaScript functions
    last seen2020-06-01
    modified2020-06-02
    plugin id60039
    published2012-07-19
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60039
    titleFirefox < 14.0 Multiple Vulnerabilities (Mac OS X)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60039);
      script_version("1.14");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id(
        "CVE-2012-1948",
        "CVE-2012-1949",
        "CVE-2012-1950",
        "CVE-2012-1951",
        "CVE-2012-1952",
        "CVE-2012-1953",
        "CVE-2012-1954",
        "CVE-2012-1955",
        "CVE-2012-1957",
        "CVE-2012-1958",
        "CVE-2012-1959",
        "CVE-2012-1960",
        "CVE-2012-1961",
        "CVE-2012-1962",
        "CVE-2012-1963",
        "CVE-2012-1965",
        "CVE-2012-1966",
        "CVE-2012-1967"
      );
      script_bugtraq_id(
        54572,
        54573,
        54574,
        54575,
        54576,
        54577,
        54578,
        54579,
        54580,
        54582,
        54583,
        54584,
        54585,
        54586
      );
    
      script_name(english:"Firefox < 14.0 Multiple Vulnerabilities (Mac OS X)");
      script_summary(english:"Checks version of Firefox");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Mac OS X host contains a web browser that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Firefox is earlier than 14.0 and thus, is
    potentially affected by the following security issues :
    
      - Several memory safety issues exist, some of which could
        potentially allow arbitrary code execution.
        (CVE-2012-1948, CVE-2012-1949)
    
      - An error related to drag and drop can allow incorrect
        URLs to be displayed. (CVE-2012-1950)
    
      - Several memory safety issues exist related to the Gecko
        layout engine. (CVE-2012-1951, CVE-2012-1952,
        CVE-2012-1953, CVE-2012-1954)
    
      - An error related to JavaScript functions
        'history.forward' and 'history.back' can allow
        incorrect URLs to be displayed. (CVE-2012-1955)
    
      - Cross-site scripting attacks are possible due to an
        error related to the '<embed>' tag within an RSS
        '<description>' element. (CVE-2012-1957)
    
      - A use-after-free error exists related to the method
        'nsGlobalWindow::PageHidden'. (CVE-2012-1958)
    
      - An error exists that can allow 'same-compartment
        security wrappers' (SCSW) to be bypassed.
        (CVE-2012-1959)
    
      - An out-of-bounds read error exists related to the color
        management library (QCMS). (CVE-2012-1960)
      
      - The 'X-Frames-Options' header is ignored if it is
        duplicated. (CVE-2012-1961)
    
      - A memory corruption error exists related to the method
        'JSDependentString::undepend'. (CVE-2012-1962)
    
      - An error related to the 'Content Security Policy' (CSP)
        implementation can allow the disclosure of OAuth 2.0
        access tokens and OpenID credentials. (CVE-2012-1963)
    
      - An error exists related to the 'feed:' URL that can
        allow cross-site scripting attacks. (CVE-2012-1965)
    
      - Cross-site scripting attacks are possible due to an
        error related to the 'data:' URL and context menus.
        (CVE-2012-1966)
    
      - An error exists related to the 'javascript:' URL that
        can allow scripts to run at elevated privileges outside
        the sandbox. (CVE-2012-1967)");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-42/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-43/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-44/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-45/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-46/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-47/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-48/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-49/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-50/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-51/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-52/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-53/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-55/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-56/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Firefox 14.0 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-1967");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/07/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/19");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_firefox_installed.nasl");
      script_require_keys("MacOSX/Firefox/Installed");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    kb_base = "MacOSX/Firefox";
    get_kb_item_or_exit(kb_base+"/Installed");
    
    version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
    path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);
    
    if (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');
    
    mozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'14.0', skippat:'^10\\.0\\.', severity:SECURITY_HOLE, xss:TRUE);
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_DBF338D0DCE511E1B65514DAE9EBCF89.NASL
    descriptionThe Mozilla Project reports : MFSA 2012-42 Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6) MFSA 2012-43 Incorrect URL displayed in addressbar through drag and drop MFSA 2012-44 Gecko memory corruption MFSA 2012-45 Spoofing issue with location MFSA 2012-46 XSS through data: URLs MFSA 2012-47 Improper filtering of JavaScript in HTML feed-view MFSA 2012-48 use-after-free in nsGlobalWindow::PageHidden MFSA 2012-49 Same-compartment Security Wrappers can be bypassed MFSA 2012-50 Out of bounds read in QCMS MFSA 2012-51 X-Frame-Options header ignored when duplicated MFSA 2012-52 JSDependentString::undepend string conversion results in memory corruption MFSA 2012-53 Content Security Policy 1.0 implementation errors cause data leakage MFSA 2012-54 Clickjacking of certificate warning page MFSA 2012-55 feed: URLs with an innerURI inherit security context of page MFSA 2012-56 Code execution through javascript: URLs
    last seen2020-06-01
    modified2020-06-02
    plugin id61402
    published2012-08-03
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61402
    titleFreeBSD : mozilla -- multiple vulnerabilities (dbf338d0-dce5-11e1-b655-14dae9ebcf89)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2019 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61402);
      script_version("1.10");
      script_cvs_date("Date: 2019/07/10 16:04:13");
    
      script_cve_id("CVE-2012-1949", "CVE-2012-1950", "CVE-2012-1951", "CVE-2012-1952", "CVE-2012-1953", "CVE-2012-1954", "CVE-2012-1955", "CVE-2012-1957", "CVE-2012-1958", "CVE-2012-1959", "CVE-2012-1960", "CVE-2012-1961", "CVE-2012-1962", "CVE-2012-1963", "CVE-2012-1964", "CVE-2012-1965", "CVE-2012-1966", "CVE-2012-1967");
    
      script_name(english:"FreeBSD : mozilla -- multiple vulnerabilities (dbf338d0-dce5-11e1-b655-14dae9ebcf89)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Mozilla Project reports :
    
    MFSA 2012-42 Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6)
    
    MFSA 2012-43 Incorrect URL displayed in addressbar through drag and
    drop
    
    MFSA 2012-44 Gecko memory corruption
    
    MFSA 2012-45 Spoofing issue with location
    
    MFSA 2012-46 XSS through data: URLs
    
    MFSA 2012-47 Improper filtering of JavaScript in HTML feed-view
    
    MFSA 2012-48 use-after-free in nsGlobalWindow::PageHidden
    
    MFSA 2012-49 Same-compartment Security Wrappers can be bypassed
    
    MFSA 2012-50 Out of bounds read in QCMS
    
    MFSA 2012-51 X-Frame-Options header ignored when duplicated
    
    MFSA 2012-52 JSDependentString::undepend string conversion results in
    memory corruption
    
    MFSA 2012-53 Content Security Policy 1.0 implementation errors cause
    data leakage
    
    MFSA 2012-54 Clickjacking of certificate warning page
    
    MFSA 2012-55 feed: URLs with an innerURI inherit security context of
    page
    
    MFSA 2012-56 Code execution through javascript: URLs"
      );
      # http://www.mozilla.org/security/known-vulnerabilities/
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/known-vulnerabilities/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-42.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-42/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-43.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-43/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-44.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-44/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-45.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-45/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-46.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-46/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-47.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-47/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-48.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-48/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-49.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-49/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-50.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-50/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-51.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-51/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-52.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-52/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-53.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-53/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-54.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-54/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-55.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-55/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-56.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-56/"
      );
      # https://vuxml.freebsd.org/freebsd/dbf338d0-dce5-11e1-b655-14dae9ebcf89.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?fb046024"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:libxul");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:thunderbird");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"firefox>11.0,1<14.0.1,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"firefox<10.0.6,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-firefox<10.0.6,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-seamonkey<2.11")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-thunderbird<10.0.6")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"seamonkey<2.11")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"thunderbird>11.0<14.0")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"thunderbird<10.0.6")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"libxul>1.9.2.*<10.0.6")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-110.NASL
    descriptionSecurity issues were identified and fixed in mozilla firefox and thunderbird : Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2012-1949, CVE-2012-1948). Security researcher Mario Gomes andresearch firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the addressbar by canceling the page load. This causes the address of the previously site entered to be displayed in the addressbar instead of the currently loaded page. This could lead to potential phishing attacks on users (CVE-2012-1950). Google security researcher Abhishek Arya used the Address Sanitizer tool to uncover four issues: two use-after-free problems, one out of bounds read bug, and a bad cast. The first use-after-free problem is caused when an array of nsSMILTimeValueSpec objects is destroyed but attempts are made to call into objects in this array later. The second use-after-free problem is in nsDocument::AdoptNode when it adopts into an empty document and then adopts into another document, emptying the first one. The heap buffer overflow is in ElementAnimations when data is read off of end of an array and then pointers are dereferenced. The bad cast happens when nsTableFrame::InsertFrames is called with frames in aFrameList that are a mix of row group frames and column group frames. AppendFrames is not able to handle this mix. All four of these issues are potentially exploitable (CVE-2012-1951, CVE-2012-1954, CVE-2012-1953, CVE-2012-1952). Security researcher Mariusz Mlynski reported an issue with spoofing of the location property. In this issue, calls to history.forward and history.back are used to navigate to a site while displaying the previous site in the addressbar but changing the baseURI to the newer site. This can be used for phishing by allowing the user input form or other data on the newer, attacking, site while appearing to be on the older, displayed site (CVE-2012-1955). Mozilla security researcher moz_bug_r_a4 reported a cross-site scripting (XSS) attack through the context menu using a data: URL. In this issue, context menu functionality (View Image, Show only this frame, and View background image) are disallowed in a javascript: URL but allowed in a data: URL, allowing for XSS. This can lead to arbitrary code execution (CVE-2012-1966). Security researcher Mario Heiderich reported that JavaScript could be executed in the HTML feed-view using <embed> tag within the RSS <description>. This problem is due to <embed> tags not being filtered out during parsing and can lead to a potential cross-site scripting (XSS) attack. The flaw existed in a parser utility class and could affect other parts of the browser or add-ons which rely on that class to sanitize untrusted input (CVE-2012-1957). Security researcher Arthur Gerkis used the Address Sanitizer tool to find a use-after-free in nsGlobalWindow::PageHidden when mFocusedContent is released and oldFocusedContent is used afterwards. This use-after-free could possibly allow for remote code execution (CVE-2012-1958). Mozilla developer Bobby Holley found that same-compartment security wrappers (SCSW) can be bypassed by passing them to another compartment. Cross-compartment wrappers often do not go through SCSW, but have a filtering policy built into them. When an object is wrapped cross-compartment, the SCSW is stripped off and, when the object is read read back, it is not known that SCSW was previously present, resulting in a bypassing of SCSW. This could result in untrusted content having access to the XBL that implements browser functionality (CVE-2012-1959). Google developer Tony Payne reported an out of bounds (OOB) read in QCMS, Mozillas color management library. With a carefully crafted color profile portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id61963
    published2012-09-06
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61963
    titleMandriva Linux Security Advisory : mozilla (MDVSA-2012:110-1)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2012:110. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61963);
      script_version("1.8");
      script_cvs_date("Date: 2019/08/02 13:32:54");
    
      script_cve_id("CVE-2012-1948", "CVE-2012-1949", "CVE-2012-1950", "CVE-2012-1951", "CVE-2012-1952", "CVE-2012-1953", "CVE-2012-1954", "CVE-2012-1955", "CVE-2012-1957", "CVE-2012-1958", "CVE-2012-1959", "CVE-2012-1960", "CVE-2012-1961", "CVE-2012-1962", "CVE-2012-1963", "CVE-2012-1964", "CVE-2012-1965", "CVE-2012-1966", "CVE-2012-1967");
      script_bugtraq_id(54572, 54573, 54574, 54575, 54577, 54578, 54579, 54580, 54581, 54582, 54583, 54584, 54585, 54586);
      script_xref(name:"MDVSA", value:"2012:110-1");
    
      script_name(english:"Mandriva Linux Security Advisory : mozilla (MDVSA-2012:110-1)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security issues were identified and fixed in mozilla firefox and
    thunderbird :
    
    Mozilla developers identified and fixed several memory safety bugs in
    the browser engine used in Firefox and other Mozilla-based products.
    Some of these bugs showed evidence of memory corruption under certain
    circumstances, and we presume that with enough effort at least some of
    these could be exploited to run arbitrary code (CVE-2012-1949,
    CVE-2012-1948).
    
    Security researcher Mario Gomes andresearch firm Code Audit Labs
    reported a mechanism to short-circuit page loads through drag and drop
    to the addressbar by canceling the page load. This causes the address
    of the previously site entered to be displayed in the addressbar
    instead of the currently loaded page. This could lead to potential
    phishing attacks on users (CVE-2012-1950).
    
    Google security researcher Abhishek Arya used the Address Sanitizer
    tool to uncover four issues: two use-after-free problems, one out of
    bounds read bug, and a bad cast. The first use-after-free problem is
    caused when an array of nsSMILTimeValueSpec objects is destroyed but
    attempts are made to call into objects in this array later. The second
    use-after-free problem is in nsDocument::AdoptNode when it adopts into
    an empty document and then adopts into another document, emptying the
    first one. The heap buffer overflow is in ElementAnimations when data
    is read off of end of an array and then pointers are dereferenced. The
    bad cast happens when nsTableFrame::InsertFrames is called with frames
    in aFrameList that are a mix of row group frames and column group
    frames. AppendFrames is not able to handle this mix. All four of these
    issues are potentially exploitable (CVE-2012-1951, CVE-2012-1954,
    CVE-2012-1953, CVE-2012-1952).
    
    Security researcher Mariusz Mlynski reported an issue with spoofing of
    the location property. In this issue, calls to history.forward and
    history.back are used to navigate to a site while displaying the
    previous site in the addressbar but changing the baseURI to the newer
    site. This can be used for phishing by allowing the user input form or
    other data on the newer, attacking, site while appearing to be on the
    older, displayed site (CVE-2012-1955).
    
    Mozilla security researcher moz_bug_r_a4 reported a cross-site
    scripting (XSS) attack through the context menu using a data: URL. In
    this issue, context menu functionality (View Image, Show only this
    frame, and View background image) are disallowed in a javascript: URL
    but allowed in a data: URL, allowing for XSS. This can lead to
    arbitrary code execution (CVE-2012-1966).
    
    Security researcher Mario Heiderich reported that JavaScript could be
    executed in the HTML feed-view using <embed> tag within the RSS
    <description>. This problem is due to <embed> tags not being filtered
    out during parsing and can lead to a potential cross-site scripting
    (XSS) attack. The flaw existed in a parser utility class and could
    affect other parts of the browser or add-ons which rely on that class
    to sanitize untrusted input (CVE-2012-1957).
    
    Security researcher Arthur Gerkis used the Address Sanitizer tool to
    find a use-after-free in nsGlobalWindow::PageHidden when
    mFocusedContent is released and oldFocusedContent is used afterwards.
    This use-after-free could possibly allow for remote code execution
    (CVE-2012-1958).
    
    Mozilla developer Bobby Holley found that same-compartment security
    wrappers (SCSW) can be bypassed by passing them to another
    compartment. Cross-compartment wrappers often do not go through SCSW,
    but have a filtering policy built into them. When an object is wrapped
    cross-compartment, the SCSW is stripped off and, when the object is
    read read back, it is not known that SCSW was previously present,
    resulting in a bypassing of SCSW. This could result in untrusted
    content having access to the XBL that implements browser functionality
    (CVE-2012-1959).
    
    Google developer Tony Payne reported an out of bounds (OOB) read in
    QCMS, Mozillas color management library. With a carefully crafted
    color profile portions of a user's memory could be incorporated into a
    transformed image and possibly deciphered (CVE-2012-1960).
    
    Bugzilla developer Fredric Buclin reported that the X-Frame-Options
    header is ignored when the value is duplicated, for example
    X-Frame-Options: SAMEORIGIN, SAMEORIGIN. This duplication occurs for
    unknown reasons on some websites and when it occurs results in Mozilla
    browsers not being protected against possible clickjacking attacks on
    those pages (CVE-2012-1961).
    
    Security researcher Bill Keese reported a memory corruption. This is
    caused by JSDependentString::undepend changing a dependent string into
    a fixed string when there are additional dependent strings relying on
    the same base. When the undepend occurs during conversion, the base
    data is freed, leaving other dependent strings with dangling pointers.
    This can lead to a potentially exploitable crash (CVE-2012-1962).
    
    Security researcher Karthikeyan Bhargavan of Prosecco at INRIA
    reported Content Security Policy (CSP) 1.0 implementation errors. CSP
    violation reports generated by Firefox and sent to the report-uri
    location include sensitive data within the blocked-uri parameter.
    These include fragment components and query strings even if the
    blocked-uri parameter has a different origin than the protected
    resource. This can be used to retrieve a user's OAuth 2.0 access
    tokens and OpenID credentials by malicious sites (CVE-2012-1963).
    
    Security Researcher Matt McCutchen reported that a clickjacking attack
    using the certificate warning page. A man-in-the-middle (MITM)
    attacker can use an iframe to display its own certificate error
    warning page (about:certerror) with the Add Exception button of a real
    warning page from a malicious site. This can mislead users to adding a
    certificate exception for a different site than the perceived one.
    This can lead to compromised communications with the user perceived
    site through the MITM attack once the certificate exception has been
    added (CVE-2012-1964).
    
    Security researchers Mario Gomes and Soroush Dalili reported that
    since Mozilla allows the pseudo-protocol feed: to prefix any valid
    URL, it is possible to construct feed:javascript: URLs that will
    execute scripts in some contexts. On some sites it may be possible to
    use this to evade output filtering that would otherwise strip
    javascript: URLs and thus contribute to cross-site scripting (XSS)
    problems on these sites (CVE-2012-1965).
    
    Mozilla security researcher moz_bug_r_a4 reported a arbitrary code
    execution attack using a javascript: URL. The Gecko engine features a
    JavaScript sandbox utility that allows the browser or add-ons to
    safely execute script in the context of a web page. In certain cases,
    javascript: URLs are executed in such a sandbox with insufficient
    context that can allow those scripts to escape from the sandbox and
    run with elevated privilege. This can lead to arbitrary code execution
    (CVE-2012-1967).
    
    The mozilla firefox and thunderbird packages has been upgraded to the
    latest respective versions which is unaffected by these security
    flaws.
    
    Additionally the rootcerts packages has been upgraded to the latest
    version which brings updated root CA data.
    
    Update :
    
    Localization packages for firefox was missing with the MDVSA-2012:110
    advisory and is being provided with this advisory."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-42.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-43.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-44.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-45.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-46.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-47.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-48.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-49.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-50.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-51.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-52.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-53.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-54.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-55.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-af");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ast");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-be");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-bg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-bn_BD");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-bn_IN");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-br");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-bs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ca");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-cs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-cy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-da");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-de");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-el");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-en_GB");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-en_ZA");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-eo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-es_AR");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-es_CL");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-es_ES");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-es_MX");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-et");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-eu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-fa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-fi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-fr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-fy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ga_IE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-gl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-gu_IN");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-he");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-hi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-hr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-hu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-hy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-id");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-is");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-it");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ja");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-kk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-kn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ko");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ku");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-lg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-lt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-lv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-mai");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-mk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-mr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-nb_NO");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-nl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-nn_NO");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-nso");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-or");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-pa_IN");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-pl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-pt_BR");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-pt_PT");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ro");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ru");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-si");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-sk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-sl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-sq");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-sr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-sv_SE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ta");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ta_LK");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-te");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-th");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-tr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-uk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-vi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-zh_CN");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-zh_TW");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-zu");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/07/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2011", reference:"firefox-af-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-ar-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-ast-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-be-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-bg-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-bn_BD-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-bn_IN-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-br-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-bs-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-ca-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-cs-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-cy-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-da-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-de-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-el-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-en_GB-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-en_ZA-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-eo-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-es_AR-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-es_CL-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-es_ES-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-es_MX-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-et-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-eu-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-fa-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-fi-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-fr-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-fy-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-ga_IE-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-gd-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-gl-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-gu_IN-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-he-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-hi-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-hr-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-hu-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-hy-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-id-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-is-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-it-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-ja-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-kk-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-kn-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-ko-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-ku-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-lg-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-lt-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-lv-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-mai-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-mk-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-ml-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-mr-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-nb_NO-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-nl-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-nn_NO-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-nso-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-or-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-pa_IN-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-pl-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-pt_BR-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-pt_PT-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-ro-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-ru-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-si-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-sk-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-sl-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-sq-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-sr-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-sv_SE-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-ta-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-ta_LK-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-te-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-th-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-tr-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-uk-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-vi-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-zh_CN-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-zh_TW-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"firefox-zu-14.0.1-0.1-mdv2011.0", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyWindows
    NASL idSEAMONKEY_211.NASL
    descriptionThe installed version of SeaMonkey is earlier than 2.11.0. Such versions are potentially affected by the following security issues : - Several memory safety issues exist, some of which could potentially allow arbitrary code execution. (CVE-2012-1948, CVE-2012-1949) - Several memory safety issues exist related to the Gecko layout engine. (CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954) - An error related to JavaScript functions
    last seen2020-06-01
    modified2020-06-02
    plugin id60046
    published2012-07-19
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60046
    titleSeaMonkey < 2.11.0 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60046);
      script_version("1.14");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id(
        "CVE-2012-1948",
        "CVE-2012-1949",
        "CVE-2012-1951",
        "CVE-2012-1952",
        "CVE-2012-1953",
        "CVE-2012-1954",
        "CVE-2012-1955",
        "CVE-2012-1957",
        "CVE-2012-1958",
        "CVE-2012-1959",
        "CVE-2012-1960",
        "CVE-2012-1961",
        "CVE-2012-1962",
        "CVE-2012-1963",
        "CVE-2012-1967"
      );
      script_bugtraq_id(
        54572,
        54573,
        54574,
        54575,
        54576,
        54578,
        54580,
        54582,
        54583,
        54584,
        54586
      );
    
      script_name(english:"SeaMonkey < 2.11.0 Multiple Vulnerabilities");
      script_summary(english:"Checks version of SeaMonkey");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a web browser that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of SeaMonkey is earlier than 2.11.0. Such
    versions are potentially affected by the following security issues :
    
      - Several memory safety issues exist, some of which could
        potentially allow arbitrary code execution.
        (CVE-2012-1948, CVE-2012-1949)
    
      - Several memory safety issues exist related to the Gecko
        layout engine. (CVE-2012-1951, CVE-2012-1952,
        CVE-2012-1953, CVE-2012-1954)
    
      - An error related to JavaScript functions
        'history.forward' and 'history.back' can allow
        incorrect URLs to be displayed. (CVE-2012-1955)
    
      - Cross-site scripting attacks are possible due to an
        error related to the '<embed>' tag within an RSS
        '<description>' element. (CVE-2012-1957)
    
      - A use-after-free error exists related to the method
        'nsGlobalWindow::PageHidden'. (CVE-2012-1958)
    
      - An error exists that can allow 'same-compartment
        security wrappers' (SCSW) to be bypassed.
        (CVE-2012-1959)
    
      - An out-of-bounds read error exists related to the color
        management library (QCMS). (CVE-2012-1960)
      
      - The 'X-Frames-Options' header is ignored if it is
        duplicated. (CVE-2012-1961)
    
      - A memory corruption error exists related to the method
        'JSDependentString::undepend'. (CVE-2012-1962)
    
      - An error related to the 'Content Security Policy' (CSP)
        implementation can allow the disclosure of OAuth 2.0
        access tokens and OpenID credentials. (CVE-2012-1963)
    
      - An error exists related to the 'javascript:' URL that
        can allow scripts to run at elevated privileges outside
        the sandbox. (CVE-2012-1967)");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-42/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-44/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-45/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-47/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-48/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-49/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-50/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-51/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-52/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-53/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-56/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to SeaMonkey 2.11.0 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-1967");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/07/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/19");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:seamonkey");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("SeaMonkey/Version");
    
      exit(0);
    }
     
    include("mozilla_version.inc");
    port = get_kb_item("SMB/transport");
    if (!port) port = 445;
    
    installs = get_kb_list("SMB/SeaMonkey/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "SeaMonkey");
    
    mozilla_check_version(installs:installs, product:'seamonkey', fix:'2.11.0', severity:SECURITY_HOLE, xss:TRUE);
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-443.NASL
    descriptionMozilla Thunderbird was updated to version 14.0 (bnc#771583) - MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous memory safety hazards - MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-20 12-1952 Gecko memory corruption - MFSA 2012-45/CVE-2012-1955 (bmo#757376) Spoofing issue with location - MFSA 2012-47/CVE-2012-1957 (bmo#750096) Improper filtering of JavaScript in HTML feed-view - MFSA 2012-48/CVE-2012-1958 (bmo#750820) use-after-free in nsGlobalWindow::PageHidden - MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559) Same-compartment Security Wrappers can be bypassed - MFSA 2012-50/CVE-2012-1960 (bmo#761014) Out of bounds read in QCMS - MFSA 2012-51/CVE-2012-1961 (bmo#761655) X-Frame-Options header ignored when duplicated - MFSA 2012-52/CVE-2012-1962 (bmo#764296) JSDependentString::undepend string conversion results in memory corruption - MFSA 2012-53/CVE-2012-1963 (bmo#767778) Content Security Policy 1.0 implementation errors cause data leakage - MFSA 2012-56/CVE-2012-1967 (bmo#758344) Code execution through javascript: URLs - relicensed to MPL-2.0 - update Enigmail to 1.4.3 - no crashreport on %arm, fixing build
    last seen2020-06-05
    modified2014-06-13
    plugin id74691
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74691
    titleopenSUSE Security Update : MozillaThunderbird (openSUSE-SU-2012:0917-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2012-443.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74691);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-1948", "CVE-2012-1949", "CVE-2012-1951", "CVE-2012-1953", "CVE-2012-1954", "CVE-2012-1955", "CVE-2012-1957", "CVE-2012-1958", "CVE-2012-1959", "CVE-2012-1960", "CVE-2012-1961", "CVE-2012-1962", "CVE-2012-1963", "CVE-2012-1967");
    
      script_name(english:"openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2012:0917-1)");
      script_summary(english:"Check for the openSUSE-2012-443 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Mozilla Thunderbird was updated to version 14.0 (bnc#771583)
    
      - MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous
        memory safety hazards
    
      - MFSA
        2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-20
        12-1952 Gecko memory corruption
    
      - MFSA 2012-45/CVE-2012-1955 (bmo#757376) Spoofing issue
        with location
    
      - MFSA 2012-47/CVE-2012-1957 (bmo#750096) Improper
        filtering of JavaScript in HTML feed-view
    
      - MFSA 2012-48/CVE-2012-1958 (bmo#750820) use-after-free
        in nsGlobalWindow::PageHidden
    
      - MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559)
        Same-compartment Security Wrappers can be bypassed
    
      - MFSA 2012-50/CVE-2012-1960 (bmo#761014) Out of bounds
        read in QCMS
    
      - MFSA 2012-51/CVE-2012-1961 (bmo#761655) X-Frame-Options
        header ignored when duplicated
    
      - MFSA 2012-52/CVE-2012-1962 (bmo#764296)
        JSDependentString::undepend string conversion results in
        memory corruption
    
      - MFSA 2012-53/CVE-2012-1963 (bmo#767778) Content Security
        Policy 1.0 implementation errors cause data leakage
    
      - MFSA 2012-56/CVE-2012-1967 (bmo#758344) Code execution
        through javascript: URLs
    
      - relicensed to MPL-2.0
    
      - update Enigmail to 1.4.3
    
      - no crashreport on %arm, fixing build"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=771583"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2012-07/msg00050.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected MozillaThunderbird packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/07/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-14.0-33.26.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-buildsymbols-14.0-33.26.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-debuginfo-14.0-33.26.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-debugsource-14.0-33.26.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-devel-14.0-33.26.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-devel-debuginfo-14.0-33.26.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-translations-common-14.0-33.26.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-translations-other-14.0-33.26.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"enigmail-1.4.3+14.0-33.26.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"enigmail-debuginfo-1.4.3+14.0-33.26.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"MozillaThunderbird-14.0-33.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"MozillaThunderbird-buildsymbols-14.0-33.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"MozillaThunderbird-debuginfo-14.0-33.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"MozillaThunderbird-debugsource-14.0-33.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"MozillaThunderbird-devel-14.0-33.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"MozillaThunderbird-devel-debuginfo-14.0-33.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"MozillaThunderbird-translations-common-14.0-33.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"MozillaThunderbird-translations-other-14.0-33.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"enigmail-1.4.3+14.0-33.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"enigmail-debuginfo-1.4.3+14.0-33.26.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaThunderbird");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1510-1.NASL
    descriptionBenoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-1948, CVE-2012-1949) Abhishek Arya discovered four memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954) Mariusz Mlynski discovered that the address bar may be incorrectly updated. Calls to history.forward and history.back could be used to navigate to a site while the address bar still displayed the previous site. A remote attacker could exploit this to conduct phishing attacks. (CVE-2012-1955) Mario Heiderich discovered that HTML <embed> tags were not filtered out of the HTML <description> of RSS feeds. A remote attacker could exploit this to conduct cross-site scripting (XSS) attacks via JavaScript execution in the HTML feed view. (CVE-2012-1957) Arthur Gerkis discovered a use-after-free vulnerability. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-1958) Bobby Holley discovered that same-compartment security wrappers (SCSW) could be bypassed to allow XBL access. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to execute code with the privileges of the user invoking Thunderbird. (CVE-2012-1959) Tony Payne discovered an out-of-bounds memory read in Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id60014
    published2012-07-18
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60014
    titleUbuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1510-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1510-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60014);
      script_version("1.15");
      script_cvs_date("Date: 2019/09/19 12:54:28");
    
      script_cve_id("CVE-2012-1948", "CVE-2012-1949", "CVE-2012-1951", "CVE-2012-1952", "CVE-2012-1953", "CVE-2012-1954", "CVE-2012-1955", "CVE-2012-1957", "CVE-2012-1958", "CVE-2012-1959", "CVE-2012-1960", "CVE-2012-1961", "CVE-2012-1962", "CVE-2012-1963", "CVE-2012-1967");
      script_bugtraq_id(54572, 54573, 54574, 54575, 54576, 54578, 54580, 54583, 54584, 54586);
      script_xref(name:"USN", value:"1510-1");
    
      script_name(english:"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1510-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian
    Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle
    Huey discovered memory safety issues affecting Thunderbird. If the
    user were tricked into opening a specially crafted page, an attacker
    could possibly exploit these to cause a denial of service via
    application crash, or potentially execute code with the privileges of
    the user invoking Thunderbird. (CVE-2012-1948, CVE-2012-1949)
    
    Abhishek Arya discovered four memory safety issues affecting
    Thunderbird. If the user were tricked into opening a specially crafted
    page, an attacker could possibly exploit these to cause a denial of
    service via application crash, or potentially execute code with the
    privileges of the user invoking Thunderbird. (CVE-2012-1951,
    CVE-2012-1952, CVE-2012-1953, CVE-2012-1954)
    
    Mariusz Mlynski discovered that the address bar may be incorrectly
    updated. Calls to history.forward and history.back could be used to
    navigate to a site while the address bar still displayed the previous
    site. A remote attacker could exploit this to conduct phishing
    attacks. (CVE-2012-1955)
    
    Mario Heiderich discovered that HTML <embed> tags were not filtered
    out of the HTML <description> of RSS feeds. A remote attacker could
    exploit this to conduct cross-site scripting (XSS) attacks via
    JavaScript execution in the HTML feed view. (CVE-2012-1957)
    
    Arthur Gerkis discovered a use-after-free vulnerability. If the user
    were tricked into opening a specially crafted page, an attacker could
    possibly exploit this to cause a denial of service via application
    crash, or potentially execute code with the privileges of the user
    invoking Thunderbird. (CVE-2012-1958)
    
    Bobby Holley discovered that same-compartment security wrappers (SCSW)
    could be bypassed to allow XBL access. If the user were tricked into
    opening a specially crafted page, an attacker could possibly exploit
    this to execute code with the privileges of the user invoking
    Thunderbird. (CVE-2012-1959)
    
    Tony Payne discovered an out-of-bounds memory read in Mozilla's color
    management library (QCMS). If the user were tricked into opening a
    specially crafted color profile, an attacker could possibly exploit
    this to cause a denial of service via application crash.
    (CVE-2012-1960)
    
    Frederic Buclin discovered that the X-Frame-Options header was
    ignored when its value was specified multiple times. An attacker could
    exploit this to conduct clickjacking attacks. (CVE-2012-1961)
    
    Bill Keese discovered a memory corruption vulnerability. If the user
    were tricked into opening a specially crafted page, an attacker could
    possibly exploit this to cause a denial of service via application
    crash, or potentially execute code with the privileges of the user
    invoking Thunderbird. (CVE-2012-1962)
    
    Karthikeyan Bhargavan discovered an information leakage vulnerability
    in the Content Security Policy (CSP) 1.0 implementation. If the user
    were tricked into opening a specially crafted page, an attacker could
    possibly exploit this to access a user's OAuth 2.0 access tokens and
    OpenID credentials. (CVE-2012-1963)
    
    It was discovered that the execution of javascript: URLs was not
    properly handled in some cases. A remote attacker could exploit this
    to execute code with the privileges of the user invoking Thunderbird.
    (CVE-2012-1967).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1510-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected thunderbird package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:thunderbird");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/07/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04|11\.04|11\.10|12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 11.04 / 11.10 / 12.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"thunderbird", pkgver:"14.0+build1-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"11.04", pkgname:"thunderbird", pkgver:"14.0+build1-0ubuntu0.11.04.1")) flag++;
    if (ubuntu_check(osver:"11.10", pkgname:"thunderbird", pkgver:"14.0+build1-0ubuntu0.11.10.1")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"thunderbird", pkgver:"14.0+build1-0ubuntu0.12.04.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-410.NASL
    descriptionMozillaFirefox was updated to 14.0.1 to fix various bugs and security issues. Following security issues were fixed: MFSA 2012-42: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. CVE-2012-1949: Brian Smith, Gary Kwong, Christian Holler, Jesse Ruderman, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey reported memory safety problems and crashes that affect Firefox 13. CVE-2012-1948: Benoit Jacob, Jesse Ruderman, Christian Holler, and Bill McCloskey reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 13. MFSA 2012-43 / CVE-2012-1950: Security researcher Mario Gomes andresearch firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the addressbar by canceling the page load. This causes the address of the previously site entered to be displayed in the addressbar instead of the currently loaded page. This could lead to potential phishing attacks on users. MFSA 2012-44 Google security researcher Abhishek Arya used the Address Sanitizer tool to uncover four issues: two use-after-free problems, one out of bounds read bug, and a bad cast. The first use-after-free problem is caused when an array of nsSMILTimeValueSpec objects is destroyed but attempts are made to call into objects in this array later. The second use-after-free problem is in nsDocument::AdoptNode when it adopts into an empty document and then adopts into another document, emptying the first one. The heap buffer overflow is in ElementAnimations when data is read off of end of an array and then pointers are dereferenced. The bad cast happens when nsTableFrame::InsertFrames is called with frames in aFrameList that are a mix of row group frames and column group frames. AppendFrames is not able to handle this mix. All four of these issues are potentially exploitable. CVE-2012-1951: Heap-use-after-free in nsSMILTimeValueSpec::IsEventBased CVE-2012-1954: Heap-use-after-free in nsDocument::AdoptNode CVE-2012-1953: Out of bounds read in ElementAnimations::EnsureStyleRuleFor CVE-2012-1952: Bad cast in nsTableFrame::InsertFrames MFSA 2012-45 / CVE-2012-1955: Security researcher Mariusz Mlynski reported an issue with spoofing of the location property. In this issue, calls to history.forward and history.back are used to navigate to a site while displaying the previous site in the addressbar but changing the baseURI to the newer site. This can be used for phishing by allowing the user input form or other data on the newer, attacking, site while appearing to be on the older, displayed site. MFSA 2012-46 / CVE-2012-1966: Mozilla security researcher moz_bug_r_a4 reported a cross-site scripting (XSS) attack through the context menu using a data: URL. In this issue, context menu functionality (
    last seen2020-06-05
    modified2014-06-13
    plugin id74687
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74687
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:0899-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2012-410.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74687);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-1948", "CVE-2012-1949", "CVE-2012-1950", "CVE-2012-1951", "CVE-2012-1952", "CVE-2012-1953", "CVE-2012-1954", "CVE-2012-1955", "CVE-2012-1957", "CVE-2012-1958", "CVE-2012-1959", "CVE-2012-1960", "CVE-2012-1961", "CVE-2012-1962", "CVE-2012-1963", "CVE-2012-1964", "CVE-2012-1965", "CVE-2012-1966", "CVE-2012-1967");
    
      script_name(english:"openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:0899-1)");
      script_summary(english:"Check for the openSUSE-2012-410 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "MozillaFirefox was updated to 14.0.1 to fix various bugs and security
    issues.
    
    Following security issues were fixed: MFSA 2012-42: Mozilla developers
    identified and fixed several memory safety bugs in the browser engine
    used in Firefox and other Mozilla-based products. Some of these bugs
    showed evidence of memory corruption under certain circumstances, and
    we presume that with enough effort at least some of these could be
    exploited to run arbitrary code.
    
    CVE-2012-1949: Brian Smith, Gary Kwong, Christian Holler, Jesse
    Ruderman, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey
    reported memory safety problems and crashes that affect Firefox 13.
    
    CVE-2012-1948: Benoit Jacob, Jesse Ruderman, Christian Holler, and
    Bill McCloskey reported memory safety problems and crashes that affect
    Firefox ESR 10 and Firefox 13.
    
    MFSA 2012-43 / CVE-2012-1950: Security researcher Mario Gomes
    andresearch firm Code Audit Labs reported a mechanism to short-circuit
    page loads through drag and drop to the addressbar by canceling the
    page load. This causes the address of the previously site entered to
    be displayed in the addressbar instead of the currently loaded page.
    This could lead to potential phishing attacks on users. 
    
    MFSA 2012-44 Google security researcher Abhishek Arya used the Address
    Sanitizer tool to uncover four issues: two use-after-free problems,
    one out of bounds read bug, and a bad cast. The first use-after-free
    problem is caused when an array of nsSMILTimeValueSpec objects is
    destroyed but attempts are made to call into objects in this array
    later. The second use-after-free problem is in nsDocument::AdoptNode
    when it adopts into an empty document and then adopts into another
    document, emptying the first one. The heap buffer overflow is in
    ElementAnimations when data is read off of end of an array and then
    pointers are dereferenced. The bad cast happens when
    nsTableFrame::InsertFrames is called with frames in aFrameList that
    are a mix of row group frames and column group frames. AppendFrames is
    not able to handle this mix.
    
    All four of these issues are potentially exploitable. CVE-2012-1951:
    Heap-use-after-free in nsSMILTimeValueSpec::IsEventBased
    CVE-2012-1954: Heap-use-after-free in nsDocument::AdoptNode
    CVE-2012-1953: Out of bounds read in
    ElementAnimations::EnsureStyleRuleFor CVE-2012-1952: Bad cast in
    nsTableFrame::InsertFrames
    
    MFSA 2012-45 / CVE-2012-1955: Security researcher Mariusz Mlynski
    reported an issue with spoofing of the location property. In this
    issue, calls to history.forward and history.back are used to navigate
    to a site while displaying the previous site in the addressbar but
    changing the baseURI to the newer site. This can be used for phishing
    by allowing the user input form or other data on the newer, attacking,
    site while appearing to be on the older, displayed site. 
    
    MFSA 2012-46 / CVE-2012-1966: Mozilla security researcher moz_bug_r_a4
    reported a cross-site scripting (XSS) attack through the context menu
    using a data: URL. In this issue, context menu functionality ('View
    Image', 'Show only this frame', and 'View background image') are
    disallowed in a javascript: URL but allowed in a data: URL, allowing
    for XSS. This can lead to arbitrary code execution.
    
    MFSA 2012-47 / CVE-2012-1957: Security researcher Mario Heiderich
    reported that JavaScript could be executed in the HTML feed-view using
    <embed> tag within the RSS <description>. This problem is due to
    <embed> tags not being filtered out during parsing and can lead to a
    potential cross-site scripting (XSS) attack. The flaw existed in a
    parser utility class and could affect other parts of the browser or
    add-ons which rely on that class to sanitize untrusted input.
    
    MFSA 2012-48 / CVE-2012-1958: Security researcher Arthur Gerkis used
    the Address Sanitizer tool to find a use-after-free in
    nsGlobalWindow::PageHidden when mFocusedContent is released and
    oldFocusedContent is used afterwards. This use-after-free could
    possibly allow for remote code execution.
    
    MFSA 2012-49 / CVE-2012-1959: Mozilla developer Bobby Holley found
    that same-compartment security wrappers (SCSW) can be bypassed by
    passing them to another compartment. Cross-compartment wrappers often
    do not go through SCSW, but have a filtering policy built into them.
    When an object is wrapped cross-compartment, the SCSW is stripped off
    and, when the object is read read back, it is not known that SCSW was
    previously present, resulting in a bypassing of SCSW. This could
    result in untrusted content having access to the XBL that implements
    browser functionality.
    
    MFSA 2012-50 / CVE-2012-1960: Google developer Tony Payne reported an
    out of bounds (OOB) read in QCMS, Mozilla&rsquo;s color management
    library. With a carefully crafted color profile portions of a user's
    memory could be incorporated into a transformed image and possibly
    deciphered.
    
    MFSA 2012-51 / CVE-2012-1961: Bugzilla developer
    Fr&eacute;d&eacute;ric Buclin reported that the 'X-Frame-Options
    header is ignored when the value is duplicated, for example
    X-Frame-Options: SAMEORIGIN, SAMEORIGIN. This duplication occurs for
    unknown reasons on some websites and when it occurs results in Mozilla
    browsers not being protected against possible clickjacking attacks on
    those pages.
    
    MFSA 2012-52 / CVE-2012-1962: Security researcher Bill Keese reported
    a memory corruption. This is caused by JSDependentString::undepend
    changing a dependent string into a fixed string when there are
    additional dependent strings relying on the same base. When the
    undepend occurs during conversion, the base data is freed, leaving
    other dependent strings with dangling pointers. This can lead to a
    potentially exploitable crash.
    
    MFSA 2012-53 / CVE-2012-1963: Security researcher Karthikeyan
    Bhargavan of Prosecco at INRIA reported Content Security Policy (CSP)
    1.0 implementation errors. CSP violation reports generated by Firefox
    and sent to the 'report-uri' location include sensitive data within
    the 'blocked-uri' parameter. These include fragment components and
    query strings even if the 'blocked-uri' parameter has a different
    origin than the protected resource. This can be used to retrieve a
    user's OAuth 2.0 access tokens and OpenID credentials by malicious
    sites.
    
    MFSA 2012-54 / CVE-2012-1964: Security Researcher Matt McCutchen
    reported that a clickjacking attack using the certificate warning
    page. A man-in-the-middle (MITM) attacker can use an iframe to display
    its own certificate error warning page (about:certerror) with the 'Add
    Exception' button of a real warning page from a malicious site. This
    can mislead users to adding a certificate exception for a different
    site than the perceived one. This can lead to compromised
    communications with the user perceived site through the MITM attack
    once the certificate exception has been added.
    
    MFSA 2012-55 / CVE-2012-1965: Security researchers Mario Gomes and
    Soroush Dalili reported that since Mozilla allows the pseudo-protocol
    feed: to prefix any valid URL, it is possible to construct
    feed:javascript: URLs that will execute scripts in some contexts. On
    some sites it may be possible to use this to evade output filtering
    that would otherwise strip javascript: URLs and thus contribute to
    cross-site scripting (XSS) problems on these sites.
    
    MFSA 2012-56 / CVE-2012-1967: Mozilla security researcher moz_bug_r_a4
    reported a arbitrary code execution attack using a javascript: URL.
    The Gecko engine features a JavaScript sandbox utility that allows the
    browser or add-ons to safely execute script in the context of a web
    page. In certain cases, javascript: URLs are executed in such a
    sandbox with insufficient context that can allow those scripts to
    escape from the sandbox and run with elevated privilege. This can lead
    to arbitrary code execution."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=771583"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2012-07/msg00039.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected MozillaFirefox packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/07/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-14.0.1-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-branding-upstream-14.0.1-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-buildsymbols-14.0.1-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-debuginfo-14.0.1-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-debugsource-14.0.1-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-devel-14.0.1-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-translations-common-14.0.1-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-translations-other-14.0.1-2.33.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_14_0.NASL
    descriptionThe installed version of Thunderbird is earlier than 14.0 and thus, is potentially affected by the following security issues : - Several memory safety issues exist, some of which could potentially allow arbitrary code execution. (CVE-2012-1948, CVE-2012-1949) - Several memory safety issues exist related to the Gecko layout engine. (CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954) - An error related to JavaScript functions
    last seen2020-06-01
    modified2020-06-02
    plugin id60041
    published2012-07-19
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60041
    titleThunderbird < 14.0 Multiple Vulnerabilities (Mac OS X)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60041);
      script_version("1.13");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id(
        "CVE-2012-1948",
        "CVE-2012-1949",
        "CVE-2012-1951",
        "CVE-2012-1952",
        "CVE-2012-1953",
        "CVE-2012-1954",
        "CVE-2012-1955",
        "CVE-2012-1957",
        "CVE-2012-1958",
        "CVE-2012-1959",
        "CVE-2012-1960",
        "CVE-2012-1961",
        "CVE-2012-1962",
        "CVE-2012-1963",
        "CVE-2012-1967"
      );
      script_bugtraq_id(
        54572,
        54573,
        54574,
        54575,
        54576,
        54578,
        54580,
        54582,
        54583,
        54584,
        54586
      );
    
      script_name(english:"Thunderbird < 14.0 Multiple Vulnerabilities (Mac OS X)");
      script_summary(english:"Checks version of Thunderbird");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Mac OS X host contains a mail client that is potentially
    affected by several vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Thunderbird is earlier than 14.0 and thus, 
    is potentially affected by the following security issues :
    
      - Several memory safety issues exist, some of which could
        potentially allow arbitrary code execution.
        (CVE-2012-1948, CVE-2012-1949)
    
      - Several memory safety issues exist related to the Gecko
        layout engine. (CVE-2012-1951, CVE-2012-1952,
        CVE-2012-1953, CVE-2012-1954)
    
      - An error related to JavaScript functions
        'history.forward' and 'history.back' can allow
        incorrect URLs to be displayed. (CVE-2012-1955)
    
      - Cross-site scripting attacks are possible due to an
        error related to the '<embed>' tag within an RSS
        '<description>' element. (CVE-2012-1957)
    
      - A use-after-free error exists related to the method
        'nsGlobalWindow::PageHidden'. (CVE-2012-1958)
    
      - An error exists that can allow 'same-compartment
        security wrappers' (SCSW) to be bypassed.
        (CVE-2012-1959)
    
      - An out-of-bounds read error exists related to the color
        management library (QCMS). (CVE-2012-1960)
      
      - The 'X-Frames-Options' header is ignored if it is
        duplicated. (CVE-2012-1961)
    
      - A memory corruption error exists related to the method
        'JSDependentString::undepend'. (CVE-2012-1962)
    
      - An error related to the 'Content Security Policy' (CSP)
        implementation can allow the disclosure of OAuth 2.0
        access tokens and OpenID credentials. (CVE-2012-1963)
    
      - An error exists related to the 'javascript:' URL that
        can allow scripts to run at elevated privileges outside
        the sandbox. (CVE-2012-1967)");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-42/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-44/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-45/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-47/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-48/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-49/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-50/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-51/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-52/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-53/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-56/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Thunderbird 14.0 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-1967");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/07/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/19");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_thunderbird_installed.nasl");
      script_require_keys("MacOSX/Thunderbird/Installed");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    kb_base = "MacOSX/Thunderbird";
    get_kb_item_or_exit(kb_base+"/Installed");
    
    version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
    path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);
    
    mozilla_check_version(product:'thunderbird', version:version, path:path, esr:FALSE, fix:'14.0', skippat:'^10\\.0\\.', severity:SECURITY_HOLE, xss:TRUE);
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1509-1.NASL
    descriptionBenoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1948, CVE-2012-1949) Mario Gomes discovered that the address bar may be incorrectly updated. Drag-and-drop events in the address bar may cause the address of the previous site to be displayed while a new page is loaded. An attacker could exploit this to conduct phishing attacks. (CVE-2012-1950) Abhishek Arya discovered four memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954) Mariusz Mlynski discovered that the address bar may be incorrectly updated. Calls to history.forward and history.back could be used to navigate to a site while the address bar still displayed the previous site. A remote attacker could exploit this to conduct phishing attacks. (CVE-2012-1955) Mario Heiderich discovered that HTML <embed> tags were not filtered out of the HTML <description> of RSS feeds. A remote attacker could exploit this to conduct cross-site scripting (XSS) attacks via JavaScript execution in the HTML feed view. (CVE-2012-1957) Arthur Gerkis discovered a use-after-free vulnerability. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1958) Bobby Holley discovered that same-compartment security wrappers (SCSW) could be bypassed to allow XBL access. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2012-1959) Tony Payne discovered an out-of-bounds memory read in Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id60012
    published2012-07-18
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60012
    titleUbuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : firefox vulnerabilities (USN-1509-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1509-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60012);
      script_version("1.13");
      script_cvs_date("Date: 2019/09/19 12:54:28");
    
      script_cve_id("CVE-2012-1948", "CVE-2012-1949", "CVE-2012-1950", "CVE-2012-1951", "CVE-2012-1952", "CVE-2012-1953", "CVE-2012-1954", "CVE-2012-1955", "CVE-2012-1957", "CVE-2012-1958", "CVE-2012-1959", "CVE-2012-1960", "CVE-2012-1961", "CVE-2012-1962", "CVE-2012-1963", "CVE-2012-1964", "CVE-2012-1965", "CVE-2012-1966", "CVE-2012-1967");
      script_xref(name:"USN", value:"1509-1");
    
      script_name(english:"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : firefox vulnerabilities (USN-1509-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian
    Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle
    Huey discovered memory safety issues affecting Firefox. If the user
    were tricked into opening a specially crafted page, an attacker could
    possibly exploit these to cause a denial of service via application
    crash, or potentially execute code with the privileges of the user
    invoking Firefox. (CVE-2012-1948, CVE-2012-1949)
    
    Mario Gomes discovered that the address bar may be incorrectly
    updated. Drag-and-drop events in the address bar may cause the address
    of the previous site to be displayed while a new page is loaded. An
    attacker could exploit this to conduct phishing attacks.
    (CVE-2012-1950)
    
    Abhishek Arya discovered four memory safety issues affecting Firefox.
    If the user were tricked into opening a specially crafted page, an
    attacker could possibly exploit these to cause a denial of service via
    application crash, or potentially execute code with the privileges of
    the user invoking Firefox. (CVE-2012-1951, CVE-2012-1952,
    CVE-2012-1953, CVE-2012-1954)
    
    Mariusz Mlynski discovered that the address bar may be incorrectly
    updated. Calls to history.forward and history.back could be used to
    navigate to a site while the address bar still displayed the previous
    site. A remote attacker could exploit this to conduct phishing
    attacks. (CVE-2012-1955)
    
    Mario Heiderich discovered that HTML <embed> tags were not filtered
    out of the HTML <description> of RSS feeds. A remote attacker could
    exploit this to conduct cross-site scripting (XSS) attacks via
    JavaScript execution in the HTML feed view. (CVE-2012-1957)
    
    Arthur Gerkis discovered a use-after-free vulnerability. If the user
    were tricked into opening a specially crafted page, an attacker could
    possibly exploit this to cause a denial of service via application
    crash, or potentially execute code with the privileges of the user
    invoking Firefox. (CVE-2012-1958)
    
    Bobby Holley discovered that same-compartment security wrappers (SCSW)
    could be bypassed to allow XBL access. If the user were tricked into
    opening a specially crafted page, an attacker could possibly exploit
    this to execute code with the privileges of the user invoking Firefox.
    (CVE-2012-1959)
    
    Tony Payne discovered an out-of-bounds memory read in Mozilla's color
    management library (QCMS). If the user were tricked into opening a
    specially crafted color profile, an attacker could possibly exploit
    this to cause a denial of service via application crash.
    (CVE-2012-1960)
    
    Frederic Buclin discovered that the X-Frame-Options header was
    ignored when its value was specified multiple times. An attacker could
    exploit this to conduct clickjacking attacks. (CVE-2012-1961)
    
    Bill Keese discovered a memory corruption vulnerability. If the user
    were tricked into opening a specially crafted page, an attacker could
    possibly exploit this to cause a denial of service via application
    crash, or potentially execute code with the privileges of the user
    invoking Firefox. (CVE-2012-1962)
    
    Karthikeyan Bhargavan discovered an information leakage vulnerability
    in the Content Security Policy (CSP) 1.0 implementation. If the user
    were tricked into opening a specially crafted page, an attacker could
    possibly exploit this to access a user's OAuth 2.0 access tokens and
    OpenID credentials. (CVE-2012-1963)
    
    Matt McCutchen discovered a clickjacking vulnerability in the
    certificate warning page. A remote attacker could trick a user into
    accepting a malicious certificate via a crafted certificate warning
    page. (CVE-2012-1964)
    
    Mario Gomes and Soroush Dalili discovered that JavaScript was not
    filtered out of feed URLs. If the user were tricked into opening a
    specially crafted URL, an attacker could possibly exploit this to
    conduct cross-site scripting (XSS) attacks. (CVE-2012-1965)
    
    A vulnerability was discovered in the context menu of data: URLs. If
    the user were tricked into opening a specially crafted URL, an
    attacker could possibly exploit this to conduct cross-site scripting
    (XSS) attacks. (CVE-2012-1966)
    
    It was discovered that the execution of javascript: URLs was not
    properly handled in some cases. A remote attacker could exploit this
    to execute code with the privileges of the user invoking Firefox.
    (CVE-2012-1967).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1509-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/07/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04|11\.04|11\.10|12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 11.04 / 11.10 / 12.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"firefox", pkgver:"14.0.1+build1-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"11.04", pkgname:"firefox", pkgver:"14.0.1+build1-0ubuntu0.11.04.1")) flag++;
    if (ubuntu_check(osver:"11.10", pkgname:"firefox", pkgver:"14.0.1+build1-0ubuntu0.11.10.1")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"firefox", pkgver:"14.0.1+build1-0ubuntu0.12.04.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
    }
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_FIREFOX_20130129.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation. (CVE-2012-1960) - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2012-1970) - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to garbage collection after certain MethodJIT execution, and unknown other vectors. (CVE-2012-1971) - Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. (CVE-2012-1972) - Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. (CVE-2012-1973) - Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. (CVE-2012-1974) - Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. (CVE-2012-1975) - Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. (CVE-2012-1976) - Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. (CVE-2012-3956) - Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. (CVE-2012-3957) - Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. (CVE-2012-3958) - Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. (CVE-2012-3959) - Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. (CVE-2012-3960) - Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. (CVE-2012-3961) - Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document. (CVE-2012-3962) - Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. (CVE-2012-3963) - Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. (CVE-2012-3964) - Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component. (CVE-2012-3966) - The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site. (CVE-2012-3967) - Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor. (CVE-2012-3968) - Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that triggers an incorrect sum calculation, leading to a heap-based buffer overflow. (CVE-2012-3969) - Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movement of a requiredFeatures attribute from one SVG document to another. (CVE-2012-3970) - The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read. (CVE-2012-3972) - Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory. (CVE-2012-3974) - Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page. (CVE-2012-3976) - The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code. (CVE-2012-3978) - The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation. (CVE-2012-3980)
    last seen2020-06-01
    modified2020-06-02
    plugin id80609
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80609
    titleOracle Solaris Third-Party Patch Update : firefox (multiple_vulnerabilities_in_firefox)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from the Oracle Third Party software advisories.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(80609);
      script_version("1.3");
      script_cvs_date("Date: 2018/11/15 20:50:24");
    
      script_cve_id("CVE-2012-1960", "CVE-2012-1970", "CVE-2012-1971", "CVE-2012-1972", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-1975", "CVE-2012-1976", "CVE-2012-3956", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-3959", "CVE-2012-3960", "CVE-2012-3961", "CVE-2012-3962", "CVE-2012-3963", "CVE-2012-3964", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3968", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3972", "CVE-2012-3974", "CVE-2012-3976", "CVE-2012-3978", "CVE-2012-3980");
    
      script_name(english:"Oracle Solaris Third-Party Patch Update : firefox (multiple_vulnerabilities_in_firefox)");
      script_summary(english:"Check for the 'entire' version.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Solaris system is missing a security patch for third-party
    software."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote Solaris system is missing necessary patches to address
    security updates :
    
      - The qcms_transform_data_rgb_out_lut_sse2 function in the
        QCMS implementation in Mozilla Firefox 4.x through 13.0,
        Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11
        might allow remote attackers to obtain sensitive
        information from process memory via a crafted color
        profile that triggers an out-of-bounds read operation.
        (CVE-2012-1960)
    
      - Multiple unspecified vulnerabilities in the browser
        engine in Mozilla Firefox before 15.0, Firefox ESR 10.x
        before 10.0.7, Thunderbird before 15.0, Thunderbird ESR
        10.x before 10.0.7, and SeaMonkey before 2.12 allow
        remote attackers to cause a denial of service (memory
        corruption and application crash) or possibly execute
        arbitrary code via unknown vectors. (CVE-2012-1970)
    
      - Multiple unspecified vulnerabilities in the browser
        engine in Mozilla Firefox before 15.0, Thunderbird
        before 15.0, and SeaMonkey before 2.12 allow remote
        attackers to cause a denial of service (memory
        corruption and application crash) or possibly execute
        arbitrary code via vectors related to garbage collection
        after certain MethodJIT execution, and unknown other
        vectors. (CVE-2012-1971)
    
      - Use-after-free vulnerability in the
        nsHTMLEditor::CollapseAdjacentTextNodes function in
        Mozilla Firefox before 15.0, Firefox ESR 10.x before
        10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x
        before 10.0.7, and SeaMonkey before 2.12 allows remote
        attackers to execute arbitrary code or cause a denial of
        service (heap memory corruption) via unspecified
        vectors. (CVE-2012-1972)
    
      - Use-after-free vulnerability in the
        nsObjectLoadingContent::LoadObject function in Mozilla
        Firefox before 15.0, Firefox ESR 10.x before 10.0.7,
        Thunderbird before 15.0, Thunderbird ESR 10.x before
        10.0.7, and SeaMonkey before 2.12 allows remote
        attackers to execute arbitrary code or cause a denial of
        service (heap memory corruption) via unspecified
        vectors. (CVE-2012-1973)
    
      - Use-after-free vulnerability in the
        gfxTextRun::CanBreakLineBefore function in Mozilla
        Firefox before 15.0, Firefox ESR 10.x before 10.0.7,
        Thunderbird before 15.0, Thunderbird ESR 10.x before
        10.0.7, and SeaMonkey before 2.12 allows remote
        attackers to execute arbitrary code or cause a denial of
        service (heap memory corruption) via unspecified
        vectors. (CVE-2012-1974)
    
      - Use-after-free vulnerability in the
        PresShell::CompleteMove function in Mozilla Firefox
        before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird
        before 15.0, Thunderbird ESR 10.x before 10.0.7, and
        SeaMonkey before 2.12 allows remote attackers to execute
        arbitrary code or cause a denial of service (heap memory
        corruption) via unspecified vectors. (CVE-2012-1975)
    
      - Use-after-free vulnerability in the
        nsHTMLSelectElement::SubmitNamesValues function in
        Mozilla Firefox before 15.0, Firefox ESR 10.x before
        10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x
        before 10.0.7, and SeaMonkey before 2.12 allows remote
        attackers to execute arbitrary code or cause a denial of
        service (heap memory corruption) via unspecified
        vectors. (CVE-2012-1976)
    
      - Use-after-free vulnerability in the
        MediaStreamGraphThreadRunnable::Run function in Mozilla
        Firefox before 15.0, Firefox ESR 10.x before 10.0.7,
        Thunderbird before 15.0, Thunderbird ESR 10.x before
        10.0.7, and SeaMonkey before 2.12 allows remote
        attackers to execute arbitrary code or cause a denial of
        service (heap memory corruption) via unspecified
        vectors. (CVE-2012-3956)
    
      - Heap-based buffer overflow in the
        nsBlockFrame::MarkLineDirty function in Mozilla Firefox
        before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird
        before 15.0, Thunderbird ESR 10.x before 10.0.7, and
        SeaMonkey before 2.12 allows remote attackers to execute
        arbitrary code via unspecified vectors. (CVE-2012-3957)
    
      - Use-after-free vulnerability in the
        nsHTMLEditRules::DeleteNonTableElements function in
        Mozilla Firefox before 15.0, Firefox ESR 10.x before
        10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x
        before 10.0.7, and SeaMonkey before 2.12 allows remote
        attackers to execute arbitrary code or cause a denial of
        service (heap memory corruption) via unspecified
        vectors. (CVE-2012-3958)
    
      - Use-after-free vulnerability in the
        nsRangeUpdater::SelAdjDeleteNode function in Mozilla
        Firefox before 15.0, Firefox ESR 10.x before 10.0.7,
        Thunderbird before 15.0, Thunderbird ESR 10.x before
        10.0.7, and SeaMonkey before 2.12 allows remote
        attackers to execute arbitrary code or cause a denial of
        service (heap memory corruption) via unspecified
        vectors. (CVE-2012-3959)
    
      - Use-after-free vulnerability in the
        mozSpellChecker::SetCurrentDictionary function in
        Mozilla Firefox before 15.0, Firefox ESR 10.x before
        10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x
        before 10.0.7, and SeaMonkey before 2.12 allows remote
        attackers to execute arbitrary code or cause a denial of
        service (heap memory corruption) via unspecified
        vectors. (CVE-2012-3960)
    
      - Use-after-free vulnerability in the RangeData
        implementation in Mozilla Firefox before 15.0, Firefox
        ESR 10.x before 10.0.7, Thunderbird before 15.0,
        Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before
        2.12 allows remote attackers to execute arbitrary code
        or cause a denial of service (heap memory corruption)
        via unspecified vectors. (CVE-2012-3961)
    
      - Mozilla Firefox before 15.0, Firefox ESR 10.x before
        10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x
        before 10.0.7, and SeaMonkey before 2.12 do not properly
        iterate through the characters in a text run, which
        allows remote attackers to execute arbitrary code via a
        crafted document. (CVE-2012-3962)
    
      - Use-after-free vulnerability in the
        js::gc::MapAllocToTraceKind function in Mozilla Firefox
        before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird
        before 15.0, Thunderbird ESR 10.x before 10.0.7, and
        SeaMonkey before 2.12 allows remote attackers to execute
        arbitrary code via unspecified vectors. (CVE-2012-3963)
    
      - Use-after-free vulnerability in the
        gfxTextRun::GetUserData function in Mozilla Firefox
        before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird
        before 15.0, Thunderbird ESR 10.x before 10.0.7, and
        SeaMonkey before 2.12 allows remote attackers to execute
        arbitrary code or cause a denial of service (heap memory
        corruption) via unspecified vectors. (CVE-2012-3964)
    
      - Mozilla Firefox before 15.0, Firefox ESR 10.x before
        10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x
        before 10.0.7, and SeaMonkey before 2.12 allow remote
        attackers to execute arbitrary code or cause a denial of
        service (memory corruption) via a negative height value
        in a BMP image within a .ICO file, related to (1)
        improper handling of the transparency bitmask by the
        nsICODecoder component and (2) improper processing of
        the alpha channel by the nsBMPDecoder component.
        (CVE-2012-3966)
    
      - The WebGL implementation in Mozilla Firefox before 15.0,
        Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0,
        Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before
        2.12 on Linux, when a large number of sampler uniforms
        are used, does not properly interact with Mesa drivers,
        which allows remote attackers to execute arbitrary code
        or cause a denial of service (stack memory corruption)
        via a crafted web site. (CVE-2012-3967)
    
      - Use-after-free vulnerability in the WebGL implementation
        in Mozilla Firefox before 15.0, Firefox ESR 10.x before
        10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x
        before 10.0.7, and SeaMonkey before 2.12 allows remote
        attackers to execute arbitrary code via vectors related
        to deletion of a fragment shader by its accessor.
        (CVE-2012-3968)
    
      - Integer overflow in the nsSVGFEMorphologyElement::Filter
        function in Mozilla Firefox before 15.0, Firefox ESR
        10.x before 10.0.7, Thunderbird before 15.0, Thunderbird
        ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows
        remote attackers to execute arbitrary code via a crafted
        SVG filter that triggers an incorrect sum calculation,
        leading to a heap-based buffer overflow. (CVE-2012-3969)
    
      - Use-after-free vulnerability in the
        nsTArray_base::Length function in Mozilla Firefox before
        15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before
        15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey
        before 2.12 allows remote attackers to execute arbitrary
        code or cause a denial of service (heap memory
        corruption) via vectors involving movement of a
        requiredFeatures attribute from one SVG document to
        another. (CVE-2012-3970)
    
      - The format-number functionality in the XSLT
        implementation in Mozilla Firefox before 15.0, Firefox
        ESR 10.x before 10.0.7, Thunderbird before 15.0,
        Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before
        2.12 allows remote attackers to obtain sensitive
        information via unspecified vectors that trigger a
        heap-based buffer over-read. (CVE-2012-3972)
    
      - Untrusted search path vulnerability in the installer in
        Mozilla Firefox before 15.0, Firefox ESR 10.x before
        10.0.7, Thunderbird before 15.0, and Thunderbird ESR
        10.x before 10.0.7 on Windows allows local users to gain
        privileges via a Trojan horse executable file in a root
        directory. (CVE-2012-3974)
    
      - Mozilla Firefox before 15.0, Firefox ESR 10.x before
        10.0.7, and SeaMonkey before 2.12 do not properly handle
        onLocationChange events during navigation between
        different https sites, which allows remote attackers to
        spoof the X.509 certificate information in the address
        bar via a crafted web page. (CVE-2012-3976)
    
      - The nsLocation::CheckURL function in Mozilla Firefox
        before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird
        before 15.0, Thunderbird ESR 10.x before 10.0.7, and
        SeaMonkey before 2.12 does not properly follow the
        security model of the location object, which allows
        remote attackers to bypass intended content-loading
        restrictions or possibly have unspecified other impact
        via vectors involving chrome code. (CVE-2012-3978)
    
      - The web console in Mozilla Firefox before 15.0, Firefox
        ESR 10.x before 10.0.7, Thunderbird before 15.0, and
        Thunderbird ESR 10.x before 10.0.7 allows user-assisted
        remote attackers to execute arbitrary JavaScript code
        with chrome privileges via a crafted web site that
        injects this code and triggers an eval operation.
        (CVE-2012-3980)"
      );
      # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4a913f44"
      );
      # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-firefox
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0b64121e"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.1.2.5.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:firefox");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Solaris11/release");
    if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11");
    pkg_list = solaris_pkg_list_leaves();
    if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages");
    
    if (empty_or_null(egrep(string:pkg_list, pattern:"^firefox$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
    
    flag = 0;
    
    if (solaris_check_release(release:"0.5.11-0.175.1.2.0.5.0", sru:"SRU 2.5") > 0) flag++;
    
    if (flag)
    {
      error_extra = 'Affected package : firefox\n' + solaris_get_report2();
      error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra);
      if (report_verbosity > 0) security_hole(port:0, extra:error_extra);
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_PACKAGE_NOT_AFFECTED, "firefox");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201301-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id63402
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63402
    titleGLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201301-01.
    #
    # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63402);
      script_version("1.27");
      script_cvs_date("Date: 2020/02/12");
    
      script_cve_id("CVE-2007-1861", "CVE-2007-2437", "CVE-2007-2671", "CVE-2007-3073", "CVE-2008-0016", "CVE-2008-0017", "CVE-2008-0367", "CVE-2008-3835", "CVE-2008-3836", "CVE-2008-3837", "CVE-2008-4058", "CVE-2008-4059", "CVE-2008-4060", "CVE-2008-4061", "CVE-2008-4062", "CVE-2008-4063", "CVE-2008-4064", "CVE-2008-4065", "CVE-2008-4066", "CVE-2008-4067", "CVE-2008-4068", "CVE-2008-4069", "CVE-2008-4070", "CVE-2008-4582", "CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5014", "CVE-2008-5015", "CVE-2008-5016", "CVE-2008-5017", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5021", "CVE-2008-5022", "CVE-2008-5023", "CVE-2008-5024", "CVE-2008-5052", "CVE-2008-5500", "CVE-2008-5501", "CVE-2008-5502", "CVE-2008-5503", "CVE-2008-5504", "CVE-2008-5505", "CVE-2008-5506", "CVE-2008-5507", "CVE-2008-5508", "CVE-2008-5510", "CVE-2008-5511", "CVE-2008-5512", "CVE-2008-5513", "CVE-2008-5822", "CVE-2008-5913", "CVE-2008-6961", "CVE-2009-0071", "CVE-2009-0352", "CVE-2009-0353", "CVE-2009-0354", "CVE-2009-0355", "CVE-2009-0356", "CVE-2009-0357", "CVE-2009-0358", "CVE-2009-0652", "CVE-2009-0689", "CVE-2009-0771", "CVE-2009-0772", "CVE-2009-0773", "CVE-2009-0774", "CVE-2009-0775", "CVE-2009-0776", "CVE-2009-0777", "CVE-2009-1044", "CVE-2009-1169", "CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305", "CVE-2009-1306", "CVE-2009-1307", "CVE-2009-1308", "CVE-2009-1309", "CVE-2009-1310", "CVE-2009-1311", "CVE-2009-1312", "CVE-2009-1313", "CVE-2009-1392", "CVE-2009-1571", "CVE-2009-1828", "CVE-2009-1832", "CVE-2009-1833", "CVE-2009-1834", "CVE-2009-1835", "CVE-2009-1836", "CVE-2009-1837", "CVE-2009-1838", "CVE-2009-1839", "CVE-2009-1840", "CVE-2009-1841", "CVE-2009-2043", "CVE-2009-2044", "CVE-2009-2061", "CVE-2009-2065", "CVE-2009-2210", "CVE-2009-2404", "CVE-2009-2408", "CVE-2009-2462", "CVE-2009-2463", "CVE-2009-2464", "CVE-2009-2465", "CVE-2009-2466", "CVE-2009-2467", "CVE-2009-2469", "CVE-2009-2470", "CVE-2009-2471", "CVE-2009-2472", "CVE-2009-2477", "CVE-2009-2478", "CVE-2009-2479", "CVE-2009-2535", "CVE-2009-2654", "CVE-2009-2662", "CVE-2009-2664", "CVE-2009-2665", "CVE-2009-3069", "CVE-2009-3070", "CVE-2009-3071", "CVE-2009-3072", "CVE-2009-3074", "CVE-2009-3075", "CVE-2009-3076", "CVE-2009-3077", "CVE-2009-3078", "CVE-2009-3079", "CVE-2009-3274", "CVE-2009-3371", "CVE-2009-3372", "CVE-2009-3373", "CVE-2009-3374", "CVE-2009-3375", "CVE-2009-3376", "CVE-2009-3377", "CVE-2009-3378", "CVE-2009-3379", "CVE-2009-3380", "CVE-2009-3381", "CVE-2009-3382", "CVE-2009-3383", "CVE-2009-3388", "CVE-2009-3389", "CVE-2009-3555", "CVE-2009-3978", "CVE-2009-3979", "CVE-2009-3980", "CVE-2009-3981", "CVE-2009-3982", "CVE-2009-3983", "CVE-2009-3984", "CVE-2009-3985", "CVE-2009-3986", "CVE-2009-3987", "CVE-2009-3988", "CVE-2010-0159", "CVE-2010-0160", "CVE-2010-0162", "CVE-2010-0163", "CVE-2010-0164", "CVE-2010-0165", "CVE-2010-0166", "CVE-2010-0167", "CVE-2010-0168", "CVE-2010-0169", "CVE-2010-0170", "CVE-2010-0171", "CVE-2010-0172", "CVE-2010-0173", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0176", "CVE-2010-0177", "CVE-2010-0178", "CVE-2010-0179", "CVE-2010-0181", "CVE-2010-0182", "CVE-2010-0183", "CVE-2010-0220", "CVE-2010-0648", "CVE-2010-0654", "CVE-2010-1028", "CVE-2010-1121", "CVE-2010-1125", "CVE-2010-1196", "CVE-2010-1197", "CVE-2010-1198", "CVE-2010-1199", "CVE-2010-1200", "CVE-2010-1201", "CVE-2010-1202", "CVE-2010-1203", "CVE-2010-1205", "CVE-2010-1206", "CVE-2010-1207", "CVE-2010-1208", "CVE-2010-1209", "CVE-2010-1210", "CVE-2010-1211", "CVE-2010-1212", "CVE-2010-1213", "CVE-2010-1214", "CVE-2010-1215", "CVE-2010-1585", "CVE-2010-2751", "CVE-2010-2752", "CVE-2010-2753", "CVE-2010-2754", "CVE-2010-2755", "CVE-2010-2760", "CVE-2010-2762", "CVE-2010-2763", "CVE-2010-2764", "CVE-2010-2765", "CVE-2010-2766", "CVE-2010-2767", "CVE-2010-2768", "CVE-2010-2769", "CVE-2010-2770", "CVE-2010-3131", "CVE-2010-3166", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-3169", "CVE-2010-3170", "CVE-2010-3171", "CVE-2010-3173", "CVE-2010-3174", "CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3399", "CVE-2010-3400", "CVE-2010-3765", "CVE-2010-3766", "CVE-2010-3767", "CVE-2010-3768", "CVE-2010-3769", "CVE-2010-3770", "CVE-2010-3771", "CVE-2010-3772", "CVE-2010-3773", "CVE-2010-3774", "CVE-2010-3775", "CVE-2010-3776", "CVE-2010-3777", "CVE-2010-3778", "CVE-2010-4508", "CVE-2010-5074", "CVE-2011-0051", "CVE-2011-0053", "CVE-2011-0054", "CVE-2011-0055", "CVE-2011-0056", "CVE-2011-0057", "CVE-2011-0058", "CVE-2011-0059", "CVE-2011-0061", "CVE-2011-0062", "CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0068", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0076", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0079", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-0082", "CVE-2011-0083", "CVE-2011-0084", "CVE-2011-0085", "CVE-2011-1187", "CVE-2011-1202", "CVE-2011-1712", "CVE-2011-2362", "CVE-2011-2363", "CVE-2011-2364", "CVE-2011-2365", "CVE-2011-2369", "CVE-2011-2370", "CVE-2011-2371", "CVE-2011-2372", "CVE-2011-2373", "CVE-2011-2374", "CVE-2011-2375", "CVE-2011-2376", "CVE-2011-2377", "CVE-2011-2378", "CVE-2011-2605", "CVE-2011-2980", "CVE-2011-2981", "CVE-2011-2982", "CVE-2011-2983", "CVE-2011-2984", "CVE-2011-2985", "CVE-2011-2986", "CVE-2011-2987", "CVE-2011-2988", "CVE-2011-2989", "CVE-2011-2990", "CVE-2011-2991", "CVE-2011-2993", "CVE-2011-2995", "CVE-2011-2996", "CVE-2011-2997", "CVE-2011-2998", "CVE-2011-2999", "CVE-2011-3000", "CVE-2011-3001", "CVE-2011-3002", "CVE-2011-3003", "CVE-2011-3004", "CVE-2011-3005", "CVE-2011-3026", "CVE-2011-3062", "CVE-2011-3101", "CVE-2011-3232", "CVE-2011-3389", "CVE-2011-3640", "CVE-2011-3647", "CVE-2011-3648", "CVE-2011-3649", "CVE-2011-3650", "CVE-2011-3651", "CVE-2011-3652", "CVE-2011-3653", "CVE-2011-3654", "CVE-2011-3655", "CVE-2011-3658", "CVE-2011-3659", "CVE-2011-3660", "CVE-2011-3661", "CVE-2011-3663", "CVE-2011-3665", "CVE-2011-3670", "CVE-2011-3866", "CVE-2011-4688", "CVE-2012-0441", "CVE-2012-0442", "CVE-2012-0443", "CVE-2012-0444", "CVE-2012-0445", "CVE-2012-0446", "CVE-2012-0447", "CVE-2012-0449", "CVE-2012-0450", "CVE-2012-0451", "CVE-2012-0452", "CVE-2012-0455", "CVE-2012-0456", "CVE-2012-0457", "CVE-2012-0458", "CVE-2012-0459", "CVE-2012-0460", "CVE-2012-0461", "CVE-2012-0462", "CVE-2012-0463", "CVE-2012-0464", "CVE-2012-0467", "CVE-2012-0468", "CVE-2012-0469", "CVE-2012-0470", "CVE-2012-0471", "CVE-2012-0473", "CVE-2012-0474", "CVE-2012-0475", "CVE-2012-0477", "CVE-2012-0478", "CVE-2012-0479", "CVE-2012-1937", "CVE-2012-1938", "CVE-2012-1939", "CVE-2012-1940", "CVE-2012-1941", "CVE-2012-1945", "CVE-2012-1946", "CVE-2012-1947", "CVE-2012-1948", "CVE-2012-1949", "CVE-2012-1950", "CVE-2012-1951", "CVE-2012-1952", "CVE-2012-1953", "CVE-2012-1954", "CVE-2012-1955", "CVE-2012-1956", "CVE-2012-1957", "CVE-2012-1958", "CVE-2012-1959", "CVE-2012-1960", "CVE-2012-1961", "CVE-2012-1962", "CVE-2012-1963", "CVE-2012-1964", "CVE-2012-1965", "CVE-2012-1966", "CVE-2012-1967", "CVE-2012-1970", "CVE-2012-1971", "CVE-2012-1972", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-1975", "CVE-2012-1976", "CVE-2012-1994", "CVE-2012-3956", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-3959", "CVE-2012-3960", "CVE-2012-3961", "CVE-2012-3962", "CVE-2012-3963", "CVE-2012-3964", "CVE-2012-3965", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3968", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3971", "CVE-2012-3972", "CVE-2012-3973", "CVE-2012-3975", "CVE-2012-3976", "CVE-2012-3978", "CVE-2012-3980", "CVE-2012-3982", "CVE-2012-3984", "CVE-2012-3985", "CVE-2012-3986", "CVE-2012-3988", "CVE-2012-3989", "CVE-2012-3990", "CVE-2012-3991", "CVE-2012-3992", "CVE-2012-3993", "CVE-2012-3994", "CVE-2012-3995", "CVE-2012-4179", "CVE-2012-4180", "CVE-2012-4181", "CVE-2012-4182", "CVE-2012-4183", "CVE-2012-4184", "CVE-2012-4185", "CVE-2012-4186", "CVE-2012-4187", "CVE-2012-4188", "CVE-2012-4190", "CVE-2012-4191", "CVE-2012-4192", "CVE-2012-4193", "CVE-2012-4194", "CVE-2012-4195", "CVE-2012-4196", "CVE-2012-4201", "CVE-2012-4202", "CVE-2012-4204", "CVE-2012-4205", "CVE-2012-4206", "CVE-2012-4207", "CVE-2012-4208", "CVE-2012-4209", "CVE-2012-4210", "CVE-2012-4212", "CVE-2012-4215", "CVE-2012-4216", "CVE-2012-4930", "CVE-2012-5354", "CVE-2012-5829", "CVE-2012-5830", "CVE-2012-5833", "CVE-2012-5835", "CVE-2012-5836", "CVE-2012-5838", "CVE-2012-5839", "CVE-2012-5840", "CVE-2012-5841", "CVE-2012-5842", "CVE-2012-5843");
      script_bugtraq_id(51752, 51753, 51754, 51756, 51757, 51765, 51787, 51975, 52456, 52457, 52458, 52459, 52460, 52461, 52463, 52464, 52465, 52466, 52467, 53219, 53220, 53221, 53223, 53224, 53225, 53227, 53228, 53229, 53230, 53231, 53315, 53791, 53792, 53793, 53794, 53796, 53797, 53798, 53799, 53800, 54572, 54573, 54574, 54575, 54576, 54577, 54578, 54579, 54580, 54581, 54582, 54583, 54584, 54585, 54586, 55257, 55260, 55264, 55266, 55274, 55276, 55277, 55278, 55292, 55304, 55306, 55308, 55310, 55311, 55313, 55314, 55316, 55317, 55318, 55319, 55320, 55321, 55322, 55323, 55324, 55325, 55340, 55342, 55857, 55922, 55924, 55926, 55927, 55930, 55931, 55932, 56118, 56119, 56120, 56121, 56123, 56125, 56126, 56127, 56128, 56129, 56130, 56131, 56135, 56136, 56140, 56151, 56153, 56154, 56155, 56301, 56302, 56306, 56611, 56612, 56613, 56614, 56616, 56618, 56621, 56625, 56627, 56629, 56630, 56631, 56632, 56633, 56634, 56635, 56636, 56637, 56641, 56642, 56643, 56644, 56646);
      script_xref(name:"GLSA", value:"201301-01");
    
      script_name(english:"GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201301-01
    (Mozilla Products: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Mozilla Firefox,
          Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the
          CVE identifiers referenced below for details.
      
    Impact :
    
        A remote attacker could entice a user to view a specially crafted web
          page or email, possibly resulting in execution of arbitrary code or a
          Denial of Service condition. Furthermore, a remote attacker may be able
          to perform Man-in-the-Middle attacks, obtain sensitive information,
          bypass restrictions and protection mechanisms, force file downloads,
          conduct XML injection attacks, conduct XSS attacks, bypass the Same
          Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical
          scroll, spoof the location bar, spoof an SSL indicator, modify the
          browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified
          impact.
        A local attacker could gain escalated privileges, obtain sensitive
          information, or replace an arbitrary downloaded file.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      # https://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-certificates/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a9b416a4"
      );
      # https://www.mozilla.org/security/announce/2011/mfsa2011-11.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-11/"
      );
      # https://www.mozilla.org/security/announce/2011/mfsa2011-34.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-34/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201301-01"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Mozilla Firefox users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-client/firefox-10.0.11'
        All users of the Mozilla Firefox binary package should upgrade to the
          latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-10.0.11'
        All Mozilla Thunderbird users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-10.0.11'
        All users of the Mozilla Thunderbird binary package should upgrade to
          the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=mail-client/thunderbird-bin-10.0.11'
        All Mozilla SeaMonkey users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-client/seamonkey-2.14-r1'
        All users of the Mozilla SeaMonkey binary package should upgrade to the
          latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-2.14'
        All NSS users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-libs/nss-3.14'
        The &ldquo;www-client/mozilla-firefox&rdquo; package has been merged into the
          &ldquo;www-client/firefox&rdquo; package. To upgrade, please unmerge
          &ldquo;www-client/mozilla-firefox&rdquo; and then emerge the latest
          &ldquo;www-client/firefox&rdquo; package:
          # emerge --sync
          # emerge --unmerge 'www-client/mozilla-firefox'
          # emerge --ask --oneshot --verbose '>=www-client/firefox-10.0.11'
        The &ldquo;www-client/mozilla-firefox-bin&rdquo; package has been merged into
          the &ldquo;www-client/firefox-bin&rdquo; package. To upgrade, please unmerge
          &ldquo;www-client/mozilla-firefox-bin&rdquo; and then emerge the latest
          &ldquo;www-client/firefox-bin&rdquo; package:
          # emerge --sync
          # emerge --unmerge 'www-client/mozilla-firefox-bin'
          # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-10.0.11'
        The &ldquo;mail-client/mozilla-thunderbird&rdquo; package has been merged into
          the &ldquo;mail-client/thunderbird&rdquo; package. To upgrade, please unmerge
          &ldquo;mail-client/mozilla-thunderbird&rdquo; and then emerge the latest
          &ldquo;mail-client/thunderbird&rdquo; package:
          # emerge --sync
          # emerge --unmerge 'mail-client/mozilla-thunderbird'
          # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-10.0.11'
        The &ldquo;mail-client/mozilla-thunderbird-bin&rdquo; package has been merged
          into the &ldquo;mail-client/thunderbird-bin&rdquo; package. To upgrade, please
          unmerge &ldquo;mail-client/mozilla-thunderbird-bin&rdquo; and then emerge the
          latest &ldquo;mail-client/thunderbird-bin&rdquo; package:
          # emerge --sync
          # emerge --unmerge 'mail-client/mozilla-thunderbird-bin'
          # emerge --ask --oneshot --verbose
          '>=mail-client/thunderbird-bin-10.0.11'
        Gentoo discontinued support for GNU IceCat. We recommend that users
          unmerge GNU IceCat:
          # emerge --unmerge 'www-client/icecat'
        Gentoo discontinued support for XULRunner. We recommend that users
          unmerge XULRunner:
          # emerge --unmerge 'net-libs/xulrunner'
        Gentoo discontinued support for the XULRunner binary package. We
          recommend that users unmerge XULRunner:
          # emerge --unmerge 'net-libs/xulrunner-bin'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploithub_sku", value:"EH-11-772");
      script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus');
      script_cwe_id(16, 20, 22, 59, 79, 94, 119, 189, 200, 264, 287, 310, 362, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firefox-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:icecat");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-firefox-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:thunderbird-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xulrunner");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xulrunner-bin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/05/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/08");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"net-libs/xulrunner-bin", unaffected:make_list(), vulnerable:make_list("le 1.8.1.19"))) flag++;
    if (qpkg_check(package:"mail-client/thunderbird-bin", unaffected:make_list("ge 10.0.11"), vulnerable:make_list("lt 10.0.11"))) flag++;
    if (qpkg_check(package:"www-client/firefox", unaffected:make_list("ge 10.0.11"), vulnerable:make_list("lt 10.0.11"))) flag++;
    if (qpkg_check(package:"mail-client/thunderbird", unaffected:make_list("ge 10.0.11"), vulnerable:make_list("lt 10.0.11"))) flag++;
    if (qpkg_check(package:"mail-client/mozilla-thunderbird-bin", unaffected:make_list(), vulnerable:make_list("le 3.0"))) flag++;
    if (qpkg_check(package:"mail-client/mozilla-thunderbird", unaffected:make_list(), vulnerable:make_list("le 3.0.4-r1"))) flag++;
    if (qpkg_check(package:"dev-libs/nss", unaffected:make_list("ge 3.14"), vulnerable:make_list("lt 3.14"))) flag++;
    if (qpkg_check(package:"www-client/firefox-bin", unaffected:make_list("ge 10.0.11"), vulnerable:make_list("lt 10.0.11"))) flag++;
    if (qpkg_check(package:"net-libs/xulrunner", unaffected:make_list(), vulnerable:make_list("le 2.0-r1"))) flag++;
    if (qpkg_check(package:"www-client/mozilla-firefox-bin", unaffected:make_list(), vulnerable:make_list("le 3.5.6"))) flag++;
    if (qpkg_check(package:"www-client/seamonkey", unaffected:make_list("ge 2.14-r1"), vulnerable:make_list("lt 2.14-r1"))) flag++;
    if (qpkg_check(package:"www-client/icecat", unaffected:make_list(), vulnerable:make_list("le 10.0-r1"))) flag++;
    if (qpkg_check(package:"www-client/seamonkey-bin", unaffected:make_list("ge 2.14"), vulnerable:make_list("lt 2.14"))) flag++;
    if (qpkg_check(package:"www-client/mozilla-firefox", unaffected:make_list(), vulnerable:make_list("le 3.6.8"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla Products");
    }
    
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_140.NASL
    descriptionThe installed version of Thunderbird is earlier than 14.0 and thus, is potentially affected by the following security issues : - Several memory safety issues exist, some of which could potentially allow arbitrary code execution. (CVE-2012-1948, CVE-2012-1949) - Several memory safety issues exist related to the Gecko layout engine. (CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954) - An error related to JavaScript functions
    last seen2020-06-01
    modified2020-06-02
    plugin id60045
    published2012-07-19
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60045
    titleMozilla Thunderbird < 14.0 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60045);
      script_version("1.13");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id(
        "CVE-2012-1948",
        "CVE-2012-1949",
        "CVE-2012-1951",
        "CVE-2012-1952",
        "CVE-2012-1953",
        "CVE-2012-1954",
        "CVE-2012-1955",
        "CVE-2012-1957",
        "CVE-2012-1958",
        "CVE-2012-1959",
        "CVE-2012-1960",
        "CVE-2012-1961",
        "CVE-2012-1962",
        "CVE-2012-1963",
        "CVE-2012-1967"
      );
      script_bugtraq_id(
        54572,
        54573,
        54574,
        54575,
        54576,
        54578,
        54580,
        54582,
        54583,
        54584,
        54586
      );
    
      script_name(english:"Mozilla Thunderbird < 14.0 Multiple Vulnerabilities");
      script_summary(english:"Checks version of Thunderbird");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a mail client that is potentially
    affected by several vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Thunderbird is earlier than 14.0 and thus,
    is potentially affected by the following security issues :
    
      - Several memory safety issues exist, some of which could
        potentially allow arbitrary code execution.
        (CVE-2012-1948, CVE-2012-1949)
    
      - Several memory safety issues exist related to the Gecko
        layout engine. (CVE-2012-1951, CVE-2012-1952,
        CVE-2012-1953, CVE-2012-1954)
    
      - An error related to JavaScript functions
        'history.forward' and 'history.back' can allow
        incorrect URLs to be displayed. (CVE-2012-1955)
    
      - Cross-site scripting attacks are possible due to an
        error related to the '<embed>' tag within an RSS
        '<description>' element. (CVE-2012-1957)
    
      - A use-after-free error exists related to the method
        'nsGlobalWindow::PageHidden'. (CVE-2012-1958)
    
      - An error exists that can allow 'same-compartment
        security wrappers' (SCSW) to be bypassed.
        (CVE-2012-1959)
    
      - An out-of-bounds read error exists related to the color
        management library (QCMS). (CVE-2012-1960)
      
      - The 'X-Frames-Options' header is ignored if it is
        duplicated. (CVE-2012-1961)
    
      - A memory corruption error exists related to the method
        'JSDependentString::undepend'. (CVE-2012-1962)
    
      - An error related to the 'Content Security Policy' (CSP)
        implementation can allow the disclosure of OAuth 2.0
        access tokens and OpenID credentials. (CVE-2012-1963)
    
      - An error exists related to the 'javascript:' URL that
        can allow scripts to run at elevated privileges outside
        the sandbox. (CVE-2012-1967)");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-42/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-44/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-45/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-47/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-48/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-49/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-50/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-51/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-52/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-53/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-56/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Thunderbird 14.0 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-1967");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/07/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/19");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Thunderbird/Version");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    port = get_kb_item_or_exit("SMB/transport");
    
    installs = get_kb_list("SMB/Mozilla/Thunderbird/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Thunderbird");
    
    mozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'14.0', severity:SECURITY_HOLE, xss:TRUE);
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1509-2.NASL
    descriptionUSN-1509-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the lastest Firefox. Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1948, CVE-2012-1949) Mario Gomes discovered that the address bar may be incorrectly updated. Drag-and-drop events in the address bar may cause the address of the previous site to be displayed while a new page is loaded. An attacker could exploit this to conduct phishing attacks. (CVE-2012-1950) Abhishek Arya discovered four memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954) Mariusz Mlynski discovered that the address bar may be incorrectly updated. Calls to history.forward and history.back could be used to navigate to a site while the address bar still displayed the previous site. A remote attacker could exploit this to conduct phishing attacks. (CVE-2012-1955) Mario Heiderich discovered that HTML <embed> tags were not filtered out of the HTML <description> of RSS feeds. A remote attacker could exploit this to conduct cross-site scripting (XSS) attacks via JavaScript execution in the HTML feed view. (CVE-2012-1957) Arthur Gerkis discovered a use-after-free vulnerability. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1958) Bobby Holley discovered that same-compartment security wrappers (SCSW) could be bypassed to allow XBL access. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2012-1959) Tony Payne discovered an out-of-bounds memory read in Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id60013
    published2012-07-18
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60013
    titleUbuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : ubufox update (USN-1509-2)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-465.NASL
    descriptionMozilla XULRunner was updated to 14.0.1, fixing bugs and security issues : Following security issues were fixed: MFSA 2012-42: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. CVE-2012-1949: Brian Smith, Gary Kwong, Christian Holler, Jesse Ruderman, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey reported memory safety problems and crashes that affect Firefox 13. CVE-2012-1948: Benoit Jacob, Jesse Ruderman, Christian Holler, and Bill McCloskey reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 13. MFSA 2012-43 / CVE-2012-1950: Security researcher Mario Gomes andresearch firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the addressbar by canceling the page load. This causes the address of the previously site entered to be displayed in the addressbar instead of the currently loaded page. This could lead to potential phishing attacks on users. MFSA 2012-44 Google security researcher Abhishek Arya used the Address Sanitizer tool to uncover four issues: two use-after-free problems, one out of bounds read bug, and a bad cast. The first use-after-free problem is caused when an array of nsSMILTimeValueSpec objects is destroyed but attempts are made to call into objects in this array later. The second use-after-free problem is in nsDocument::AdoptNode when it adopts into an empty document and then adopts into another document, emptying the first one. The heap buffer overflow is in ElementAnimations when data is read off of end of an array and then pointers are dereferenced. The bad cast happens when nsTableFrame::InsertFrames is called with frames in aFrameList that are a mix of row group frames and column group frames. AppendFrames is not able to handle this mix. All four of these issues are potentially exploitable. CVE-2012-1951: Heap-use-after-free in nsSMILTimeValueSpec::IsEventBased CVE-2012-1954: Heap-use-after-free in nsDocument::AdoptNode CVE-2012-1953: Out of bounds read in ElementAnimations::EnsureStyleRuleFor CVE-2012-1952: Bad cast in nsTableFrame::InsertFrames MFSA 2012-45 / CVE-2012-1955: Security researcher Mariusz Mlynski reported an issue with spoofing of the location property. In this issue, calls to history.forward and history.back are used to navigate to a site while displaying the previous site in the addressbar but changing the baseURI to the newer site. This can be used for phishing by allowing the user input form or other data on the newer, attacking, site while appearing to be on the older, displayed site. MFSA 2012-46 / CVE-2012-1966: Mozilla security researcher moz_bug_r_a4 reported a cross-site scripting (XSS) attack through the context menu using a data: URL. In this issue, context menu functionality (
    last seen2020-06-05
    modified2014-06-13
    plugin id74693
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74693
    titleopenSUSE Security Update : xulrunner (openSUSE-SU-2012:0924-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-473.NASL
    descriptionSeaMonkey was updated to version 2.11 (bnc#771583) - MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous memory safety hazards - MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-20 12-1952 Gecko memory corruption - MFSA 2012-45/CVE-2012-1955 (bmo#757376) Spoofing issue with location - MFSA 2012-47/CVE-2012-1957 (bmo#750096) Improper filtering of JavaScript in HTML feed-view - MFSA 2012-48/CVE-2012-1958 (bmo#750820) use-after-free in nsGlobalWindow::PageHidden - MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559) Same-compartment Security Wrappers can be bypassed - MFSA 2012-50/CVE-2012-1960 (bmo#761014) Out of bounds read in QCMS - MFSA 2012-51/CVE-2012-1961 (bmo#761655) X-Frame-Options header ignored when duplicated - MFSA 2012-52/CVE-2012-1962 (bmo#764296) JSDependentString::undepend string conversion results in memory corruption - MFSA 2012-53/CVE-2012-1963 (bmo#767778) Content Security Policy 1.0 implementation errors cause data leakage - MFSA 2012-56/CVE-2012-1967 (bmo#758344) Code execution through javascript: URLs - relicensed to MPL-2.0 - updated/removed patches - requires NSS 3.13.5 - update to SeaMonkey 2.10.1
    last seen2020-06-05
    modified2014-06-13
    plugin id74698
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74698
    titleopenSUSE Security Update : seamonkey (openSUSE-SU-2012:0935-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_FIREFOX-201207-8226.NASL
    descriptionMozillaFirefox have been updated to the 10.0.6ESR security release fixing various bugs and several security issues, some critical. The ollowing security issues have been fixed : - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2012-42) - Benoit Jacob, Jesse Ruderman, Christian Holler, and Bill McCloskey reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 13. (CVE-2012-1948) - Security researcher Mario Gomes andresearch firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the addressbar by canceling the page load. This causes the address of the previously site entered to be displayed in the addressbar instead of the currently loaded page. This could lead to potential phishing attacks on users. (MFSA 2012-43 / CVE-2012-1950) - Google security researcher Abhishek Arya used the Address Sanitizer tool to uncover four issues: two use-after-free problems, one out of bounds read bug, and a bad cast. The first use-afte.r-free problem is caused when an array of nsSMILTimeValueSpec objects is destroyed but attempts are made to call into objects in this array later. The second use-after-free problem is in nsDocument::AdoptNode when it adopts into an empty document and then adopts into another document, emptying the first one. The heap buffer overflow is in ElementAnimations when data is read off of end of an array and then pointers are dereferenced. The bad cast happens when nsTableFrame::InsertFrames is called with frames in aFrameList that are a mix of row group frames and column group frames. AppendFrames is not able to handle this mix. (MFSA 2012-44) All four of these issues are potentially exploitable. o CVE-2012-1951: Heap-use-after-free in nsSMILTimeValueSpec::IsEventBased o CVE-2012-1954: Heap-use-after-free in nsDocument::AdoptNode o CVE-2012-1953: Out of bounds read in ElementAnimations::EnsureStyleRuleFor o CVE-2012-1952: Bad cast in nsTableFrame::InsertFrames - Security researcher Mariusz Mlynski reported an issue with spoofing of the location property. In this issue, calls to history.forward and history.back are used to navigate to a site while displaying the previous site in the addressbar but changing the baseURI to the newer site. This can be used for phishing by allowing the user input form or other data on the newer, attacking, site while appearing to be on the older, displayed site. (MFSA 2012-45 / CVE-2012-1955) - Mozilla security researcher moz_bug_r_a4 reported a cross-site scripting (XSS) attack through the context menu using a data: URL. In this issue, context menu functionality (
    last seen2020-06-05
    modified2012-07-23
    plugin id60092
    published2012-07-23
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60092
    titleSuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8226)

Oval

accepted2014-10-06T04:02:02.628-04:00
classvulnerability
contributors
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameRichard Helbing
    organizationbaramundi software
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
definition_extensions
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Seamonkey is installed
    ovaloval:org.mitre.oval:def:6372
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
descriptionThe qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation.
familywindows
idoval:org.mitre.oval:def:16735
statusaccepted
submitted2013-05-13T10:26:26.748+04:00
titleThe qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation.
version37