Vulnerabilities > CVE-2012-4191 - Out-Of-Bounds Write vulnerability in multiple products

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
mozilla
canonical
CWE-787
critical
nessus

Summary

The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

Vulnerable Configurations

Part Description Count
Application
Mozilla
538
OS
Canonical
4

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1608-1.NASL
    descriptionIt was discovered that the browser engine used in Firefox contained a memory corruption flaw. If a user were tricked into opening a specially crafted web page, a remote attacker could cause Firefox to crash or potentially execute arbitrary code as the user invoking the program. (CVE-2012-4191) It was discovered that Firefox allowed improper access to the Location object. An attacker could exploit this to obtain sensitive information. (CVE-2012-4192). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id62515
    published2012-10-12
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62515
    titleUbuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : firefox vulnerabilities (USN-1608-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1608-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(62515);
      script_version("1.11");
      script_cvs_date("Date: 2019/09/19 12:54:28");
    
      script_cve_id("CVE-2012-4191", "CVE-2012-4192");
      script_bugtraq_id(55889);
      script_xref(name:"USN", value:"1608-1");
    
      script_name(english:"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : firefox vulnerabilities (USN-1608-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the browser engine used in Firefox contained a
    memory corruption flaw. If a user were tricked into opening a
    specially crafted web page, a remote attacker could cause Firefox to
    crash or potentially execute arbitrary code as the user invoking the
    program. (CVE-2012-4191)
    
    It was discovered that Firefox allowed improper access to the Location
    object. An attacker could exploit this to obtain sensitive
    information. (CVE-2012-4192).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1608-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/10/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04|11\.04|11\.10|12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 11.04 / 11.10 / 12.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"firefox", pkgver:"16.0.1+build1-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"11.04", pkgname:"firefox", pkgver:"16.0.1+build1-0ubuntu0.11.04.1")) flag++;
    if (ubuntu_check(osver:"11.10", pkgname:"firefox", pkgver:"16.0.1+build1-0ubuntu0.11.10.1")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"firefox", pkgver:"16.0.1+build1-0ubuntu0.12.04.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_16_0_1.NASL
    descriptionThe installed version of Firefox is earlier than 16.0.1 and is therefore potentially affected by the following security issues : - An unspecified error related to the WebSockets implementation and the function
    last seen2020-06-01
    modified2020-06-02
    plugin id62585
    published2012-10-17
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62585
    titleFirefox < 16.0.1 Multiple Vulnerabilities (Mac OS X)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(62585);
      script_version("1.12");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id("CVE-2012-4191", "CVE-2012-4192", "CVE-2012-4193");
      script_bugtraq_id(56153, 56154, 56155);
    
      script_name(english:"Firefox < 16.0.1 Multiple Vulnerabilities (Mac OS X)");
      script_summary(english:"Checks version of Firefox");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Mac OS X host contains a web browser that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Firefox is earlier than 16.0.1 and is
    therefore potentially affected by the following security issues :
    
      - An unspecified error related to the WebSockets
        implementation and the function
        'mozilla::net::FailDelayManager::Lookup' can allow
        application crashes and potentially, arbitrary code
        execution. (CVE-2012-4191)
    
      - An unspecified error exists that can allow attackers to
        bypass the 'Same Origin Policy' and access the
        'Location' object. (CVE-2012-4192)
    
      - An error exists related to 'security wrappers' and the
        function 'defaultValue()' that can allow cross-site
        scripting attacks. (CVE-2012-4193)");
      # http://www.thespanner.co.uk/2012/10/10/firefox-knows-what-your-friends-did-last-summer/
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8993e6b4");
      # https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dc43f3c3");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-88/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-89/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Firefox 16.0.1 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-4191");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/10/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/17");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_firefox_installed.nasl");
      script_require_keys("MacOSX/Firefox/Installed");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    kb_base = "MacOSX/Firefox";
    get_kb_item_or_exit(kb_base+"/Installed");
    
    version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
    path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);
    
    if (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');
    
    mozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'16.0.1', skippat:'^10\\.0\\.', severity:SECURITY_HOLE, xss:TRUE);
    
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_1601.NASL
    descriptionThe installed version of Firefox is earlier than 16.0.1 and is therefore potentially affected by the following security issues : - An unspecified error related to the WebSockets implementation and the function
    last seen2020-06-01
    modified2020-06-02
    plugin id62589
    published2012-10-17
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62589
    titleFirefox < 16.0.1 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(62589);
      script_version("1.11");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id("CVE-2012-4191", "CVE-2012-4192", "CVE-2012-4193");
      script_bugtraq_id(56153, 56154, 56155);
    
      script_name(english:"Firefox < 16.0.1 Multiple Vulnerabilities");
      script_summary(english:"Checks version of Firefox");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a web browser that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Firefox is earlier than 16.0.1 and is
    therefore potentially affected by the following security issues :
    
      - An unspecified error related to the WebSockets
        implementation and the function
        'mozilla::net::FailDelayManager::Lookup' can allow
        application crashes and potentially, arbitrary code
        execution. (CVE-2012-4191)
    
      - An unspecified error exists that can allow attackers to
        bypass the 'Same Origin Policy' and access the
        'Location' object. (CVE-2012-4192)
    
      - An error exists related to 'security wrappers' and the
        function 'defaultValue()' that can allow cross-site
        scripting attacks. (CVE-2012-4193)");
      # http://www.thespanner.co.uk/2012/10/10/firefox-knows-what-your-friends-did-last-summer/
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8993e6b4");
      # https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dc43f3c3");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-88/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-89/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Firefox 16.0.1 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-4191");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/10/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/17");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Firefox/Version");
    
      exit(0);
    }
    include("mozilla_version.inc");
    port = get_kb_item_or_exit("SMB/transport"); 
    
    installs = get_kb_list("SMB/Mozilla/Firefox/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");
    
    mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'16.0.1', severity:SECURITY_HOLE, xss:TRUE);
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_16_0_1.NASL
    descriptionThe installed version of Thunderbird is earlier than 16.0.1 and is therefore potentially affected by the following security issues : - An unspecified error related to the WebSockets implementation and the function
    last seen2020-06-01
    modified2020-06-02
    plugin id62587
    published2012-10-17
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62587
    titleThunderbird < 16.0.1 Multiple Vulnerabilities (Mac OS X)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(62587);
      script_version("1.11");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id("CVE-2012-4191", "CVE-2012-4192", "CVE-2012-4193");
      script_bugtraq_id(56153, 56154, 56155);
    
      script_name(english:"Thunderbird < 16.0.1 Multiple Vulnerabilities (Mac OS X)");
      script_summary(english:"Checks version of Thunderbird");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Mac OS X host contains a mail client that is potentially
    affected by several vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Thunderbird is earlier than 16.0.1 and is
    therefore potentially affected by the following security issues :
    
      - An unspecified error related to the WebSockets
        implementation and the function
        'mozilla::net::FailDelayManager::Lookup' can allow
        application crashes and potentially, arbitrary code
        execution. (CVE-2012-4191)
    
      - An unspecified error exists that can allow attackers to
        bypass the 'Same Origin Policy' and access the
        'Location' object. (CVE-2012-4192)
    
      - An error exists related to 'security wrappers' and the
        function 'defaultValue()' that can allow cross-site
        scripting attacks. (CVE-2012-4193)");
      # http://www.thespanner.co.uk/2012/10/10/firefox-knows-what-your-friends-did-last-summer/
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8993e6b4");
      # https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dc43f3c3");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-88/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-89/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Thunderbird 16.0.1 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-4191");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/10/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/17");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_thunderbird_installed.nasl");
      script_require_keys("MacOSX/Thunderbird/Installed");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    kb_base = "MacOSX/Thunderbird";
    get_kb_item_or_exit(kb_base+"/Installed");
    
    version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
    path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);
    
    mozilla_check_version(product:'thunderbird', version:version, path:path, esr:FALSE, fix:'16.0.1', skippat:'^10\\.0\\.', severity:SECURITY_HOLE, xss:TRUE);
    
  • NASL familyWindows
    NASL idSEAMONKEY_2131.NASL
    descriptionThe installed version of SeaMonkey is earlier than 2.13.1. As such, it is potentially affected by the following security issues : - An unspecified error related to the WebSockets implementation and the function
    last seen2020-06-01
    modified2020-06-02
    plugin id62592
    published2012-10-17
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62592
    titleSeaMonkey < 2.13.1 Multiple Vulnerabilities
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_1601.NASL
    descriptionThe installed version of Thunderbird is earlier than 16.0.1. It is, therefore, potentially affected by the following security issues : - An unspecified error related to the WebSockets implementation and the function
    last seen2020-06-01
    modified2020-06-02
    plugin id62591
    published2012-10-17
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62591
    titleMozilla Thunderbird < 16.0.1 Multiple Vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_6E5A9AFD12D311E2B47DC8600054B392.NASL
    descriptionThe Mozilla Project reports : MFSA 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8) MFSA 2012-75 select element persistance allows for attacks MFSA 2012-76 Continued access to initial origin after setting document.domain MFSA 2012-77 Some DOMWindowUtils methods bypass security checks MFSA 2012-78 Reader Mode pages have chrome privileges MFSA 2012-79 DOS and crash with full screen and history navigation MFSA 2012-80 Crash with invalid cast when using instanceof operator MFSA 2012-81 GetProperty function can bypass security checks MFSA 2012-82 top object and location property accessible by plugins MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow access to privileged functions or properties MFSA 2012-84 Spoofing and script injection through location.hash MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer MFSA 2012-87 Use-after-free in the IME State Manager MFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1) MFSA 2012-89 defaultValue security checks not applied
    last seen2020-06-01
    modified2020-06-02
    plugin id62490
    published2012-10-11
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62490
    titleFreeBSD : mozilla -- multiple vulnerabilities (6e5a9afd-12d3-11e2-b47d-c8600054b392)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-709.NASL
    descriptionThe Mozilla suite received following security updates (bnc#783533) : Mozilla Firefox was updated to 16.0.1. Mozilla SeaMonkey was updated to 2.13.1. Mozilla Thunderbird was updated to 16.0.1. Mozilla XULRunner was updated to 16.0.1. - MFSA 2012-88/CVE-2012-4191 (bmo#798045) Miscellaneous memory safety hazards - MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619) defaultValue security checks not applied - MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 Miscellaneous memory safety hazards - MFSA 2012-75/CVE-2012-3984 (bmo#575294) select element persistance allows for attacks - MFSA 2012-76/CVE-2012-3985 (bmo#655649) Continued access to initial origin after setting document.domain - MFSA 2012-77/CVE-2012-3986 (bmo#775868) Some DOMWindowUtils methods bypass security checks - MFSA 2012-79/CVE-2012-3988 (bmo#725770) DOS and crash with full screen and history navigation - MFSA 2012-80/CVE-2012-3989 (bmo#783867) Crash with invalid cast when using instanceof operator - MFSA 2012-81/CVE-2012-3991 (bmo#783260) GetProperty function can bypass security checks - MFSA 2012-82/CVE-2012-3994 (bmo#765527) top object and location property accessible by plugins - MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370) Chrome Object Wrapper (COW) does not disallow access to privileged functions or properties - MFSA 2012-84/CVE-2012-3992 (bmo#775009) Spoofing and script injection through location.hash - MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/ CVE-2012-4181/CVE-2012-4182/CVE-2012-4183 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer - MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/ CVE-2012-4188 Heap memory corruption issues found using Address Sanitizer - MFSA 2012-87/CVE-2012-3990 (bmo#787704)
    last seen2020-06-05
    modified2014-06-13
    plugin id74779
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74779
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:1345-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201301-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id63402
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63402
    titleGLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1611-1.NASL
    descriptionHenrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or arbitrary code as the user invoking the program. (CVE-2012-3982, CVE-2012-3983, CVE-2012-3988, CVE-2012-3989, CVE-2012-4191) David Bloom and Jordi Chancel discovered that Thunderbird did not always properly handle the <select> element. If a user were tricked into opening a malicious website and had JavaScript enabled, a remote attacker could exploit this to conduct URL spoofing and clickjacking attacks. (CVE-2012-3984) Collin Jackson discovered that Thunderbird did not properly follow the HTML5 specification for document.domain behavior. If a user were tricked into opening a malicious website and had JavaScript enabled, a remote attacker could exploit this to conduct cross-site scripting (XSS) attacks via JavaScript execution. (CVE-2012-3985) Johnny Stenback discovered that Thunderbird did not properly perform security checks on test methods for DOMWindowUtils. (CVE-2012-3986) Alice White discovered that the security checks for GetProperty could be bypassed when using JSAPI. If a user were tricked into opening a specially crafted web page and had JavaScript enabled, a remote attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2012-3991) Mariusz Mlynski discovered a history state error in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, a remote attacker could exploit this to spoof the location property to inject script or intercept posted data. (CVE-2012-3992) Mariusz Mlynski and others discovered several flaws in Thunderbird that allowed a remote attacker to conduct cross-site scripting (XSS) attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page and had JavaScript enabled, a remote attacker could exploit these to modify the contents, or steal confidential data, within the same domain. (CVE-2012-3993, CVE-2012-3994, CVE-2012-4184) Abhishek Arya, Atte Kettunen and others discovered several memory flaws in Thunderbird when using the Address Sanitizer tool. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or execute arbitrary code as the user invoking the program. (CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188) It was discovered that Thunderbird allowed improper access to the Location object. An attacker could exploit this to obtain sensitive information. Under certain circumstances, a remote attacker could use this vulnerability to potentially execute arbitrary code as the user invoking the program. (CVE-2012-4192, CVE-2012-4193). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id62548
    published2012-10-15
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62548
    titleUbuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1611-1)

Oval

accepted2014-10-06T04:02:01.934-04:00
classvulnerability
contributors
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameRichard Helbing
    organizationbaramundi software
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
definition_extensions
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Seamonkey is installed
    ovaloval:org.mitre.oval:def:6372
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
descriptionThe mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
familywindows
idoval:org.mitre.oval:def:16719
statusaccepted
submitted2013-05-13T10:26:26.748+04:00
titleThe mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
version35