Vulnerabilities > CVE-2012-4206 - Arbitrary Code Execution vulnerability in Mozilla Firefox and Firefox ESR

047910
CVSS 6.9 - MEDIUM
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
mozilla
microsoft
nessus

Summary

Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

Vulnerable Configurations

Part Description Count
Application
Mozilla
203
OS
Microsoft
1

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_FIREFOX-20121121-8381.NASL
    descriptionMozilla Firefox has been updated to the 10.0.11 ESR security release, which fixes various bugs and security issues. - Security researcher miaubiz used the Address Sanitizer tool to discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that have been fixed before general release. (MFSA 2012-106) In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References The following issues have been fixed in Firefox 17 and ESR 10.0.11 : o use-after-free when loading html file on osx (CVE-2012-5830) o Mesa crashes on certain texImage2D calls involving level>0 (CVE-2012-5833) o integer overflow, invalid write w/webgl bufferdata. (CVE-2012-5835) The following issues have been fixed in Firefox 17 : o crash in copyTexImage2D with image dimensions too large for given level. (CVE-2012-5838) - Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that have been fixed before general release. (MFSA 2012-105) In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References The following issues have been fixed in Firefox 17 and ESR 10.0.11 : o Heap-use-after-free in nsTextEditorState::PrepareEditor (CVE-2012-4214) o Heap-use-after-free in nsPlaintextEditor::FireClipboardEvent (CVE-2012-4215) o Heap-use-after-free in gfxFont::GetFontEntry (CVE-2012-4216) o Heap-buffer-overflow in nsWindow::OnExposeEvent (CVE-2012-5829) o heap-buffer-overflow in gfxShapedWord::CompressedGlyph::IsClusterStart o CVE-2012-5839 o Heap-use-after-free in nsTextEditorState::PrepareEditor. (CVE-2012-5840) The following issues have been fixed in Firefox 17 : o Heap-use-after-free in XPCWrappedNative::Mark (CVE-2012-4212) o Heap-use-after-free in nsEditor::FindNextLeafNode (CVE-2012-4213) o Heap-use-after-free in nsViewManager::ProcessPendingUpdates (CVE-2012-4217) o Heap-use-after-free BuildTextRunsScanner::BreakSink::SetBreaks. (CVE-2012-4218) - Security researcher Mariusz Mlynski reported that when a maliciously crafted stylesheet is inspected in the Style Inspector, HTML and CSS can run in a chrome privileged context without being properly sanitized first. This can lead to arbitrary code execution. (MFSA 2012-104 / CVE-2012-4210) - Security researcher Mariusz Mlynski reported that the location property can be accessed by binary plugins through top.location with a frame whose name attribute
    last seen2020-06-05
    modified2012-11-29
    plugin id63091
    published2012-11-29
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63091
    titleSuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8381)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63091);
      script_version("1.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-4201", "CVE-2012-4202", "CVE-2012-4203", "CVE-2012-4204", "CVE-2012-4205", "CVE-2012-4206", "CVE-2012-4207", "CVE-2012-4208", "CVE-2012-4209", "CVE-2012-4210", "CVE-2012-4212", "CVE-2012-4213", "CVE-2012-4214", "CVE-2012-4215", "CVE-2012-4216", "CVE-2012-4217", "CVE-2012-4218", "CVE-2012-5829", "CVE-2012-5830", "CVE-2012-5833", "CVE-2012-5835", "CVE-2012-5836", "CVE-2012-5837", "CVE-2012-5838", "CVE-2012-5839", "CVE-2012-5840", "CVE-2012-5841", "CVE-2012-5842", "CVE-2012-5843");
    
      script_name(english:"SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8381)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Mozilla Firefox has been updated to the 10.0.11 ESR security release,
    which fixes various bugs and security issues.
    
      - Security researcher miaubiz used the Address Sanitizer
        tool to discover a series critically rated of
        use-after-free, buffer overflow, and memory corruption
        issues in shipped software. These issues are potentially
        exploitable, allowing for remote code execution. We
        would also like to thank miaubiz for reporting two
        additional use-after-free and memory corruption issues
        introduced during Firefox development that have been
        fixed before general release. (MFSA 2012-106)
    
        In general these flaws cannot be exploited through email
        in the Thunderbird and SeaMonkey products because
        scripting is disabled, but are potentially a risk in
        browser or browser-like contexts in those products.
        References
    
        The following issues have been fixed in Firefox 17 and
        ESR 10.0.11 :
    
    o use-after-free when loading html file on osx (CVE-2012-5830) o Mesa
    crashes on certain texImage2D calls involving level>0 (CVE-2012-5833)
    o integer overflow, invalid write w/webgl bufferdata. (CVE-2012-5835)
    
    The following issues have been fixed in Firefox 17 :
    
    o crash in copyTexImage2D with image dimensions too large for given
    level. (CVE-2012-5838)
    
      - Security researcher Abhishek Arya (Inferno) of the
        Google Chrome Security Team discovered a series
        critically rated of use-after-free and buffer overflow
        issues using the Address Sanitizer tool in shipped
        software. These issues are potentially exploitable,
        allowing for remote code execution. We would also like
        to thank Abhishek for reporting five additional
        use-after-free, out of bounds read, and buffer overflow
        flaws introduced during Firefox development that have
        been fixed before general release. (MFSA 2012-105)
    
        In general these flaws cannot be exploited through email
        in the Thunderbird and SeaMonkey products because
        scripting is disabled, but are potentially a risk in
        browser or browser-like contexts in those products.
        References
    
        The following issues have been fixed in Firefox 17 and
        ESR 10.0.11 :
    
    o Heap-use-after-free in nsTextEditorState::PrepareEditor
    (CVE-2012-4214) o Heap-use-after-free in
    nsPlaintextEditor::FireClipboardEvent (CVE-2012-4215) o
    Heap-use-after-free in gfxFont::GetFontEntry (CVE-2012-4216) o
    Heap-buffer-overflow in nsWindow::OnExposeEvent (CVE-2012-5829) o
    heap-buffer-overflow in gfxShapedWord::CompressedGlyph::IsClusterStart
    o CVE-2012-5839 o Heap-use-after-free in
    nsTextEditorState::PrepareEditor. (CVE-2012-5840)
    
    The following issues have been fixed in Firefox 17 :
    
    o Heap-use-after-free in XPCWrappedNative::Mark (CVE-2012-4212) o
    Heap-use-after-free in nsEditor::FindNextLeafNode (CVE-2012-4213) o
    Heap-use-after-free in nsViewManager::ProcessPendingUpdates
    (CVE-2012-4217) o Heap-use-after-free
    BuildTextRunsScanner::BreakSink::SetBreaks. (CVE-2012-4218)
    
      - Security researcher Mariusz Mlynski reported that when a
        maliciously crafted stylesheet is inspected in the Style
        Inspector, HTML and CSS can run in a chrome privileged
        context without being properly sanitized first. This can
        lead to arbitrary code execution. (MFSA 2012-104 /
        CVE-2012-4210)
    
      - Security researcher Mariusz Mlynski reported that the
        location property can be accessed by binary plugins
        through top.location with a frame whose name attribute's
        value is set to 'top'. This can allow for possible
        cross-site scripting (XSS) attacks through plugins.
        (MFSA 2012-103 / CVE-2012-4209)
    
        In general these flaws cannot be exploited through email
        in the Thunderbird and SeaMonkey products because
        scripting is disabled, but are potentially a risk in
        browser or browser-like contexts in those products.
    
      - Security researcher Masato Kinugawa reported that when
        script is entered into the Developer Toolbar, it runs in
        a chrome privileged context. This allows for arbitrary
        code execution or cross-site scripting (XSS) if a user
        can be convinced to paste malicious code into the
        Developer Toolbar. (MFSA 2012-102 / CVE-2012-5837)
    
      - Security researcher Masato Kinugawa found when
        HZ-GB-2312 charset encoding is used for text, the '~'
        character will destroy another character near the chunk
        delimiter. This can lead to a cross-site scripting (XSS)
        attack in pages encoded in HZ-GB-2312. (MFSA 2012-101 /
        CVE-2012-4207)
    
      - Mozilla developer Bobby Holley reported that security
        wrappers filter at the time of property access, but once
        a function is returned, the caller can use this function
        without further security checks. This affects
        cross-origin wrappers, allowing for write actions on
        objects when only read actions should be properly
        allowed. This can lead to cross-site scripting (XSS)
        attacks. (MFSA 2012-100 / CVE-2012-5841)
    
        In general these flaws cannot be exploited through email
        in the Thunderbird and SeaMonkey products because
        scripting is disabled, but are potentially a risk in
        browser or browser-like contexts in those products.
    
      - Mozilla developer Peter Van der Beken discovered that
        same-origin XrayWrappers expose chrome-only properties
        even when not in a chrome compartment. This can allow
        web content to get properties of DOM objects that are
        intended to be chrome-only. (MFSA 2012-99 /
        CVE-2012-4208)
    
        In general these flaws cannot be exploited through email
        in the Thunderbird and SeaMonkey products because
        scripting is disabled, but are potentially a risk in
        browser or browser-like contexts in those products.
    
      - Security researcher Robert Kugler reported that when a
        specifically named DLL file on a Windows computer is
        placed in the default downloads directory with the
        Firefox installer, the Firefox installer will load this
        DLL when it is launched. In circumstances where the
        installer is run by an administrator privileged account,
        this allows for the downloaded DLL file to be run with
        administrator privileges. This can lead to arbitrary
        code execution from a privileged account. (MFSA 2012-98
        / CVE-2012-4206)
    
      - Mozilla developer Gabor Krizsanits discovered that
        XMLHttpRequest objects created within sandboxes have the
        system principal instead of the sandbox principal. This
        can lead to cross-site request forgery (CSRF) or
        information theft via an add-on running untrusted code
        in a sandbox. (MFSA 2012-97 / CVE-2012-4205)
    
      - Security researcher Scott Bell of
        Security-Assessment.com used the Address Sanitizer tool
        to discover a memory corruption in str_unescape in the
        JavaScript engine. This could potentially lead to
        arbitrary code execution. (MFSA 2012-96 / CVE-2012-4204)
    
        In general these flaws cannot be exploited through email
        in the Thunderbird and SeaMonkey products because
        scripting is disabled, but are potentially a risk in
        browser or browser-like contexts in those products.
    
      - Security researcher [email protected] reported that if
        a javascript: URL is selected from the list of Firefox
        'new tab' page, the script will inherit the privileges
        of the privileged 'new tab' page. This allows for the
        execution of locally installed programs if a user can be
        convinced to save a bookmark of a malicious javascript:
        URL. (MFSA 2012-95 / CVE-2012-4203)
    
      - Security researcher Jonathan Stephens discovered that
        combining SVG text on a path with the setting of CSS
        properties could lead to a potentially exploitable
        crash. (MFSA 2012-94 / CVE-2012-5836)
    
      - Mozilla security researcher moz_bug_r_a4 reported that
        if code executed by the evalInSandbox function sets
        location.href, it can get the wrong subject principal
        for the URL check, ignoring the sandbox's JavaScript
        context and gaining the context of evalInSandbox object.
        This can lead to malicious web content being able to
        perform a cross-site scripting (XSS) attack or stealing
        a copy of a local file if the user has installed an
        add-on vulnerable to this attack. (MFSA 2012-93 /
        CVE-2012-4201)
    
      - Security researcher Atte Kettunen from OUSPG used the
        Address Sanitizer tool to discover a buffer overflow
        while rendering GIF format images. This issue is
        potentially exploitable and could lead to arbitrary code
        execution. (MFSA 2012-92 / CVE-2012-4202)
    
      - Mozilla developers identified and fixed several memory
        safety bugs in the browser engine used in Firefox and
        other Mozilla-based products. Some of these bugs showed
        evidence of memory corruption under certain
        circumstances, and we presume that with enough effort at
        least some of these could be exploited to run arbitrary
        code. (MFSA 2012-91)
    
        In general these flaws cannot be exploited through email
        in the Thunderbird and SeaMonkey products because
        scripting is disabled, but are potentially a risk in
        browser or browser-like contexts in those products.
        References
    
        Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary,
        Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian
        Seward, and Bill McCloskey reported memory safety
        problems and crashes that affect Firefox 16.
        (CVE-2012-5843)
    
        Jesse Ruderman, Andrew McCreight, Bob Clary, and Kyle
        Huey reported memory safety problems and crashes that
        affect Firefox ESR 10 and Firefox 16. (CVE-2012-5842)"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-100.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-100/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-101.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-101/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-102.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-102/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-103.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-103/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-104.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-104/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-105.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-105/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-106.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-106/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-91.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-91/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-92.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-92/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-93.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-93/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-94.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-94/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-95.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-95/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-96.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-96/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-97.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-97/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-98.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-98/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-99.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-99/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4201.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4202.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4203.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4204.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4205.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4206.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4207.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4208.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4209.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4210.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4212.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4213.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4214.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4215.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4216.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4217.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4218.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5829.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5830.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5833.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5835.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5836.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5837.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5838.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5839.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5840.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5841.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5842.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5843.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 8381.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/11/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:4, reference:"MozillaFirefox-10.0.11-0.5.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, reference:"MozillaFirefox-translations-10.0.11-0.5.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, reference:"mozilla-nss-3.14-0.6.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, reference:"mozilla-nss-devel-3.14-0.6.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, reference:"mozilla-nss-tools-3.14-0.6.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"mozilla-nss-32bit-3.14-0.6.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"MozillaFirefox-10.0.11-0.5.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"MozillaFirefox-translations-10.0.11-0.5.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"mozilla-nss-3.14-0.6.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"mozilla-nss-devel-3.14-0.6.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"mozilla-nss-tools-3.14-0.6.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"mozilla-nss-32bit-3.14-0.6.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_D23119DF335D11E2B64CC8600054B392.NASL
    descriptionThe Mozilla Project reports : MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11) MFSA 2012-92 Buffer overflow while rendering GIF images MFSA 2012-93 evalInSanbox location context incorrectly applied MFSA 2012-94 Crash when combining SVG text on path with CSS MFSA 2012-95 Javascript: URLs run in privileged context on New Tab page MFSA 2012-96 Memory corruption in str_unescape MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox MFSA 2012-98 Firefox installer DLL hijacking MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment MFSA 2012-100 Improper security filtering for cross-origin wrappers MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset MFSA 2012-102 Script entered into Developer Toolbar runs with chrome privileges MFSA 2012-103 Frames can shadow top.location MFSA 2012-104 CSS and HTML injection through Style Inspector MFSA 2012-105 Use-after-free and buffer overflow issues found MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer
    last seen2020-06-01
    modified2020-06-02
    plugin id62979
    published2012-11-21
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62979
    titleFreeBSD : mozilla -- multiple vulnerabilities (d23119df-335d-11e2-b64c-c8600054b392)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2019 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(62979);
      script_version("1.12");
      script_cvs_date("Date: 2019/07/10 16:04:13");
    
      script_cve_id("CVE-2012-4201", "CVE-2012-4202", "CVE-2012-4203", "CVE-2012-4204", "CVE-2012-4205", "CVE-2012-4206", "CVE-2012-4207", "CVE-2012-4208", "CVE-2012-4209", "CVE-2012-4210", "CVE-2012-4212", "CVE-2012-4213", "CVE-2012-4214", "CVE-2012-4215", "CVE-2012-4216", "CVE-2012-4217", "CVE-2012-4218", "CVE-2012-5829", "CVE-2012-5830", "CVE-2012-5833", "CVE-2012-5835", "CVE-2012-5836", "CVE-2012-5837", "CVE-2012-5838", "CVE-2012-5839", "CVE-2012-5840", "CVE-2012-5841", "CVE-2012-5842", "CVE-2012-5843");
    
      script_name(english:"FreeBSD : mozilla -- multiple vulnerabilities (d23119df-335d-11e2-b64c-c8600054b392)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Mozilla Project reports :
    
    MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)
    
    MFSA 2012-92 Buffer overflow while rendering GIF images
    
    MFSA 2012-93 evalInSanbox location context incorrectly applied
    
    MFSA 2012-94 Crash when combining SVG text on path with CSS
    
    MFSA 2012-95 Javascript: URLs run in privileged context on New Tab
    page
    
    MFSA 2012-96 Memory corruption in str_unescape
    
    MFSA 2012-97 XMLHttpRequest inherits incorrect principal within
    sandbox
    
    MFSA 2012-98 Firefox installer DLL hijacking
    
    MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in
    chrome compartment
    
    MFSA 2012-100 Improper security filtering for cross-origin wrappers
    
    MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset
    
    MFSA 2012-102 Script entered into Developer Toolbar runs with chrome
    privileges
    
    MFSA 2012-103 Frames can shadow top.location
    
    MFSA 2012-104 CSS and HTML injection through Style Inspector
    
    MFSA 2012-105 Use-after-free and buffer overflow issues found
    
    MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption
    issues found using Address Sanitizer"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-90.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-90/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-91.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-91/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-92.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-92/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-93.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-93/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-94.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-94/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-95.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-95/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-96.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-96/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-97.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-97/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-98.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-98/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-99.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-99/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-100.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-100/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-101.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-101/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-102.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-102/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-103.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-103/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-104.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-104/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-105.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-105/"
      );
      # http://www.mozilla.org/security/announce/2012/mfsa2012-106.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-106/"
      );
      # http://www.mozilla.org/security/known-vulnerabilities/
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/known-vulnerabilities/"
      );
      # https://vuxml.freebsd.org/freebsd/d23119df-335d-11e2-b64c-c8600054b392.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?038ea7ad"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:libxul");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:thunderbird");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/11/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"firefox>11.0,1<17.0,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"firefox<10.0.11,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-firefox<10.0.11,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-seamonkey<2.14")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-thunderbird<10.0.11")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"seamonkey<2.14")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"thunderbird>11.0<17.0")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"thunderbird<10.0.11")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"libxul>1.9.2.*<10.0.11")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_FIREFOX-20121121-121123.NASL
    descriptionMozilla Firefox has been updated to the 10.0.11 ESR security release, which fixes various bugs and security issues. - Security researcher miaubiz used the Address Sanitizer tool to discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that have been fixed before general release. (MFSA 2012-106) In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References The following issues have been fixed in Firefox 17 and ESR 10.0.11 : - use-after-free when loading html file on osx. (CVE-2012-5830) - Mesa crashes on certain texImage2D calls involving level>0. (CVE-2012-5833) - integer overflow, invalid write w/webgl bufferdata (CVE-2012-5835) The following issues have been fixed in Firefox 17 : - crash in copyTexImage2D with image dimensions too large for given level. (CVE-2012-5838) - Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that have been fixed before general release. (MFSA 2012-105) In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References The following issues have been fixed in Firefox 17 and ESR 10.0.11 : - Heap-use-after-free in nsTextEditorState::PrepareEditor. (CVE-2012-4214) - Heap-use-after-free in nsPlaintextEditor::FireClipboardEvent. (CVE-2012-4215) - Heap-use-after-free in gfxFont::GetFontEntry. (CVE-2012-4216) - Heap-buffer-overflow in nsWindow::OnExposeEvent. (CVE-2012-5829) - heap-buffer-overflow in gfxShapedWord::CompressedGlyph::IsClusterStart - CVE-2012-5839 - Heap-use-after-free in nsTextEditorState::PrepareEditor (CVE-2012-5840) The following issues have been fixed in Firefox 17 : - Heap-use-after-free in XPCWrappedNative::Mark. (CVE-2012-4212) - Heap-use-after-free in nsEditor::FindNextLeafNode. (CVE-2012-4213) - Heap-use-after-free in nsViewManager::ProcessPendingUpdates. (CVE-2012-4217) - Heap-use-after-free BuildTextRunsScanner::BreakSink::SetBreaks. (CVE-2012-4218) - Security researcher Mariusz Mlynski reported that when a maliciously crafted stylesheet is inspected in the Style Inspector, HTML and CSS can run in a chrome privileged context without being properly sanitized first. This can lead to arbitrary code execution. (MFSA 2012-104 / CVE-2012-4210) - Security researcher Mariusz Mlynski reported that the location property can be accessed by binary plugins through top.location with a frame whose name attribute
    last seen2020-06-05
    modified2013-01-25
    plugin id64135
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64135
    titleSuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7093)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(64135);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-4201", "CVE-2012-4202", "CVE-2012-4203", "CVE-2012-4204", "CVE-2012-4205", "CVE-2012-4206", "CVE-2012-4207", "CVE-2012-4208", "CVE-2012-4209", "CVE-2012-4210", "CVE-2012-4212", "CVE-2012-4213", "CVE-2012-4214", "CVE-2012-4215", "CVE-2012-4216", "CVE-2012-4217", "CVE-2012-4218", "CVE-2012-5829", "CVE-2012-5830", "CVE-2012-5833", "CVE-2012-5835", "CVE-2012-5836", "CVE-2012-5837", "CVE-2012-5838", "CVE-2012-5839", "CVE-2012-5840", "CVE-2012-5841", "CVE-2012-5842", "CVE-2012-5843");
    
      script_name(english:"SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7093)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Mozilla Firefox has been updated to the 10.0.11 ESR security release,
    which fixes various bugs and security issues.
    
      - Security researcher miaubiz used the Address Sanitizer
        tool to discover a series critically rated of
        use-after-free, buffer overflow, and memory corruption
        issues in shipped software. These issues are potentially
        exploitable, allowing for remote code execution. We
        would also like to thank miaubiz for reporting two
        additional use-after-free and memory corruption issues
        introduced during Firefox development that have been
        fixed before general release. (MFSA 2012-106)
    
        In general these flaws cannot be exploited through email
        in the Thunderbird and SeaMonkey products because
        scripting is disabled, but are potentially a risk in
        browser or browser-like contexts in those products.
        References
    
        The following issues have been fixed in Firefox 17 and
        ESR 10.0.11 :
    
      - use-after-free when loading html file on osx.
        (CVE-2012-5830)
    
      - Mesa crashes on certain texImage2D calls involving
        level>0. (CVE-2012-5833)
    
      - integer overflow, invalid write w/webgl bufferdata
        (CVE-2012-5835) The following issues have been fixed in
        Firefox 17 :
    
      - crash in copyTexImage2D with image dimensions too large
        for given level. (CVE-2012-5838)
    
      - Security researcher Abhishek Arya (Inferno) of the
        Google Chrome Security Team discovered a series
        critically rated of use-after-free and buffer overflow
        issues using the Address Sanitizer tool in shipped
        software. These issues are potentially exploitable,
        allowing for remote code execution. We would also like
        to thank Abhishek for reporting five additional
        use-after-free, out of bounds read, and buffer overflow
        flaws introduced during Firefox development that have
        been fixed before general release. (MFSA 2012-105)
    
        In general these flaws cannot be exploited through email
        in the Thunderbird and SeaMonkey products because
        scripting is disabled, but are potentially a risk in
        browser or browser-like contexts in those products.
        References
    
        The following issues have been fixed in Firefox 17 and
        ESR 10.0.11 :
    
      - Heap-use-after-free in nsTextEditorState::PrepareEditor.
        (CVE-2012-4214)
    
      - Heap-use-after-free in
        nsPlaintextEditor::FireClipboardEvent. (CVE-2012-4215)
    
      - Heap-use-after-free in gfxFont::GetFontEntry.
        (CVE-2012-4216)
    
      - Heap-buffer-overflow in nsWindow::OnExposeEvent.
        (CVE-2012-5829)
    
      - heap-buffer-overflow in
        gfxShapedWord::CompressedGlyph::IsClusterStart
    
      - CVE-2012-5839
    
      - Heap-use-after-free in nsTextEditorState::PrepareEditor
        (CVE-2012-5840) The following issues have been fixed in
        Firefox 17 :
    
      - Heap-use-after-free in XPCWrappedNative::Mark.
        (CVE-2012-4212)
    
      - Heap-use-after-free in nsEditor::FindNextLeafNode.
        (CVE-2012-4213)
    
      - Heap-use-after-free in
        nsViewManager::ProcessPendingUpdates. (CVE-2012-4217)
    
      - Heap-use-after-free
        BuildTextRunsScanner::BreakSink::SetBreaks.
        (CVE-2012-4218)
    
      - Security researcher Mariusz Mlynski reported that when a
        maliciously crafted stylesheet is inspected in the Style
        Inspector, HTML and CSS can run in a chrome privileged
        context without being properly sanitized first. This can
        lead to arbitrary code execution. (MFSA 2012-104 /
        CVE-2012-4210)
    
      - Security researcher Mariusz Mlynski reported that the
        location property can be accessed by binary plugins
        through top.location with a frame whose name attribute's
        value is set to 'top'. This can allow for possible
        cross-site scripting (XSS) attacks through plugins.
        (MFSA 2012-103 / CVE-2012-4209)
    
        In general these flaws cannot be exploited through email
        in the Thunderbird and SeaMonkey products because
        scripting is disabled, but are potentially a risk in
        browser or browser-like contexts in those products.
    
      - Security researcher Masato Kinugawa reported that when
        script is entered into the Developer Toolbar, it runs in
        a chrome privileged context. This allows for arbitrary
        code execution or cross-site scripting (XSS) if a user
        can be convinced to paste malicious code into the
        Developer Toolbar. (MFSA 2012-102 / CVE-2012-5837)
    
      - Security researcher Masato Kinugawa found when
        HZ-GB-2312 charset encoding is used for text, the '~'
        character will destroy another character near the chunk
        delimiter. This can lead to a cross-site scripting (XSS)
        attack in pages encoded in HZ-GB-2312. (MFSA 2012-101 /
        CVE-2012-4207)
    
      - Mozilla developer Bobby Holley reported that security
        wrappers filter at the time of property access, but once
        a function is returned, the caller can use this function
        without further security checks. This affects
        cross-origin wrappers, allowing for write actions on
        objects when only read actions should be properly
        allowed. This can lead to cross-site scripting (XSS)
        attacks. (MFSA 2012-100 / CVE-2012-5841)
    
        In general these flaws cannot be exploited through email
        in the Thunderbird and SeaMonkey products because
        scripting is disabled, but are potentially a risk in
        browser or browser-like contexts in those products.
    
      - Mozilla developer Peter Van der Beken discovered that
        same-origin XrayWrappers expose chrome-only properties
        even when not in a chrome compartment. This can allow
        web content to get properties of DOM objects that are
        intended to be chrome-only. (MFSA 2012-99 /
        CVE-2012-4208)
    
        In general these flaws cannot be exploited through email
        in the Thunderbird and SeaMonkey products because
        scripting is disabled, but are potentially a risk in
        browser or browser-like contexts in those products.
    
      - Security researcher Robert Kugler reported that when a
        specifically named DLL file on a Windows computer is
        placed in the default downloads directory with the
        Firefox installer, the Firefox installer will load this
        DLL when it is launched. In circumstances where the
        installer is run by an administrator privileged account,
        this allows for the downloaded DLL file to be run with
        administrator privileges. This can lead to arbitrary
        code execution from a privileged account. (MFSA 2012-98
        / CVE-2012-4206)
    
      - Mozilla developer Gabor Krizsanits discovered that
        XMLHttpRequest objects created within sandboxes have the
        system principal instead of the sandbox principal. This
        can lead to cross-site request forgery (CSRF) or
        information theft via an add-on running untrusted code
        in a sandbox. (MFSA 2012-97 / CVE-2012-4205)
    
      - Security researcher Scott Bell of
        Security-Assessment.com used the Address Sanitizer tool
        to discover a memory corruption in str_unescape in the
        JavaScript engine. This could potentially lead to
        arbitrary code execution. (MFSA 2012-96 / CVE-2012-4204)
    
        In general these flaws cannot be exploited through email
        in the Thunderbird and SeaMonkey products because
        scripting is disabled, but are potentially a risk in
        browser or browser-like contexts in those products.
    
      - Security researcher [email protected] reported that if
        a javascript: URL is selected from the list of Firefox
        'new tab' page, the script will inherit the privileges
        of the privileged 'new tab' page. This allows for the
        execution of locally installed programs if a user can be
        convinced to save a bookmark of a malicious javascript:
        URL. (MFSA 2012-95 / CVE-2012-4203)
    
      - Security researcher Jonathan Stephens discovered that
        combining SVG text on a path with the setting of CSS
        properties could lead to a potentially exploitable
        crash. (MFSA 2012-94 / CVE-2012-5836)
    
      - Mozilla security researcher moz_bug_r_a4 reported that
        if code executed by the evalInSandbox function sets
        location.href, it can get the wrong subject principal
        for the URL check, ignoring the sandbox's JavaScript
        context and gaining the context of evalInSandbox object.
        This can lead to malicious web content being able to
        perform a cross-site scripting (XSS) attack or stealing
        a copy of a local file if the user has installed an
        add-on vulnerable to this attack. (MFSA 2012-93 /
        CVE-2012-4201)
    
      - Security researcher Atte Kettunen from OUSPG used the
        Address Sanitizer tool to discover a buffer overflow
        while rendering GIF format images. This issue is
        potentially exploitable and could lead to arbitrary code
        execution. (MFSA 2012-92 / CVE-2012-4202)
    
      - Mozilla developers identified and fixed several memory
        safety bugs in the browser engine used in Firefox and
        other Mozilla-based products. Some of these bugs showed
        evidence of memory corruption under certain
        circumstances, and we presume that with enough effort at
        least some of these could be exploited to run arbitrary
        code. (MFSA 2012-91)
    
        In general these flaws cannot be exploited through email
        in the Thunderbird and SeaMonkey products because
        scripting is disabled, but are potentially a risk in
        browser or browser-like contexts in those products.
        References
    
        Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary,
        Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian
        Seward, and Bill McCloskey reported memory safety
        problems and crashes that affect Firefox 16.
        (CVE-2012-5843)
    
        Jesse Ruderman, Andrew McCreight, Bob Clary, and Kyle
        Huey reported memory safety problems and crashes that
        affect Firefox ESR 10 and Firefox 16. (CVE-2012-5842)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-100.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-101.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-102.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-103.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-104.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-105.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-106.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-91.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-92.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-93.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-94.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-95.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-96.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-97.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-98.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2012/mfsa2012-99.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=790140"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4201.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4202.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4203.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4204.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4205.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4206.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4207.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4208.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4209.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4210.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4212.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4213.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4214.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4215.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4216.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4217.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4218.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5829.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5830.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5833.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5835.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5836.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5837.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5838.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5839.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5840.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5841.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5842.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5843.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 7093.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:MozillaFirefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libfreebl3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nss-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/11/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"MozillaFirefox-10.0.11-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"MozillaFirefox-translations-10.0.11-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libfreebl3-3.14-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"mozilla-nss-3.14-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"mozilla-nss-tools-3.14-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"MozillaFirefox-10.0.11-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"MozillaFirefox-translations-10.0.11-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libfreebl3-3.14-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libfreebl3-32bit-3.14-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"mozilla-nss-3.14-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"mozilla-nss-32bit-3.14-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"mozilla-nss-tools-3.14-0.3.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"MozillaFirefox-10.0.11-0.3.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"MozillaFirefox-translations-10.0.11-0.3.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"libfreebl3-3.14-0.3.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"mozilla-nss-3.14-0.3.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"mozilla-nss-tools-3.14-0.3.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libfreebl3-32bit-3.14-0.3.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"mozilla-nss-32bit-3.14-0.3.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libfreebl3-32bit-3.14-0.3.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"mozilla-nss-32bit-3.14-0.3.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_170.NASL
    descriptionThe installed version of Firefox is earlier than 17.0 and thus, is potentially affected by the following security issues : - Several memory safety bugs exist in the browser engine used in Mozilla-based products that could be exploited to execute arbitrary code. (CVE-2012-5842, CVE-2012-5843) - An error exists in the method
    last seen2020-06-01
    modified2020-06-02
    plugin id62998
    published2012-11-21
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62998
    titleFirefox < 17.0 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(62998);
      script_version("1.18");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id(
        "CVE-2012-4201",
        "CVE-2012-4202",
        "CVE-2012-4203",
        "CVE-2012-4204",
        "CVE-2012-4205",
        "CVE-2012-4206",
        "CVE-2012-4207",
        "CVE-2012-4208",
        "CVE-2012-4209",
        "CVE-2012-4210",
        "CVE-2012-4212",
        "CVE-2012-4213",
        "CVE-2012-4214",
        "CVE-2012-4215",
        "CVE-2012-4216",
        "CVE-2012-4217",
        "CVE-2012-4218",
        "CVE-2012-5829",
        "CVE-2012-5830",
        "CVE-2012-5833",
        "CVE-2012-5835",
        "CVE-2012-5836",
        "CVE-2012-5837",
        "CVE-2012-5838",
        "CVE-2012-5839",
        "CVE-2012-5840",
        "CVE-2012-5841",
        "CVE-2012-5842",
        "CVE-2012-5843"
      );
      script_bugtraq_id(
        56611,
        56612,
        56613,
        56614,
        56616,
        56618,
        56621,
        56623,
        56625,
        56627,
        56628,
        56629,
        56630,
        56631,
        56632,
        56633,
        56634,
        56635,
        56636,
        56637,
        56638,
        56639,
        56640,
        56641,
        56642,
        56643,
        56644,
        56645,
        56646
      );
    
      script_name(english:"Firefox < 17.0 Multiple Vulnerabilities");
      script_summary(english:"Checks version of Firefox");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a web browser that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Firefox is earlier than 17.0 and thus, is 
    potentially affected by the following security issues :
    
      - Several memory safety bugs exist in the browser engine 
        used in Mozilla-based products that could be exploited 
        to execute arbitrary code. (CVE-2012-5842,
        CVE-2012-5843)
    
      - An error exists in the method
        'image::RasterImage::DrawFrameTo' related to GIF images
        that could allow a heap-based buffer overflow, leading to
        arbitrary code execution. (CVE-2012-4202)
    
      - An error exists related to SVG text and CSS properties
        that could lead to application crashes. (CVE-2012-5836)
    
      - A bookmarked, malicious 'javascript:' URL could allow
        execution of local executables. (CVE-2012-4203)
    
      - The JavaScript function 'str_unescape' could allow
        arbitrary code execution. (CVE-2012-4204)
    
      - 'XMLHttpRequest' objects inherit incorrect principals
        when created in sandboxes that could allow cross-site
        request forgery attacks (CSRF). (CVE-2012-4205)
    
      - An error exists related to the application installer
        and DLL loading. (CVE-2012-4206)
    
      - 'XrayWrappers' can expose DOM properties that are
        not meant to be accessible outside of the chrome
        compartment. (CVE-2012-4208)
    
      - Errors exist related to 'evalInSandbox', 'HZ-GB-2312'
        charset, frames and the 'location' object, the 'Style
        Inspector', 'Developer Toolbar' and 'cross-origin
        wrappers' that could allow cross-site scripting (XSS)
        attacks. (CVE-2012-4201, CVE-2012-4207, CVE-2012-4209,
        CVE-2012-4210, CVE-2012-5837, CVE-2012-5841)
    
      - Various use-after-free, out-of-bounds read and buffer
        overflow errors exist that could potentially lead to
        arbitrary code execution. (CVE-2012-4212, CVE-2012-4213,
        CVE-2012-4214, CVE-2012-4215, CVE-2012-4216,
        CVE-2012-4217, CVE-2012-4218, CVE-2012-5829,
        CVE-2012-5830, CVE-2012-5833, CVE-2012-5835,
        CVE-2012-5838, CVE-2012-5839, CVE-2012-5840)");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-91/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-92/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-93/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-94/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-95/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-96/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-97/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-98/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-99/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-100/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-101/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-102/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-103/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-104/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-105/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-106/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Firefox 17.0 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-5843");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/11/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/21");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Firefox/Version");
    
      exit(0);
    }
    
    
    include("mozilla_version.inc");
    port = get_kb_item_or_exit("SMB/transport"); 
    
    installs = get_kb_list("SMB/Mozilla/Firefox/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");
    
    mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'17.0', severity:SECURITY_HOLE, xss:TRUE, xsrf:TRUE);
    
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_10011.NASL
    descriptionThe installed version of Firefox 10.x is potentially affected by the following security issues : - Several memory safety bugs exist in the browser engine used in Mozilla-based products that could be exploited to execute arbitrary code. (CVE-2012-5843) - An error exists in the method
    last seen2020-06-01
    modified2020-06-02
    plugin id62997
    published2012-11-21
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62997
    titleFirefox 10.x < 10.0.11 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(62997);
      script_version("1.18");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id(
        "CVE-2012-4201",
        "CVE-2012-4202",
        "CVE-2012-4206",
        "CVE-2012-4207",
        "CVE-2012-4209",
        "CVE-2012-4210",
        "CVE-2012-4214",
        "CVE-2012-4215",
        "CVE-2012-4216",
        "CVE-2012-5829",
        "CVE-2012-5830",
        "CVE-2012-5833",
        "CVE-2012-5835",
        "CVE-2012-5839",
        "CVE-2012-5840",
        "CVE-2012-5841",
        "CVE-2012-5843"
      );
      script_bugtraq_id(
        56612,
        56614,
        56618,
        56625,
        56628,
        56629,
        56631,
        56632,
        56633,
        56634,
        56635,
        56636,
        56637,
        56641,
        56642,
        56643,
        56646
      );
    
      script_name(english:"Firefox 10.x < 10.0.11 Multiple Vulnerabilities");
      script_summary(english:"Checks version of Firefox");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a web browser that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Firefox 10.x is potentially affected by the
    following security issues :
      
      - Several memory safety bugs exist in the browser engine 
        used in Mozilla-based products that could be exploited 
        to execute arbitrary code. (CVE-2012-5843)
    
      - An error exists in the method
        'image::RasterImage::DrawFrameTo' related to GIF images
        that could allow a heap-based buffer overflow, leading to
        arbitrary code execution. (CVE-2012-4202)
    
      - An error exists related to the application installer
        and DLL loading. (CVE-2012-4206)
    
      - Errors exist related to 'evalInSandbox', 'HZ-GB-2312'
        charset, frames and the 'location' object, the 'Style
        Inspector', and 'cross-origin wrappers' that could allow
        cross-site scripting (XSS) attacks. (CVE-2012-4201,
        CVE-2012-4207, CVE-2012-4209, CVE-2012-4210,
        CVE-2012-5841)
    
      - Various use-after-free, out-of-bounds read and buffer
        overflow errors exist that could potentially lead to
        arbitrary code execution. (CVE-2012-4214, CVE-2012-4215,
        CVE-2012-4216, CVE-2012-5829, CVE-2012-5830,
        CVE-2012-5833, CVE-2012-5835, CVE-2012-5839,
        CVE-2012-5840)
    
    Please note the 10.x ESR branch will be unsupported as of 02/13/2013.
    Only the 17.x ESR branch will receive security updates after that
    date.");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-91/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-92/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-93/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-98/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-100/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-101/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-103/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-104/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-105/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-106/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Firefox 10.0.11 ESR or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-5843");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/11/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/21");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Firefox/Version");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    port = get_kb_item_or_exit("SMB/transport"); 
    
    installs = get_kb_list("SMB/Mozilla/Firefox/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");
    
    mozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'10.0.11', min:'10.0', severity:SECURITY_HOLE, xss:TRUE);
    
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201301-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id63402
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63402
    titleGLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201301-01.
    #
    # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63402);
      script_version("1.27");
      script_cvs_date("Date: 2020/02/12");
    
      script_cve_id("CVE-2007-1861", "CVE-2007-2437", "CVE-2007-2671", "CVE-2007-3073", "CVE-2008-0016", "CVE-2008-0017", "CVE-2008-0367", "CVE-2008-3835", "CVE-2008-3836", "CVE-2008-3837", "CVE-2008-4058", "CVE-2008-4059", "CVE-2008-4060", "CVE-2008-4061", "CVE-2008-4062", "CVE-2008-4063", "CVE-2008-4064", "CVE-2008-4065", "CVE-2008-4066", "CVE-2008-4067", "CVE-2008-4068", "CVE-2008-4069", "CVE-2008-4070", "CVE-2008-4582", "CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5014", "CVE-2008-5015", "CVE-2008-5016", "CVE-2008-5017", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5021", "CVE-2008-5022", "CVE-2008-5023", "CVE-2008-5024", "CVE-2008-5052", "CVE-2008-5500", "CVE-2008-5501", "CVE-2008-5502", "CVE-2008-5503", "CVE-2008-5504", "CVE-2008-5505", "CVE-2008-5506", "CVE-2008-5507", "CVE-2008-5508", "CVE-2008-5510", "CVE-2008-5511", "CVE-2008-5512", "CVE-2008-5513", "CVE-2008-5822", "CVE-2008-5913", "CVE-2008-6961", "CVE-2009-0071", "CVE-2009-0352", "CVE-2009-0353", "CVE-2009-0354", "CVE-2009-0355", "CVE-2009-0356", "CVE-2009-0357", "CVE-2009-0358", "CVE-2009-0652", "CVE-2009-0689", "CVE-2009-0771", "CVE-2009-0772", "CVE-2009-0773", "CVE-2009-0774", "CVE-2009-0775", "CVE-2009-0776", "CVE-2009-0777", "CVE-2009-1044", "CVE-2009-1169", "CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305", "CVE-2009-1306", "CVE-2009-1307", "CVE-2009-1308", "CVE-2009-1309", "CVE-2009-1310", "CVE-2009-1311", "CVE-2009-1312", "CVE-2009-1313", "CVE-2009-1392", "CVE-2009-1571", "CVE-2009-1828", "CVE-2009-1832", "CVE-2009-1833", "CVE-2009-1834", "CVE-2009-1835", "CVE-2009-1836", "CVE-2009-1837", "CVE-2009-1838", "CVE-2009-1839", "CVE-2009-1840", "CVE-2009-1841", "CVE-2009-2043", "CVE-2009-2044", "CVE-2009-2061", "CVE-2009-2065", "CVE-2009-2210", "CVE-2009-2404", "CVE-2009-2408", "CVE-2009-2462", "CVE-2009-2463", "CVE-2009-2464", "CVE-2009-2465", "CVE-2009-2466", "CVE-2009-2467", "CVE-2009-2469", "CVE-2009-2470", "CVE-2009-2471", "CVE-2009-2472", "CVE-2009-2477", "CVE-2009-2478", "CVE-2009-2479", "CVE-2009-2535", "CVE-2009-2654", "CVE-2009-2662", "CVE-2009-2664", "CVE-2009-2665", "CVE-2009-3069", "CVE-2009-3070", "CVE-2009-3071", "CVE-2009-3072", "CVE-2009-3074", "CVE-2009-3075", "CVE-2009-3076", "CVE-2009-3077", "CVE-2009-3078", "CVE-2009-3079", "CVE-2009-3274", "CVE-2009-3371", "CVE-2009-3372", "CVE-2009-3373", "CVE-2009-3374", "CVE-2009-3375", "CVE-2009-3376", "CVE-2009-3377", "CVE-2009-3378", "CVE-2009-3379", "CVE-2009-3380", "CVE-2009-3381", "CVE-2009-3382", "CVE-2009-3383", "CVE-2009-3388", "CVE-2009-3389", "CVE-2009-3555", "CVE-2009-3978", "CVE-2009-3979", "CVE-2009-3980", "CVE-2009-3981", "CVE-2009-3982", "CVE-2009-3983", "CVE-2009-3984", "CVE-2009-3985", "CVE-2009-3986", "CVE-2009-3987", "CVE-2009-3988", "CVE-2010-0159", "CVE-2010-0160", "CVE-2010-0162", "CVE-2010-0163", "CVE-2010-0164", "CVE-2010-0165", "CVE-2010-0166", "CVE-2010-0167", "CVE-2010-0168", "CVE-2010-0169", "CVE-2010-0170", "CVE-2010-0171", "CVE-2010-0172", "CVE-2010-0173", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0176", "CVE-2010-0177", "CVE-2010-0178", "CVE-2010-0179", "CVE-2010-0181", "CVE-2010-0182", "CVE-2010-0183", "CVE-2010-0220", "CVE-2010-0648", "CVE-2010-0654", "CVE-2010-1028", "CVE-2010-1121", "CVE-2010-1125", "CVE-2010-1196", "CVE-2010-1197", "CVE-2010-1198", "CVE-2010-1199", "CVE-2010-1200", "CVE-2010-1201", "CVE-2010-1202", "CVE-2010-1203", "CVE-2010-1205", "CVE-2010-1206", "CVE-2010-1207", "CVE-2010-1208", "CVE-2010-1209", "CVE-2010-1210", "CVE-2010-1211", "CVE-2010-1212", "CVE-2010-1213", "CVE-2010-1214", "CVE-2010-1215", "CVE-2010-1585", "CVE-2010-2751", "CVE-2010-2752", "CVE-2010-2753", "CVE-2010-2754", "CVE-2010-2755", "CVE-2010-2760", "CVE-2010-2762", "CVE-2010-2763", "CVE-2010-2764", "CVE-2010-2765", "CVE-2010-2766", "CVE-2010-2767", "CVE-2010-2768", "CVE-2010-2769", "CVE-2010-2770", "CVE-2010-3131", "CVE-2010-3166", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-3169", "CVE-2010-3170", "CVE-2010-3171", "CVE-2010-3173", "CVE-2010-3174", "CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3399", "CVE-2010-3400", "CVE-2010-3765", "CVE-2010-3766", "CVE-2010-3767", "CVE-2010-3768", "CVE-2010-3769", "CVE-2010-3770", "CVE-2010-3771", "CVE-2010-3772", "CVE-2010-3773", "CVE-2010-3774", "CVE-2010-3775", "CVE-2010-3776", "CVE-2010-3777", "CVE-2010-3778", "CVE-2010-4508", "CVE-2010-5074", "CVE-2011-0051", "CVE-2011-0053", "CVE-2011-0054", "CVE-2011-0055", "CVE-2011-0056", "CVE-2011-0057", "CVE-2011-0058", "CVE-2011-0059", "CVE-2011-0061", "CVE-2011-0062", "CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0068", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0076", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0079", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-0082", "CVE-2011-0083", "CVE-2011-0084", "CVE-2011-0085", "CVE-2011-1187", "CVE-2011-1202", "CVE-2011-1712", "CVE-2011-2362", "CVE-2011-2363", "CVE-2011-2364", "CVE-2011-2365", "CVE-2011-2369", "CVE-2011-2370", "CVE-2011-2371", "CVE-2011-2372", "CVE-2011-2373", "CVE-2011-2374", "CVE-2011-2375", "CVE-2011-2376", "CVE-2011-2377", "CVE-2011-2378", "CVE-2011-2605", "CVE-2011-2980", "CVE-2011-2981", "CVE-2011-2982", "CVE-2011-2983", "CVE-2011-2984", "CVE-2011-2985", "CVE-2011-2986", "CVE-2011-2987", "CVE-2011-2988", "CVE-2011-2989", "CVE-2011-2990", "CVE-2011-2991", "CVE-2011-2993", "CVE-2011-2995", "CVE-2011-2996", "CVE-2011-2997", "CVE-2011-2998", "CVE-2011-2999", "CVE-2011-3000", "CVE-2011-3001", "CVE-2011-3002", "CVE-2011-3003", "CVE-2011-3004", "CVE-2011-3005", "CVE-2011-3026", "CVE-2011-3062", "CVE-2011-3101", "CVE-2011-3232", "CVE-2011-3389", "CVE-2011-3640", "CVE-2011-3647", "CVE-2011-3648", "CVE-2011-3649", "CVE-2011-3650", "CVE-2011-3651", "CVE-2011-3652", "CVE-2011-3653", "CVE-2011-3654", "CVE-2011-3655", "CVE-2011-3658", "CVE-2011-3659", "CVE-2011-3660", "CVE-2011-3661", "CVE-2011-3663", "CVE-2011-3665", "CVE-2011-3670", "CVE-2011-3866", "CVE-2011-4688", "CVE-2012-0441", "CVE-2012-0442", "CVE-2012-0443", "CVE-2012-0444", "CVE-2012-0445", "CVE-2012-0446", "CVE-2012-0447", "CVE-2012-0449", "CVE-2012-0450", "CVE-2012-0451", "CVE-2012-0452", "CVE-2012-0455", "CVE-2012-0456", "CVE-2012-0457", "CVE-2012-0458", "CVE-2012-0459", "CVE-2012-0460", "CVE-2012-0461", "CVE-2012-0462", "CVE-2012-0463", "CVE-2012-0464", "CVE-2012-0467", "CVE-2012-0468", "CVE-2012-0469", "CVE-2012-0470", "CVE-2012-0471", "CVE-2012-0473", "CVE-2012-0474", "CVE-2012-0475", "CVE-2012-0477", "CVE-2012-0478", "CVE-2012-0479", "CVE-2012-1937", "CVE-2012-1938", "CVE-2012-1939", "CVE-2012-1940", "CVE-2012-1941", "CVE-2012-1945", "CVE-2012-1946", "CVE-2012-1947", "CVE-2012-1948", "CVE-2012-1949", "CVE-2012-1950", "CVE-2012-1951", "CVE-2012-1952", "CVE-2012-1953", "CVE-2012-1954", "CVE-2012-1955", "CVE-2012-1956", "CVE-2012-1957", "CVE-2012-1958", "CVE-2012-1959", "CVE-2012-1960", "CVE-2012-1961", "CVE-2012-1962", "CVE-2012-1963", "CVE-2012-1964", "CVE-2012-1965", "CVE-2012-1966", "CVE-2012-1967", "CVE-2012-1970", "CVE-2012-1971", "CVE-2012-1972", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-1975", "CVE-2012-1976", "CVE-2012-1994", "CVE-2012-3956", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-3959", "CVE-2012-3960", "CVE-2012-3961", "CVE-2012-3962", "CVE-2012-3963", "CVE-2012-3964", "CVE-2012-3965", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3968", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3971", "CVE-2012-3972", "CVE-2012-3973", "CVE-2012-3975", "CVE-2012-3976", "CVE-2012-3978", "CVE-2012-3980", "CVE-2012-3982", "CVE-2012-3984", "CVE-2012-3985", "CVE-2012-3986", "CVE-2012-3988", "CVE-2012-3989", "CVE-2012-3990", "CVE-2012-3991", "CVE-2012-3992", "CVE-2012-3993", "CVE-2012-3994", "CVE-2012-3995", "CVE-2012-4179", "CVE-2012-4180", "CVE-2012-4181", "CVE-2012-4182", "CVE-2012-4183", "CVE-2012-4184", "CVE-2012-4185", "CVE-2012-4186", "CVE-2012-4187", "CVE-2012-4188", "CVE-2012-4190", "CVE-2012-4191", "CVE-2012-4192", "CVE-2012-4193", "CVE-2012-4194", "CVE-2012-4195", "CVE-2012-4196", "CVE-2012-4201", "CVE-2012-4202", "CVE-2012-4204", "CVE-2012-4205", "CVE-2012-4206", "CVE-2012-4207", "CVE-2012-4208", "CVE-2012-4209", "CVE-2012-4210", "CVE-2012-4212", "CVE-2012-4215", "CVE-2012-4216", "CVE-2012-4930", "CVE-2012-5354", "CVE-2012-5829", "CVE-2012-5830", "CVE-2012-5833", "CVE-2012-5835", "CVE-2012-5836", "CVE-2012-5838", "CVE-2012-5839", "CVE-2012-5840", "CVE-2012-5841", "CVE-2012-5842", "CVE-2012-5843");
      script_bugtraq_id(51752, 51753, 51754, 51756, 51757, 51765, 51787, 51975, 52456, 52457, 52458, 52459, 52460, 52461, 52463, 52464, 52465, 52466, 52467, 53219, 53220, 53221, 53223, 53224, 53225, 53227, 53228, 53229, 53230, 53231, 53315, 53791, 53792, 53793, 53794, 53796, 53797, 53798, 53799, 53800, 54572, 54573, 54574, 54575, 54576, 54577, 54578, 54579, 54580, 54581, 54582, 54583, 54584, 54585, 54586, 55257, 55260, 55264, 55266, 55274, 55276, 55277, 55278, 55292, 55304, 55306, 55308, 55310, 55311, 55313, 55314, 55316, 55317, 55318, 55319, 55320, 55321, 55322, 55323, 55324, 55325, 55340, 55342, 55857, 55922, 55924, 55926, 55927, 55930, 55931, 55932, 56118, 56119, 56120, 56121, 56123, 56125, 56126, 56127, 56128, 56129, 56130, 56131, 56135, 56136, 56140, 56151, 56153, 56154, 56155, 56301, 56302, 56306, 56611, 56612, 56613, 56614, 56616, 56618, 56621, 56625, 56627, 56629, 56630, 56631, 56632, 56633, 56634, 56635, 56636, 56637, 56641, 56642, 56643, 56644, 56646);
      script_xref(name:"GLSA", value:"201301-01");
    
      script_name(english:"GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201301-01
    (Mozilla Products: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Mozilla Firefox,
          Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the
          CVE identifiers referenced below for details.
      
    Impact :
    
        A remote attacker could entice a user to view a specially crafted web
          page or email, possibly resulting in execution of arbitrary code or a
          Denial of Service condition. Furthermore, a remote attacker may be able
          to perform Man-in-the-Middle attacks, obtain sensitive information,
          bypass restrictions and protection mechanisms, force file downloads,
          conduct XML injection attacks, conduct XSS attacks, bypass the Same
          Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical
          scroll, spoof the location bar, spoof an SSL indicator, modify the
          browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified
          impact.
        A local attacker could gain escalated privileges, obtain sensitive
          information, or replace an arbitrary downloaded file.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      # https://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-certificates/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a9b416a4"
      );
      # https://www.mozilla.org/security/announce/2011/mfsa2011-11.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-11/"
      );
      # https://www.mozilla.org/security/announce/2011/mfsa2011-34.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-34/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201301-01"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Mozilla Firefox users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-client/firefox-10.0.11'
        All users of the Mozilla Firefox binary package should upgrade to the
          latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-10.0.11'
        All Mozilla Thunderbird users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-10.0.11'
        All users of the Mozilla Thunderbird binary package should upgrade to
          the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=mail-client/thunderbird-bin-10.0.11'
        All Mozilla SeaMonkey users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-client/seamonkey-2.14-r1'
        All users of the Mozilla SeaMonkey binary package should upgrade to the
          latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-2.14'
        All NSS users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-libs/nss-3.14'
        The &ldquo;www-client/mozilla-firefox&rdquo; package has been merged into the
          &ldquo;www-client/firefox&rdquo; package. To upgrade, please unmerge
          &ldquo;www-client/mozilla-firefox&rdquo; and then emerge the latest
          &ldquo;www-client/firefox&rdquo; package:
          # emerge --sync
          # emerge --unmerge 'www-client/mozilla-firefox'
          # emerge --ask --oneshot --verbose '>=www-client/firefox-10.0.11'
        The &ldquo;www-client/mozilla-firefox-bin&rdquo; package has been merged into
          the &ldquo;www-client/firefox-bin&rdquo; package. To upgrade, please unmerge
          &ldquo;www-client/mozilla-firefox-bin&rdquo; and then emerge the latest
          &ldquo;www-client/firefox-bin&rdquo; package:
          # emerge --sync
          # emerge --unmerge 'www-client/mozilla-firefox-bin'
          # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-10.0.11'
        The &ldquo;mail-client/mozilla-thunderbird&rdquo; package has been merged into
          the &ldquo;mail-client/thunderbird&rdquo; package. To upgrade, please unmerge
          &ldquo;mail-client/mozilla-thunderbird&rdquo; and then emerge the latest
          &ldquo;mail-client/thunderbird&rdquo; package:
          # emerge --sync
          # emerge --unmerge 'mail-client/mozilla-thunderbird'
          # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-10.0.11'
        The &ldquo;mail-client/mozilla-thunderbird-bin&rdquo; package has been merged
          into the &ldquo;mail-client/thunderbird-bin&rdquo; package. To upgrade, please
          unmerge &ldquo;mail-client/mozilla-thunderbird-bin&rdquo; and then emerge the
          latest &ldquo;mail-client/thunderbird-bin&rdquo; package:
          # emerge --sync
          # emerge --unmerge 'mail-client/mozilla-thunderbird-bin'
          # emerge --ask --oneshot --verbose
          '>=mail-client/thunderbird-bin-10.0.11'
        Gentoo discontinued support for GNU IceCat. We recommend that users
          unmerge GNU IceCat:
          # emerge --unmerge 'www-client/icecat'
        Gentoo discontinued support for XULRunner. We recommend that users
          unmerge XULRunner:
          # emerge --unmerge 'net-libs/xulrunner'
        Gentoo discontinued support for the XULRunner binary package. We
          recommend that users unmerge XULRunner:
          # emerge --unmerge 'net-libs/xulrunner-bin'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploithub_sku", value:"EH-11-772");
      script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus');
      script_cwe_id(16, 20, 22, 59, 79, 94, 119, 189, 200, 264, 287, 310, 362, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firefox-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:icecat");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-firefox-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:thunderbird-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xulrunner");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xulrunner-bin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/05/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/08");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"net-libs/xulrunner-bin", unaffected:make_list(), vulnerable:make_list("le 1.8.1.19"))) flag++;
    if (qpkg_check(package:"mail-client/thunderbird-bin", unaffected:make_list("ge 10.0.11"), vulnerable:make_list("lt 10.0.11"))) flag++;
    if (qpkg_check(package:"www-client/firefox", unaffected:make_list("ge 10.0.11"), vulnerable:make_list("lt 10.0.11"))) flag++;
    if (qpkg_check(package:"mail-client/thunderbird", unaffected:make_list("ge 10.0.11"), vulnerable:make_list("lt 10.0.11"))) flag++;
    if (qpkg_check(package:"mail-client/mozilla-thunderbird-bin", unaffected:make_list(), vulnerable:make_list("le 3.0"))) flag++;
    if (qpkg_check(package:"mail-client/mozilla-thunderbird", unaffected:make_list(), vulnerable:make_list("le 3.0.4-r1"))) flag++;
    if (qpkg_check(package:"dev-libs/nss", unaffected:make_list("ge 3.14"), vulnerable:make_list("lt 3.14"))) flag++;
    if (qpkg_check(package:"www-client/firefox-bin", unaffected:make_list("ge 10.0.11"), vulnerable:make_list("lt 10.0.11"))) flag++;
    if (qpkg_check(package:"net-libs/xulrunner", unaffected:make_list(), vulnerable:make_list("le 2.0-r1"))) flag++;
    if (qpkg_check(package:"www-client/mozilla-firefox-bin", unaffected:make_list(), vulnerable:make_list("le 3.5.6"))) flag++;
    if (qpkg_check(package:"www-client/seamonkey", unaffected:make_list("ge 2.14-r1"), vulnerable:make_list("lt 2.14-r1"))) flag++;
    if (qpkg_check(package:"www-client/icecat", unaffected:make_list(), vulnerable:make_list("le 10.0-r1"))) flag++;
    if (qpkg_check(package:"www-client/seamonkey-bin", unaffected:make_list("ge 2.14"), vulnerable:make_list("lt 2.14"))) flag++;
    if (qpkg_check(package:"www-client/mozilla-firefox", unaffected:make_list(), vulnerable:make_list("le 3.6.8"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla Products");
    }
    

Oval

accepted2014-10-06T04:02:25.446-04:00
classvulnerability
contributors
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
definition_extensions
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox ESR is installed
    ovaloval:org.mitre.oval:def:22414
descriptionUntrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory.
familywindows
idoval:org.mitre.oval:def:16991
statusaccepted
submitted2013-05-13T10:26:26.748+04:00
titleUntrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory.
version23

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/134694/jrsoft-dllhijack.txt
idPACKETSTORM:134694
last seen2016-12-05
published2015-12-08
reporterStefan Kanthak
sourcehttps://packetstormsecurity.com/files/134694/JRSoft-InnoSetup-DLL-Hijack.html
titleJRSoft InnoSetup DLL Hijack