Vulnerabilities > CVE-2012-4217 - Use After Free vulnerability in multiple products

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1638-2. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(63026);
  script_version("1.14");
  script_cvs_date("Date: 2019/09/19 12:54:28");

  script_cve_id("CVE-2012-4201", "CVE-2012-4202", "CVE-2012-4203", "CVE-2012-4204", "CVE-2012-4205", "CVE-2012-4207", "CVE-2012-4208", "CVE-2012-4209", "CVE-2012-4210", "CVE-2012-4212", "CVE-2012-4213", "CVE-2012-4214", "CVE-2012-4215", "CVE-2012-4216", "CVE-2012-4217", "CVE-2012-4218", "CVE-2012-5829", "CVE-2012-5830", "CVE-2012-5833", "CVE-2012-5835", "CVE-2012-5836", "CVE-2012-5838", "CVE-2012-5839", "CVE-2012-5840", "CVE-2012-5841", "CVE-2012-5842", "CVE-2012-5843");
  script_bugtraq_id(56611, 56612, 56613, 56614, 56616, 56618, 56621, 56623, 56625, 56628, 56629, 56633);
  script_xref(name:"USN", value:"1638-2");

  script_name(english:"Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : ubufox update (USN-1638-2)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"USN-1638-1 fixed vulnerabilities in Firefox. This update provides an
updated ubufox package for use with the latest Firefox.

Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed
Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and
Andrew McCreight discovered multiple memory safety issues affecting
Firefox. If the user were tricked into opening a specially crafted
page, an attacker could possibly exploit these to cause a denial of
service via application crash, or potentially execute code with the
privileges of the user invoking Firefox. (CVE-2012-5842,
CVE-2012-5843)

Atte Kettunen discovered a buffer overflow while rendering
GIF format images. An attacker could exploit this to
possibly execute arbitrary code as the user invoking
Firefox. (CVE-2012-4202)

It was discovered that the evalInSandbox function's
JavaScript sandbox context could be circumvented. An
attacker could exploit this to perform a cross-site
scripting (XSS) attack or steal a copy of a local file if
the user has installed an add-on vulnerable to this attack.
With cross-site scripting vulnerabilities, if a user were
tricked into viewing a specially crafted page, a remote
attacker could exploit this to modify the contents, or steal
confidential data, within the same domain. (CVE-2012-4201)

Jonathan Stephens discovered that combining vectors
involving the setting of Cascading Style Sheets (CSS)
properties in conjunction with SVG text could cause Firefox
to crash. If a user were tricked into opening a malicious
web page, an attacker could cause a denial of service via
application crash or execute arbitrary code with the
privliges of the user invoking the program. (CVE-2012-5836)

It was discovered that if a javascript: URL is selected from
the list of Firefox 'new tab' page, the script will inherit
the privileges of the privileged 'new tab' page. This allows
for the execution of locally installed programs if a user
can be convinced to save a bookmark of a malicious
javascript: URL. (CVE-2012-4203)

Scott Bell discovered a memory corruption issue in the
JavaScript engine. If a user were tricked into opening a
malicious website, an attacker could exploit this to execute
arbitrary JavaScript code within the context of another
website or arbitrary code as the user invoking the program.
(CVE-2012-4204)

Gabor Krizsanits discovered that XMLHttpRequest objects
created within sandboxes have the system principal instead
of the sandbox principal. This can lead to cross-site
request forgery (CSRF) or information theft via an add-on
running untrusted code in a sandbox. (CVE-2012-4205)

Peter Van der Beken discovered XrayWrapper implementation in
Firefox does not consider the compartment during property
filtering. An attacker could use this to bypass intended
chrome-only restrictions on reading DOM object properties
via a crafted website. (CVE-2012-4208)

Bobby Holley discovered that cross-origin wrappers were
allowing write actions on objects when only read actions
should have been properly allowed. This can lead to
cross-site scripting (XSS) attacks. With cross-site
scripting vulnerabilities, if a user were tricked into
viewing a specially crafted page, a remote attacker could
exploit this to modify the contents, or steal confidential
data, within the same domain. (CVE-2012-5841)

Masato Kinugawa discovered that when HZ-GB-2312 charset
encoding is used for text, the '~' character will destroy
another character near the chunk delimiter. This can lead to
a cross-site scripting (XSS) attack in pages encoded in
HZ-GB-2312. With cross-site scripting vulnerabilities, if a
user were tricked into viewing a specially crafted page, a
remote attacker could exploit these to modify the contents,
or steal confidential data, within the same domain.
(CVE-2012-4207)

Mariusz Mlynski discovered that the location property can be
accessed by binary plugins through top.location with a frame
whose name attribute's value is set to 'top'. This can allow
for possible cross-site scripting (XSS) attacks through
plugins. With cross-site scripting vulnerabilities, if a
user were tricked into viewing a specially crafted page, a
remote attacker could exploit this to modify the contents,
or steal confidential data, within the same domain.
(CVE-2012-4209)

Mariusz Mlynski discovered that when a maliciously crafted
stylesheet is inspected in the Style Inspector, HTML and CSS
can run in a chrome privileged context without being
properly sanitized first. If a user were tricked into
opening a malicious web page, an attacker could execute
arbitrary code with the privliges of the user invoking the
program. (CVE-2012-4210)

Abhishek Arya discovered multiple use-after-free and buffer
overflow issues in Firefox. If a user were tricked into
opening a malicious page, an attacker could exploit these to
execute arbitrary code as the user invoking the program.
(CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829,
CVE-2012-5839, CVE-2012-5840, CVE-2012-4212, CVE-2012-4213,
CVE-2012-4217, CVE-2012-4218)

Several memory corruption flaws were discovered in Firefox.
If a user were tricked into opening a malicious page, an
attacker could exploit these to execute arbitrary code as
the user invoking the program. (CVE-2012-5830,
CVE-2012-5833, CVE-2012-5835, CVE-2012-5838).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1638-2/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected xul-ext-ubufox package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xul-ext-ubufox");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/11/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/23");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(10\.04|11\.10|12\.04|12\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 11.10 / 12.04 / 12.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"10.04", pkgname:"xul-ext-ubufox", pkgver:"2.6-0ubuntu0.10.04.1")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"xul-ext-ubufox", pkgver:"2.6-0ubuntu0.11.10.1")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"xul-ext-ubufox", pkgver:"2.6-0ubuntu0.12.04.1")) flag++;
if (ubuntu_check(osver:"12.10", pkgname:"xul-ext-ubufox", pkgver:"2.6-0ubuntu0.12.10.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xul-ext-ubufox");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2012-819.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(74826);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2012-4201", "CVE-2012-4202", "CVE-2012-4203", "CVE-2012-4204", "CVE-2012-4205", "CVE-2012-4207", "CVE-2012-4208", "CVE-2012-4209", "CVE-2012-4210", "CVE-2012-4212", "CVE-2012-4213", "CVE-2012-4214", "CVE-2012-4215", "CVE-2012-4216", "CVE-2012-4217", "CVE-2012-4218", "CVE-2012-5829", "CVE-2012-5830", "CVE-2012-5833", "CVE-2012-5835", "CVE-2012-5836", "CVE-2012-5837", "CVE-2012-5838", "CVE-2012-5839", "CVE-2012-5840", "CVE-2012-5841", "CVE-2012-5842", "CVE-2012-5843");

  script_name(english:"openSUSE Security Update : xulrunner (openSUSE-SU-2012:1586-1)");
  script_summary(english:"Check for the openSUSE-2012-819 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Changes in xulrunner :

  - update to 17.0 (bnc#790140)

  - MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 Miscellaneous
    memory safety hazards

  - MFSA 2012-92/CVE-2012-4202 (bmo#758200) Buffer overflow
    while rendering GIF images

  - MFSA 2012-93/CVE-2012-4201 (bmo#747607) evalInSanbox
    location context incorrectly applied

  - MFSA 2012-94/CVE-2012-5836 (bmo#792857) Crash when
    combining SVG text on path with CSS

  - MFSA 2012-95/CVE-2012-4203 (bmo#765628) Javascript: URLs
    run in privileged context on New Tab page

  - MFSA 2012-96/CVE-2012-4204 (bmo#778603) Memory
    corruption in str_unescape

  - MFSA 2012-97/CVE-2012-4205 (bmo#779821) XMLHttpRequest
    inherits incorrect principal within sandbox

  - MFSA 2012-99/CVE-2012-4208 (bmo#798264) XrayWrappers
    exposes chrome-only properties when not in chrome
    compartment

  - MFSA 2012-100/CVE-2012-5841 (bmo#805807) Improper
    security filtering for cross-origin wrappers

  - MFSA 2012-101/CVE-2012-4207 (bmo#801681) Improper
    character decoding in HZ-GB-2312 charset

  - MFSA 2012-102/CVE-2012-5837 (bmo#800363) Script entered
    into Developer Toolbar runs with chrome privileges

  - MFSA 2012-103/CVE-2012-4209 (bmo#792405) Frames can
    shadow top.location

  - MFSA 2012-104/CVE-2012-4210 (bmo#796866) CSS and HTML
    injection through Style Inspector

  - MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/
    CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/
    CVE-2012-4213/CVE-2012-4217/CVE-2012-4218 Use-after-free
    and buffer overflow issues found using Address Sanitizer

  - MFSA
    2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2
    012-5838 Use-after-free, buffer overflow, and memory
    corruption issues found using Address Sanitizer

  - rebased patches

  - disabled WebRTC since build is broken (bmo#776877)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=790140"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected xulrunner packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-buildsymbols");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/11/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.1|SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1 / 12.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.1", reference:"mozilla-js-17.0-2.49.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"mozilla-js-debuginfo-17.0-2.49.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-17.0-2.49.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-buildsymbols-17.0-2.49.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-debuginfo-17.0-2.49.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-debugsource-17.0-2.49.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-devel-17.0-2.49.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-devel-debuginfo-17.0-2.49.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-js-32bit-17.0-2.49.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-js-debuginfo-32bit-17.0-2.49.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"xulrunner-32bit-17.0-2.49.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"xulrunner-debuginfo-32bit-17.0-2.49.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"mozilla-js-17.0-2.22.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"mozilla-js-debuginfo-17.0-2.22.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-17.0-2.22.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-buildsymbols-17.0-2.22.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-debuginfo-17.0-2.22.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-debugsource-17.0-2.22.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-devel-17.0-2.22.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-devel-debuginfo-17.0-2.22.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-js-32bit-17.0-2.22.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-js-debuginfo-32bit-17.0-2.22.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xulrunner-32bit-17.0-2.22.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xulrunner-debuginfo-32bit-17.0-2.22.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mozilla-js / mozilla-js-32bit / mozilla-js-debuginfo / etc");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1638-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(63025);
  script_version("1.14");
  script_cvs_date("Date: 2019/09/19 12:54:28");

  script_cve_id("CVE-2012-4201", "CVE-2012-4202", "CVE-2012-4203", "CVE-2012-4204", "CVE-2012-4205", "CVE-2012-4207", "CVE-2012-4208", "CVE-2012-4209", "CVE-2012-4210", "CVE-2012-4212", "CVE-2012-4213", "CVE-2012-4214", "CVE-2012-4215", "CVE-2012-4216", "CVE-2012-4217", "CVE-2012-4218", "CVE-2012-5829", "CVE-2012-5830", "CVE-2012-5833", "CVE-2012-5835", "CVE-2012-5836", "CVE-2012-5837", "CVE-2012-5838", "CVE-2012-5839", "CVE-2012-5840", "CVE-2012-5841", "CVE-2012-5842", "CVE-2012-5843");
  script_bugtraq_id(56628, 56633);
  script_xref(name:"USN", value:"1638-1");

  script_name(english:"Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1638-1)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed
Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and
Andrew McCreight discovered multiple memory safety issues affecting
Firefox. If the user were tricked into opening a specially crafted
page, an attacker could possibly exploit these to cause a denial of
service via application crash, or potentially execute code with the
privileges of the user invoking Firefox. (CVE-2012-5842,
CVE-2012-5843)

Atte Kettunen discovered a buffer overflow while rendering GIF format
images. An attacker could exploit this to possibly execute arbitrary
code as the user invoking Firefox. (CVE-2012-4202)

It was discovered that the evalInSandbox function's JavaScript sandbox
context could be circumvented. An attacker could exploit this to
perform a cross-site scripting (XSS) attack or steal a copy of a local
file if the user has installed an add-on vulnerable to this attack.
With cross-site scripting vulnerabilities, if a user were tricked into
viewing a specially crafted page, a remote attacker could exploit this
to modify the contents, or steal confidential data, within the same
domain. (CVE-2012-4201)

Jonathan Stephens discovered that combining vectors involving the
setting of Cascading Style Sheets (CSS) properties in conjunction with
SVG text could cause Firefox to crash. If a user were tricked into
opening a malicious web page, an attacker could cause a denial of
service via application crash or execute arbitrary code with the
privliges of the user invoking the program. (CVE-2012-5836)

It was discovered that if a javascript: URL is selected from the list
of Firefox 'new tab' page, the script will inherit the privileges of
the privileged 'new tab' page. This allows for the execution of
locally installed programs if a user can be convinced to save a
bookmark of a malicious javascript: URL. (CVE-2012-4203)

Scott Bell discovered a memory corruption issue in the JavaScript
engine. If a user were tricked into opening a malicious website, an
attacker could exploit this to execute arbitrary JavaScript code
within the context of another website or arbitrary code as the user
invoking the program. (CVE-2012-4204)

Gabor Krizsanits discovered that XMLHttpRequest objects created within
sandboxes have the system principal instead of the sandbox principal.
This can lead to cross-site request forgery (CSRF) or information
theft via an add-on running untrusted code in a sandbox.
(CVE-2012-4205)

Peter Van der Beken discovered XrayWrapper implementation in Firefox
does not consider the compartment during property filtering. An
attacker could use this to bypass intended chrome-only restrictions on
reading DOM object properties via a crafted website. (CVE-2012-4208)

Bobby Holley discovered that cross-origin wrappers were allowing write
actions on objects when only read actions should have been properly
allowed. This can lead to cross-site scripting (XSS) attacks. With
cross-site scripting vulnerabilities, if a user were tricked into
viewing a specially crafted page, a remote attacker could exploit this
to modify the contents, or steal confidential data, within the same
domain. (CVE-2012-5841)

Masato Kinugawa discovered that when HZ-GB-2312 charset encoding is
used for text, the '~' character will destroy another character near
the chunk delimiter. This can lead to a cross-site scripting (XSS)
attack in pages encoded in HZ-GB-2312. With cross-site scripting
vulnerabilities, if a user were tricked into viewing a specially
crafted page, a remote attacker could exploit this to modify the
contents, or steal confidential data, within the same domain.
(CVE-2012-4207)

Masato Kinugawa discovered that scripts entered into the Developer
Toolbar could run in a chrome privileged context. An attacker could
use this vulnerability to conduct cross-site scripting (XSS) attacks
or execute arbitrary code as the user invoking Firefox. With
cross-site scripting vulnerabilities, if a user were tricked into
viewing a specially crafted page, a remote attacker could exploit this
to modify the contents, or steal confidential data, within the same
domain. (CVE-2012-5837)

Mariusz Mlynski discovered that the location property can be accessed
by binary plugins through top.location with a frame whose name
attribute's value is set to 'top'. This can allow for possible
cross-site scripting (XSS) attacks through plugins. With cross-site
scripting vulnerabilities, if a user were tricked into viewing a
specially crafted page, a remote attacker could exploit this to modify
the contents, or steal confidential data, within the same domain.
(CVE-2012-4209)

Mariusz Mlynski discovered that when a maliciously crafted stylesheet
is inspected in the Style Inspector, HTML and CSS can run in a chrome
privileged context without being properly sanitized first. If a user
were tricked into opening a malicious web page, an attacker could
execute arbitrary code with the privliges of the user invoking the
program. (CVE-2012-4210)

Abhishek Arya discovered multiple use-after-free and buffer overflow
issues in Firefox. If a user were tricked into opening a malicious
page, an attacker could exploit these to execute arbitrary code as the
user invoking the program. (CVE-2012-4214, CVE-2012-4215,
CVE-2012-4216, CVE-2012-5829, CVE-2012-5839, CVE-2012-5840,
CVE-2012-4212, CVE-2012-4213, CVE-2012-4217, CVE-2012-4218)

Several memory corruption flaws were discovered in Firefox. If a user
were tricked into opening a malicious page, an attacker could exploit
these to execute arbitrary code as the user invoking the program.
(CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5838).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1638-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected firefox package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/11/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/23");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(10\.04|11\.10|12\.04|12\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 11.10 / 12.04 / 12.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"10.04", pkgname:"firefox", pkgver:"17.0+build2-0ubuntu0.10.04.1")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"firefox", pkgver:"17.0+build2-0ubuntu0.11.10.1")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"firefox", pkgver:"17.0+build2-0ubuntu0.12.04.1")) flag++;
if (ubuntu_check(osver:"12.10", pkgname:"firefox", pkgver:"17.0+build2-0ubuntu0.12.10.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(63091);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2012-4201", "CVE-2012-4202", "CVE-2012-4203", "CVE-2012-4204", "CVE-2012-4205", "CVE-2012-4206", "CVE-2012-4207", "CVE-2012-4208", "CVE-2012-4209", "CVE-2012-4210", "CVE-2012-4212", "CVE-2012-4213", "CVE-2012-4214", "CVE-2012-4215", "CVE-2012-4216", "CVE-2012-4217", "CVE-2012-4218", "CVE-2012-5829", "CVE-2012-5830", "CVE-2012-5833", "CVE-2012-5835", "CVE-2012-5836", "CVE-2012-5837", "CVE-2012-5838", "CVE-2012-5839", "CVE-2012-5840", "CVE-2012-5841", "CVE-2012-5842", "CVE-2012-5843");

  script_name(english:"SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8381)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 10 host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Mozilla Firefox has been updated to the 10.0.11 ESR security release,
which fixes various bugs and security issues.

  - Security researcher miaubiz used the Address Sanitizer
    tool to discover a series critically rated of
    use-after-free, buffer overflow, and memory corruption
    issues in shipped software. These issues are potentially
    exploitable, allowing for remote code execution. We
    would also like to thank miaubiz for reporting two
    additional use-after-free and memory corruption issues
    introduced during Firefox development that have been
    fixed before general release. (MFSA 2012-106)

    In general these flaws cannot be exploited through email
    in the Thunderbird and SeaMonkey products because
    scripting is disabled, but are potentially a risk in
    browser or browser-like contexts in those products.
    References

    The following issues have been fixed in Firefox 17 and
    ESR 10.0.11 :

o use-after-free when loading html file on osx (CVE-2012-5830) o Mesa
crashes on certain texImage2D calls involving level>0 (CVE-2012-5833)
o integer overflow, invalid write w/webgl bufferdata. (CVE-2012-5835)

The following issues have been fixed in Firefox 17 :

o crash in copyTexImage2D with image dimensions too large for given
level. (CVE-2012-5838)

  - Security researcher Abhishek Arya (Inferno) of the
    Google Chrome Security Team discovered a series
    critically rated of use-after-free and buffer overflow
    issues using the Address Sanitizer tool in shipped
    software. These issues are potentially exploitable,
    allowing for remote code execution. We would also like
    to thank Abhishek for reporting five additional
    use-after-free, out of bounds read, and buffer overflow
    flaws introduced during Firefox development that have
    been fixed before general release. (MFSA 2012-105)

    In general these flaws cannot be exploited through email
    in the Thunderbird and SeaMonkey products because
    scripting is disabled, but are potentially a risk in
    browser or browser-like contexts in those products.
    References

    The following issues have been fixed in Firefox 17 and
    ESR 10.0.11 :

o Heap-use-after-free in nsTextEditorState::PrepareEditor
(CVE-2012-4214) o Heap-use-after-free in
nsPlaintextEditor::FireClipboardEvent (CVE-2012-4215) o
Heap-use-after-free in gfxFont::GetFontEntry (CVE-2012-4216) o
Heap-buffer-overflow in nsWindow::OnExposeEvent (CVE-2012-5829) o
heap-buffer-overflow in gfxShapedWord::CompressedGlyph::IsClusterStart
o CVE-2012-5839 o Heap-use-after-free in
nsTextEditorState::PrepareEditor. (CVE-2012-5840)

The following issues have been fixed in Firefox 17 :

o Heap-use-after-free in XPCWrappedNative::Mark (CVE-2012-4212) o
Heap-use-after-free in nsEditor::FindNextLeafNode (CVE-2012-4213) o
Heap-use-after-free in nsViewManager::ProcessPendingUpdates
(CVE-2012-4217) o Heap-use-after-free
BuildTextRunsScanner::BreakSink::SetBreaks. (CVE-2012-4218)

  - Security researcher Mariusz Mlynski reported that when a
    maliciously crafted stylesheet is inspected in the Style
    Inspector, HTML and CSS can run in a chrome privileged
    context without being properly sanitized first. This can
    lead to arbitrary code execution. (MFSA 2012-104 /
    CVE-2012-4210)

  - Security researcher Mariusz Mlynski reported that the
    location property can be accessed by binary plugins
    through top.location with a frame whose name attribute's
    value is set to 'top'. This can allow for possible
    cross-site scripting (XSS) attacks through plugins.
    (MFSA 2012-103 / CVE-2012-4209)

    In general these flaws cannot be exploited through email
    in the Thunderbird and SeaMonkey products because
    scripting is disabled, but are potentially a risk in
    browser or browser-like contexts in those products.

  - Security researcher Masato Kinugawa reported that when
    script is entered into the Developer Toolbar, it runs in
    a chrome privileged context. This allows for arbitrary
    code execution or cross-site scripting (XSS) if a user
    can be convinced to paste malicious code into the
    Developer Toolbar. (MFSA 2012-102 / CVE-2012-5837)

  - Security researcher Masato Kinugawa found when
    HZ-GB-2312 charset encoding is used for text, the '~'
    character will destroy another character near the chunk
    delimiter. This can lead to a cross-site scripting (XSS)
    attack in pages encoded in HZ-GB-2312. (MFSA 2012-101 /
    CVE-2012-4207)

  - Mozilla developer Bobby Holley reported that security
    wrappers filter at the time of property access, but once
    a function is returned, the caller can use this function
    without further security checks. This affects
    cross-origin wrappers, allowing for write actions on
    objects when only read actions should be properly
    allowed. This can lead to cross-site scripting (XSS)
    attacks. (MFSA 2012-100 / CVE-2012-5841)

    In general these flaws cannot be exploited through email
    in the Thunderbird and SeaMonkey products because
    scripting is disabled, but are potentially a risk in
    browser or browser-like contexts in those products.

  - Mozilla developer Peter Van der Beken discovered that
    same-origin XrayWrappers expose chrome-only properties
    even when not in a chrome compartment. This can allow
    web content to get properties of DOM objects that are
    intended to be chrome-only. (MFSA 2012-99 /
    CVE-2012-4208)

    In general these flaws cannot be exploited through email
    in the Thunderbird and SeaMonkey products because
    scripting is disabled, but are potentially a risk in
    browser or browser-like contexts in those products.

  - Security researcher Robert Kugler reported that when a
    specifically named DLL file on a Windows computer is
    placed in the default downloads directory with the
    Firefox installer, the Firefox installer will load this
    DLL when it is launched. In circumstances where the
    installer is run by an administrator privileged account,
    this allows for the downloaded DLL file to be run with
    administrator privileges. This can lead to arbitrary
    code execution from a privileged account. (MFSA 2012-98
    / CVE-2012-4206)

  - Mozilla developer Gabor Krizsanits discovered that
    XMLHttpRequest objects created within sandboxes have the
    system principal instead of the sandbox principal. This
    can lead to cross-site request forgery (CSRF) or
    information theft via an add-on running untrusted code
    in a sandbox. (MFSA 2012-97 / CVE-2012-4205)

  - Security researcher Scott Bell of
    Security-Assessment.com used the Address Sanitizer tool
    to discover a memory corruption in str_unescape in the
    JavaScript engine. This could potentially lead to
    arbitrary code execution. (MFSA 2012-96 / CVE-2012-4204)

    In general these flaws cannot be exploited through email
    in the Thunderbird and SeaMonkey products because
    scripting is disabled, but are potentially a risk in
    browser or browser-like contexts in those products.

  - Security researcher [email protected] reported that if
    a javascript: URL is selected from the list of Firefox
    'new tab' page, the script will inherit the privileges
    of the privileged 'new tab' page. This allows for the
    execution of locally installed programs if a user can be
    convinced to save a bookmark of a malicious javascript:
    URL. (MFSA 2012-95 / CVE-2012-4203)

  - Security researcher Jonathan Stephens discovered that
    combining SVG text on a path with the setting of CSS
    properties could lead to a potentially exploitable
    crash. (MFSA 2012-94 / CVE-2012-5836)

  - Mozilla security researcher moz_bug_r_a4 reported that
    if code executed by the evalInSandbox function sets
    location.href, it can get the wrong subject principal
    for the URL check, ignoring the sandbox's JavaScript
    context and gaining the context of evalInSandbox object.
    This can lead to malicious web content being able to
    perform a cross-site scripting (XSS) attack or stealing
    a copy of a local file if the user has installed an
    add-on vulnerable to this attack. (MFSA 2012-93 /
    CVE-2012-4201)

  - Security researcher Atte Kettunen from OUSPG used the
    Address Sanitizer tool to discover a buffer overflow
    while rendering GIF format images. This issue is
    potentially exploitable and could lead to arbitrary code
    execution. (MFSA 2012-92 / CVE-2012-4202)

  - Mozilla developers identified and fixed several memory
    safety bugs in the browser engine used in Firefox and
    other Mozilla-based products. Some of these bugs showed
    evidence of memory corruption under certain
    circumstances, and we presume that with enough effort at
    least some of these could be exploited to run arbitrary
    code. (MFSA 2012-91)

    In general these flaws cannot be exploited through email
    in the Thunderbird and SeaMonkey products because
    scripting is disabled, but are potentially a risk in
    browser or browser-like contexts in those products.
    References

    Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary,
    Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian
    Seward, and Bill McCloskey reported memory safety
    problems and crashes that affect Firefox 16.
    (CVE-2012-5843)

    Jesse Ruderman, Andrew McCreight, Bob Clary, and Kyle
    Huey reported memory safety problems and crashes that
    affect Firefox ESR 10 and Firefox 16. (CVE-2012-5842)"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-100.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-100/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-101.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-101/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-102.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-102/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-103.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-103/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-104.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-104/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-105.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-105/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-106.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-106/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-91.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-91/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-92.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-92/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-93.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-93/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-94.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-94/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-95.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-95/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-96.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-96/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-97.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-97/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-98.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-98/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-99.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-99/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4201.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4202.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4203.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4204.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4205.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4206.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4207.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4208.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4209.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4210.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4212.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4213.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4214.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4215.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4216.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4217.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4218.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5829.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5830.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5833.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5835.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5836.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5837.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5838.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5839.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5840.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5841.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5842.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5843.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 8381.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/11/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/29");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");


flag = 0;
if (rpm_check(release:"SLED10", sp:4, reference:"MozillaFirefox-10.0.11-0.5.1")) flag++;
if (rpm_check(release:"SLED10", sp:4, reference:"MozillaFirefox-translations-10.0.11-0.5.1")) flag++;
if (rpm_check(release:"SLED10", sp:4, reference:"mozilla-nss-3.14-0.6.1")) flag++;
if (rpm_check(release:"SLED10", sp:4, reference:"mozilla-nss-devel-3.14-0.6.1")) flag++;
if (rpm_check(release:"SLED10", sp:4, reference:"mozilla-nss-tools-3.14-0.6.1")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"mozilla-nss-32bit-3.14-0.6.1")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"MozillaFirefox-10.0.11-0.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"MozillaFirefox-translations-10.0.11-0.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"mozilla-nss-3.14-0.6.1")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"mozilla-nss-devel-3.14-0.6.1")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"mozilla-nss-tools-3.14-0.6.1")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"mozilla-nss-32bit-3.14-0.6.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else exit(0, "The host is not affected.");