Vulnerabilities > CVE-2012-5829 - Out-Of-Bounds Write vulnerability in multiple products

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE

Summary

Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.

Vulnerable Configurations

Part Description Count
Application
Mozilla
570
OS
Opensuse
3
OS
Suse
7
OS
Redhat
7
OS
Canonical
4
OS
Debian
2

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-17.NASL
    descriptionThe Mozilla January 8th 2013 security release contains updates : Mozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was updated to version 2.15. Mozilla Thunderbird was updated to version 17.0.2. Mozilla XULRunner was updated to version 17.0.2. - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 Miscellaneous memory safety hazards - MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20 13-0767 CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 Use-after-free and buffer overflow issues found using Address Sanitizer - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow in Canvas - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in addressbar during page loads - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free when displaying table with many columns and column groups - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are shared across iframes - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to handling of SSL on threads - MFSA 2013-08/CVE-2013-0745 (bmo#794158) AutoWrapperChanger fails to keep objects alive during garbage collection - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment mismatch with quickstubs returned values - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event manipulation in plugin handler to bypass same-origin policy - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space layout leaked in XBL objects - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow in JavaScript string concatenation - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption in XBL with XML bindings containing SVG - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object Wrapper (COW) bypass through changing prototype - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege escalation through plugin objects - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in serializeToStream - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in ListenerManager - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in Vibrate - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in JavaScript Proxy objects Mozilla NSPR was updated to 4.9.4, containing some small bugfixes and new features. Mozilla NSS was updated to 3.14.1 containing various new features, security fix and bugfixes : - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628) revoke mis-issued intermediate certificates from TURKTRUST Cryptographic changes done : - Support for TLS 1.1 (RFC 4346) - Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764) - Support for AES-CTR, AES-CTS, and AES-GCM - Support for Keying Material Exporters for TLS (RFC 5705) - Support for certificate signatures using the MD5 hash algorithm is now disabled by default - The NSS license has changed to MPL 2.0. Previous releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1 tri-license. For more information about MPL 2.0, please see http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional explanation on GPL/LGPL compatibility, see security/nss/COPYING in the source code. - Export and DES cipher suites are disabled by default. Non-ECC AES and Triple DES cipher suites are enabled by default Please see http://www.mozilla.org/security/announce/ for more information.
    last seen2020-06-05
    modified2014-06-13
    plugin id74918
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74918
    titleopenSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2013-17.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74918);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-0759", "CVE-2012-5829", "CVE-2013-0744", "CVE-2013-0745", "CVE-2013-0746", "CVE-2013-0747", "CVE-2013-0748", "CVE-2013-0749", "CVE-2013-0750", "CVE-2013-0751", "CVE-2013-0752", "CVE-2013-0753", "CVE-2013-0754", "CVE-2013-0755", "CVE-2013-0756", "CVE-2013-0757", "CVE-2013-0758", "CVE-2013-0759", "CVE-2013-0760", "CVE-2013-0761", "CVE-2013-0762", "CVE-2013-0763", "CVE-2013-0764", "CVE-2013-0766", "CVE-2013-0767", "CVE-2013-0768", "CVE-2013-0769", "CVE-2013-0770", "CVE-2013-0771");
    
      script_name(english:"openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)");
      script_summary(english:"Check for the openSUSE-2013-17 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Mozilla January 8th 2013 security release contains updates :
    
    Mozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was
    updated to version 2.15. Mozilla Thunderbird was updated to version
    17.0.2. Mozilla XULRunner was updated to version 17.0.2.
    
      - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770
        Miscellaneous memory safety hazards
    
      - MFSA
        2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20
        13-0767
        CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829
        Use-after-free and buffer overflow issues found using
        Address Sanitizer
    
      - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow
        in Canvas
    
      - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in
        addressbar during page loads
    
      - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free
        when displaying table with many columns and column
        groups
    
      - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are
        shared across iframes
    
      - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to
        handling of SSL on threads
    
      - MFSA 2013-08/CVE-2013-0745 (bmo#794158)
        AutoWrapperChanger fails to keep objects alive during
        garbage collection
    
      - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment
        mismatch with quickstubs returned values
    
      - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event
        manipulation in plugin handler to bypass same-origin
        policy
    
      - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space
        layout leaked in XBL objects
    
      - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow
        in JavaScript string concatenation
    
      - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory
        corruption in XBL with XML bindings containing SVG
    
      - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object
        Wrapper (COW) bypass through changing prototype
    
      - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege
        escalation through plugin objects
    
      - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free
        in serializeToStream
    
      - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free
        in ListenerManager
    
      - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free
        in Vibrate
    
      - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free
        in JavaScript Proxy objects
    
    Mozilla NSPR was updated to 4.9.4, containing some small bugfixes and
    new features.
    
    Mozilla NSS was updated to 3.14.1 containing various new features,
    security fix and bugfixes :
    
      - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)
        revoke mis-issued intermediate certificates from
        TURKTRUST
    
    Cryptographic changes done :
    
      - Support for TLS 1.1 (RFC 4346)
    
      - Experimental support for DTLS 1.0 (RFC 4347) and
        DTLS-SRTP (RFC 5764)
    
      - Support for AES-CTR, AES-CTS, and AES-GCM
    
      - Support for Keying Material Exporters for TLS (RFC 5705)
    
      - Support for certificate signatures using the MD5 hash
        algorithm is now disabled by default
    
      - The NSS license has changed to MPL 2.0. Previous
        releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1
        tri-license. For more information about MPL 2.0, please
        see http://www.mozilla.org/MPL/2.0/FAQ.html. For an
        additional explanation on GPL/LGPL compatibility, see
        security/nss/COPYING in the source code.
    
      - Export and DES cipher suites are disabled by default.
        Non-ECC AES and Triple DES cipher suites are enabled by
        default
    
    Please see http://www.mozilla.org/security/announce/ for more
    information."
      );
      # http://www.mozilla.org/MPL/2.0/FAQ.html.
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/MPL/2.0/FAQ.html."
      );
      # http://www.mozilla.org/security/announce/
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=796628"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox / seamonkey / thunderbird packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox 17.0.1 Flash Privileged Code Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-irc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-other");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-venkman");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-buildsymbols");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.1|SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1 / 12.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-18.0-2.58.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-branding-upstream-18.0-2.58.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-buildsymbols-18.0-2.58.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-debuginfo-18.0-2.58.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-debugsource-18.0-2.58.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-devel-18.0-2.58.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-translations-common-18.0-2.58.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-translations-other-18.0-2.58.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-buildsymbols-17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-debuginfo-17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-debugsource-17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-devel-17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-devel-debuginfo-17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-translations-common-17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-translations-other-17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"enigmail-1.5.0+17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"enigmail-debuginfo-1.5.0+17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"libfreebl3-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"libfreebl3-debuginfo-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"libsoftokn3-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"libsoftokn3-debuginfo-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-js-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-js-debuginfo-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nspr-4.9.4-3.11.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nspr-debuginfo-4.9.4-3.11.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nspr-debugsource-4.9.4-3.11.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nspr-devel-4.9.4-3.11.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-certs-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-certs-debuginfo-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-debuginfo-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-debugsource-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-devel-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-sysinit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-sysinit-debuginfo-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-tools-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-tools-debuginfo-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-2.15-2.49.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-debuginfo-2.15-2.49.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-debugsource-2.15-2.49.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-dom-inspector-2.15-2.49.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-irc-2.15-2.49.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-translations-common-2.15-2.49.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-translations-other-2.15-2.49.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-venkman-2.15-2.49.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-buildsymbols-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-debuginfo-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-debugsource-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-devel-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-devel-debuginfo-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libfreebl3-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libsoftokn3-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-js-32bit-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-js-debuginfo-32bit-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-nspr-32bit-4.9.4-3.11.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-nspr-debuginfo-32bit-4.9.4-3.11.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-nss-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"xulrunner-32bit-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"xulrunner-debuginfo-32bit-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-18.0-2.29.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-branding-upstream-18.0-2.29.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-buildsymbols-18.0-2.29.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-debuginfo-18.0-2.29.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-debugsource-18.0-2.29.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-devel-18.0-2.29.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-translations-common-18.0-2.29.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-translations-other-18.0-2.29.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-buildsymbols-17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-debuginfo-17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-debugsource-17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-devel-17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-devel-debuginfo-17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-translations-common-17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-translations-other-17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"enigmail-1.5.0+17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"enigmail-debuginfo-1.5.0+17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"libfreebl3-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"libfreebl3-debuginfo-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"libsoftokn3-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"libsoftokn3-debuginfo-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-js-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-js-debuginfo-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nspr-4.9.4-1.8.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nspr-debuginfo-4.9.4-1.8.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nspr-debugsource-4.9.4-1.8.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nspr-devel-4.9.4-1.8.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-certs-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-certs-debuginfo-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-debuginfo-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-debugsource-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-devel-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-sysinit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-sysinit-debuginfo-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-tools-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-tools-debuginfo-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-2.15-2.30.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-debuginfo-2.15-2.30.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-debugsource-2.15-2.30.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-dom-inspector-2.15-2.30.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-irc-2.15-2.30.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-translations-common-2.15-2.30.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-translations-other-2.15-2.30.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-venkman-2.15-2.30.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-buildsymbols-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-debuginfo-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-debugsource-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-devel-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-devel-debuginfo-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libfreebl3-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libsoftokn3-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-js-32bit-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-js-debuginfo-32bit-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nspr-32bit-4.9.4-1.8.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nspr-debuginfo-32bit-4.9.4-1.8.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xulrunner-32bit-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xulrunner-debuginfo-32bit-17.0.2-2.26.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-upstream / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1638-2.NASL
    descriptionUSN-1638-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-5842, CVE-2012-5843) Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Firefox. (CVE-2012-4202) It was discovered that the evalInSandbox function
    last seen2020-06-01
    modified2020-06-02
    plugin id63026
    published2012-11-23
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63026
    titleUbuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : ubufox update (USN-1638-2)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1638-2. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63026);
      script_version("1.14");
      script_cvs_date("Date: 2019/09/19 12:54:28");
    
      script_cve_id("CVE-2012-4201", "CVE-2012-4202", "CVE-2012-4203", "CVE-2012-4204", "CVE-2012-4205", "CVE-2012-4207", "CVE-2012-4208", "CVE-2012-4209", "CVE-2012-4210", "CVE-2012-4212", "CVE-2012-4213", "CVE-2012-4214", "CVE-2012-4215", "CVE-2012-4216", "CVE-2012-4217", "CVE-2012-4218", "CVE-2012-5829", "CVE-2012-5830", "CVE-2012-5833", "CVE-2012-5835", "CVE-2012-5836", "CVE-2012-5838", "CVE-2012-5839", "CVE-2012-5840", "CVE-2012-5841", "CVE-2012-5842", "CVE-2012-5843");
      script_bugtraq_id(56611, 56612, 56613, 56614, 56616, 56618, 56621, 56623, 56625, 56628, 56629, 56633);
      script_xref(name:"USN", value:"1638-2");
    
      script_name(english:"Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : ubufox update (USN-1638-2)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-1638-1 fixed vulnerabilities in Firefox. This update provides an
    updated ubufox package for use with the latest Firefox.
    
    Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed
    Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and
    Andrew McCreight discovered multiple memory safety issues affecting
    Firefox. If the user were tricked into opening a specially crafted
    page, an attacker could possibly exploit these to cause a denial of
    service via application crash, or potentially execute code with the
    privileges of the user invoking Firefox. (CVE-2012-5842,
    CVE-2012-5843)
    
    Atte Kettunen discovered a buffer overflow while rendering
    GIF format images. An attacker could exploit this to
    possibly execute arbitrary code as the user invoking
    Firefox. (CVE-2012-4202)
    
    It was discovered that the evalInSandbox function's
    JavaScript sandbox context could be circumvented. An
    attacker could exploit this to perform a cross-site
    scripting (XSS) attack or steal a copy of a local file if
    the user has installed an add-on vulnerable to this attack.
    With cross-site scripting vulnerabilities, if a user were
    tricked into viewing a specially crafted page, a remote
    attacker could exploit this to modify the contents, or steal
    confidential data, within the same domain. (CVE-2012-4201)
    
    Jonathan Stephens discovered that combining vectors
    involving the setting of Cascading Style Sheets (CSS)
    properties in conjunction with SVG text could cause Firefox
    to crash. If a user were tricked into opening a malicious
    web page, an attacker could cause a denial of service via
    application crash or execute arbitrary code with the
    privliges of the user invoking the program. (CVE-2012-5836)
    
    It was discovered that if a javascript: URL is selected from
    the list of Firefox 'new tab' page, the script will inherit
    the privileges of the privileged 'new tab' page. This allows
    for the execution of locally installed programs if a user
    can be convinced to save a bookmark of a malicious
    javascript: URL. (CVE-2012-4203)
    
    Scott Bell discovered a memory corruption issue in the
    JavaScript engine. If a user were tricked into opening a
    malicious website, an attacker could exploit this to execute
    arbitrary JavaScript code within the context of another
    website or arbitrary code as the user invoking the program.
    (CVE-2012-4204)
    
    Gabor Krizsanits discovered that XMLHttpRequest objects
    created within sandboxes have the system principal instead
    of the sandbox principal. This can lead to cross-site
    request forgery (CSRF) or information theft via an add-on
    running untrusted code in a sandbox. (CVE-2012-4205)
    
    Peter Van der Beken discovered XrayWrapper implementation in
    Firefox does not consider the compartment during property
    filtering. An attacker could use this to bypass intended
    chrome-only restrictions on reading DOM object properties
    via a crafted website. (CVE-2012-4208)
    
    Bobby Holley discovered that cross-origin wrappers were
    allowing write actions on objects when only read actions
    should have been properly allowed. This can lead to
    cross-site scripting (XSS) attacks. With cross-site
    scripting vulnerabilities, if a user were tricked into
    viewing a specially crafted page, a remote attacker could
    exploit this to modify the contents, or steal confidential
    data, within the same domain. (CVE-2012-5841)
    
    Masato Kinugawa discovered that when HZ-GB-2312 charset
    encoding is used for text, the '~' character will destroy
    another character near the chunk delimiter. This can lead to
    a cross-site scripting (XSS) attack in pages encoded in
    HZ-GB-2312. With cross-site scripting vulnerabilities, if a
    user were tricked into viewing a specially crafted page, a
    remote attacker could exploit these to modify the contents,
    or steal confidential data, within the same domain.
    (CVE-2012-4207)
    
    Mariusz Mlynski discovered that the location property can be
    accessed by binary plugins through top.location with a frame
    whose name attribute's value is set to 'top'. This can allow
    for possible cross-site scripting (XSS) attacks through
    plugins. With cross-site scripting vulnerabilities, if a
    user were tricked into viewing a specially crafted page, a
    remote attacker could exploit this to modify the contents,
    or steal confidential data, within the same domain.
    (CVE-2012-4209)
    
    Mariusz Mlynski discovered that when a maliciously crafted
    stylesheet is inspected in the Style Inspector, HTML and CSS
    can run in a chrome privileged context without being
    properly sanitized first. If a user were tricked into
    opening a malicious web page, an attacker could execute
    arbitrary code with the privliges of the user invoking the
    program. (CVE-2012-4210)
    
    Abhishek Arya discovered multiple use-after-free and buffer
    overflow issues in Firefox. If a user were tricked into
    opening a malicious page, an attacker could exploit these to
    execute arbitrary code as the user invoking the program.
    (CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829,
    CVE-2012-5839, CVE-2012-5840, CVE-2012-4212, CVE-2012-4213,
    CVE-2012-4217, CVE-2012-4218)
    
    Several memory corruption flaws were discovered in Firefox.
    If a user were tricked into opening a malicious page, an
    attacker could exploit these to execute arbitrary code as
    the user invoking the program. (CVE-2012-5830,
    CVE-2012-5833, CVE-2012-5835, CVE-2012-5838).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1638-2/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected xul-ext-ubufox package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xul-ext-ubufox");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/11/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04|11\.10|12\.04|12\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 11.10 / 12.04 / 12.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"xul-ext-ubufox", pkgver:"2.6-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"11.10", pkgname:"xul-ext-ubufox", pkgver:"2.6-0ubuntu0.11.10.1")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"xul-ext-ubufox", pkgver:"2.6-0ubuntu0.12.04.1")) flag++;
    if (ubuntu_check(osver:"12.10", pkgname:"xul-ext-ubufox", pkgver:"2.6-0ubuntu0.12.10.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xul-ext-ubufox");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20121120_FIREFOX_ON_SL5_X.NASL
    descriptionSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5839, CVE-2012-5840, CVE-2012-5842) A buffer overflow flaw was found in the way Firefox handled GIF (Graphics Interchange Format) images. A web page containing a malicious GIF image could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-4202) A flaw was found in the way the Style Inspector tool in Firefox handled certain Cascading Style Sheets (CSS). Running the tool (Tools -> Web Developer -> Inspect) on malicious CSS could result in the execution of HTML and CSS content with chrome privileges. (CVE-2012-4210) A flaw was found in the way Firefox decoded the HZ-GB-2312 character encoding. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2012-4207) A flaw was found in the location object implementation in Firefox. Malicious content could possibly use this flaw to allow restricted content to be loaded by plug-ins. (CVE-2012-4209) A flaw was found in the way cross-origin wrappers were implemented. Malicious content could use this flaw to perform cross-site scripting attacks. (CVE-2012-5841) A flaw was found in the evalInSandbox implementation in Firefox. Malicious content could use this flaw to perform cross-site scripting attacks. (CVE-2012-4201) After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-03-18
    modified2012-11-23
    plugin id63019
    published2012-11-23
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63019
    titleScientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20121120)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-1483.NASL
    descriptionAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5839, CVE-2012-5840, CVE-2012-5842) A buffer overflow flaw was found in the way Thunderbird handled GIF (Graphics Interchange Format) images. Content containing a malicious GIF image could cause Thunderbird to crash or, possibly, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-4202) A flaw was found in the way Thunderbird decoded the HZ-GB-2312 character encoding. Malicious content could cause Thunderbird to run JavaScript code with the permissions of different content. (CVE-2012-4207) A flaw was found in the location object implementation in Thunderbird. Malicious content could possibly use this flaw to allow restricted content to be loaded by plug-ins. (CVE-2012-4209) A flaw was found in the way cross-origin wrappers were implemented. Malicious content could use this flaw to perform cross-site scripting attacks. (CVE-2012-5841) A flaw was found in the evalInSandbox implementation in Thunderbird. Malicious content could use this flaw to perform cross-site scripting attacks. (CVE-2012-4201) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Abhishek Arya, miaubiz, Jesse Ruderman, Andrew McCreight, Bob Clary, Kyle Huey, Atte Kettunen, Masato Kinugawa, Mariusz Mlynski, Bobby Holley, and moz_bug_r_a4 as the original reporters of these issues. Note: All issues except CVE-2012-4202 cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.11 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2012-11-23
    plugin id63006
    published2012-11-23
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63006
    titleCentOS 5 / 6 : thunderbird (CESA-2012:1483)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-819.NASL
    descriptionChanges in xulrunner : - update to 17.0 (bnc#790140) - MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 Miscellaneous memory safety hazards - MFSA 2012-92/CVE-2012-4202 (bmo#758200) Buffer overflow while rendering GIF images - MFSA 2012-93/CVE-2012-4201 (bmo#747607) evalInSanbox location context incorrectly applied - MFSA 2012-94/CVE-2012-5836 (bmo#792857) Crash when combining SVG text on path with CSS - MFSA 2012-95/CVE-2012-4203 (bmo#765628) Javascript: URLs run in privileged context on New Tab page - MFSA 2012-96/CVE-2012-4204 (bmo#778603) Memory corruption in str_unescape - MFSA 2012-97/CVE-2012-4205 (bmo#779821) XMLHttpRequest inherits incorrect principal within sandbox - MFSA 2012-99/CVE-2012-4208 (bmo#798264) XrayWrappers exposes chrome-only properties when not in chrome compartment - MFSA 2012-100/CVE-2012-5841 (bmo#805807) Improper security filtering for cross-origin wrappers - MFSA 2012-101/CVE-2012-4207 (bmo#801681) Improper character decoding in HZ-GB-2312 charset - MFSA 2012-102/CVE-2012-5837 (bmo#800363) Script entered into Developer Toolbar runs with chrome privileges - MFSA 2012-103/CVE-2012-4209 (bmo#792405) Frames can shadow top.location - MFSA 2012-104/CVE-2012-4210 (bmo#796866) CSS and HTML injection through Style Inspector - MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/ CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/ CVE-2012-4213/CVE-2012-4217/CVE-2012-4218 Use-after-free and buffer overflow issues found using Address Sanitizer - MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2 012-5838 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer - rebased patches - disabled WebRTC since build is broken (bmo#776877)
    last seen2020-06-05
    modified2014-06-13
    plugin id74826
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74826
    titleopenSUSE Security Update : xulrunner (openSUSE-SU-2012:1586-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-1482.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5839, CVE-2012-5840, CVE-2012-5842) A buffer overflow flaw was found in the way Firefox handled GIF (Graphics Interchange Format) images. A web page containing a malicious GIF image could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-4202) A flaw was found in the way the Style Inspector tool in Firefox handled certain Cascading Style Sheets (CSS). Running the tool (Tools -> Web Developer -> Inspect) on malicious CSS could result in the execution of HTML and CSS content with chrome privileges. (CVE-2012-4210) A flaw was found in the way Firefox decoded the HZ-GB-2312 character encoding. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2012-4207) A flaw was found in the location object implementation in Firefox. Malicious content could possibly use this flaw to allow restricted content to be loaded by plug-ins. (CVE-2012-4209) A flaw was found in the way cross-origin wrappers were implemented. Malicious content could use this flaw to perform cross-site scripting attacks. (CVE-2012-5841) A flaw was found in the evalInSandbox implementation in Firefox. Malicious content could use this flaw to perform cross-site scripting attacks. (CVE-2012-4201) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.11 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Abhishek Arya, miaubiz, Jesse Ruderman, Andrew McCreight, Bob Clary, Kyle Huey, Atte Kettunen, Mariusz Mlynski, Masato Kinugawa, Bobby Holley, and moz_bug_r_a4 as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.11 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id63005
    published2012-11-23
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63005
    titleCentOS 5 / 6 : firefox (CESA-2012:1482)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1483.NASL
    descriptionAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5839, CVE-2012-5840, CVE-2012-5842) A buffer overflow flaw was found in the way Thunderbird handled GIF (Graphics Interchange Format) images. Content containing a malicious GIF image could cause Thunderbird to crash or, possibly, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-4202) A flaw was found in the way Thunderbird decoded the HZ-GB-2312 character encoding. Malicious content could cause Thunderbird to run JavaScript code with the permissions of different content. (CVE-2012-4207) A flaw was found in the location object implementation in Thunderbird. Malicious content could possibly use this flaw to allow restricted content to be loaded by plug-ins. (CVE-2012-4209) A flaw was found in the way cross-origin wrappers were implemented. Malicious content could use this flaw to perform cross-site scripting attacks. (CVE-2012-5841) A flaw was found in the evalInSandbox implementation in Thunderbird. Malicious content could use this flaw to perform cross-site scripting attacks. (CVE-2012-4201) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Abhishek Arya, miaubiz, Jesse Ruderman, Andrew McCreight, Bob Clary, Kyle Huey, Atte Kettunen, Masato Kinugawa, Mariusz Mlynski, Bobby Holley, and moz_bug_r_a4 as the original reporters of these issues. Note: All issues except CVE-2012-4202 cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.11 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2012-11-21
    plugin id62981
    published2012-11-21
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62981
    titleRHEL 5 / 6 : thunderbird (RHSA-2012:1483)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2584.NASL
    descriptionMultiple vulnerabilities have been found in Iceape, the Debian Internet suite based on Mozilla SeaMonkey : - CVE-2012-5829 Heap-based buffer overflow in the nsWindow::OnExposeEvent function could allow remote attackers to execute arbitrary code. - CVE-2012-5842 Multiple unspecified vulnerabilities in the browser engine could allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code. - CVE-2012-4207 The HZ-GB-2312 character-set implementation does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. - CVE-2012-4201 The evalInSandbox implementation uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on. - CVE-2012-4216 Use-after-free vulnerability in the gfxFont::GetFontEntry function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
    last seen2020-03-17
    modified2012-12-09
    plugin id63194
    published2012-12-09
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63194
    titleDebian DSA-2584-1 : iceape - several vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1681-1.NASL
    descriptionChristoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O
    last seen2020-06-01
    modified2020-06-02
    plugin id63447
    published2013-01-09
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63447
    titleUbuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1681-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2588.NASL
    descriptionMultiple vulnerabilities have been found in Icedove, Debian
    last seen2020-03-17
    modified2012-12-17
    plugin id63272
    published2012-12-17
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63272
    titleDebian DSA-2588-1 : icedove - several vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1638-1.NASL
    descriptionGary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-5842, CVE-2012-5843) Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Firefox. (CVE-2012-4202) It was discovered that the evalInSandbox function
    last seen2020-06-01
    modified2020-06-02
    plugin id63025
    published2012-11-23
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63025
    titleUbuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1638-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_FIREFOX-20121121-8381.NASL
    descriptionMozilla Firefox has been updated to the 10.0.11 ESR security release, which fixes various bugs and security issues. - Security researcher miaubiz used the Address Sanitizer tool to discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that have been fixed before general release. (MFSA 2012-106) In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References The following issues have been fixed in Firefox 17 and ESR 10.0.11 : o use-after-free when loading html file on osx (CVE-2012-5830) o Mesa crashes on certain texImage2D calls involving level>0 (CVE-2012-5833) o integer overflow, invalid write w/webgl bufferdata. (CVE-2012-5835) The following issues have been fixed in Firefox 17 : o crash in copyTexImage2D with image dimensions too large for given level. (CVE-2012-5838) - Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that have been fixed before general release. (MFSA 2012-105) In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References The following issues have been fixed in Firefox 17 and ESR 10.0.11 : o Heap-use-after-free in nsTextEditorState::PrepareEditor (CVE-2012-4214) o Heap-use-after-free in nsPlaintextEditor::FireClipboardEvent (CVE-2012-4215) o Heap-use-after-free in gfxFont::GetFontEntry (CVE-2012-4216) o Heap-buffer-overflow in nsWindow::OnExposeEvent (CVE-2012-5829) o heap-buffer-overflow in gfxShapedWord::CompressedGlyph::IsClusterStart o CVE-2012-5839 o Heap-use-after-free in nsTextEditorState::PrepareEditor. (CVE-2012-5840) The following issues have been fixed in Firefox 17 : o Heap-use-after-free in XPCWrappedNative::Mark (CVE-2012-4212) o Heap-use-after-free in nsEditor::FindNextLeafNode (CVE-2012-4213) o Heap-use-after-free in nsViewManager::ProcessPendingUpdates (CVE-2012-4217) o Heap-use-after-free BuildTextRunsScanner::BreakSink::SetBreaks. (CVE-2012-4218) - Security researcher Mariusz Mlynski reported that when a maliciously crafted stylesheet is inspected in the Style Inspector, HTML and CSS can run in a chrome privileged context without being properly sanitized first. This can lead to arbitrary code execution. (MFSA 2012-104 / CVE-2012-4210) - Security researcher Mariusz Mlynski reported that the location property can be accessed by binary plugins through top.location with a frame whose name attribute
    last seen2020-06-05
    modified2012-11-29
    plugin id63091
    published2012-11-29
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63091
    titleSuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8381)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_180.NASL
    descriptionThe installed version of Firefox is earlier than 18.0 and thus, is potentially affected by the following security issues : - Multiple, unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. (CVE-2012-5829, CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771) - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id63551
    published2013-01-15
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63551
    titleFirefox < 18.0 Multiple Vulnerabilities
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_10011.NASL
    descriptionThe installed version of Thunderbird 10.x is potentially affected by the following security issues : - Several memory safety bugs exist in the browser engine used in Mozilla-based products that could be exploited to execute arbitrary code. (CVE-2012-5843) - An error exists in the method
    last seen2020-06-01
    modified2020-06-02
    plugin id62999
    published2012-11-21
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62999
    titleMozilla Thunderbird 10.x < 10.0.11 Multiple Vulnerabilities
  • NASL familyWindows
    NASL idSEAMONKEY_214.NASL
    descriptionThe installed version of SeaMonkey is earlier than 2.14 and thus, is potentially affected by the following security issues : - Several memory safety bugs exist in the browser engine used in Mozilla-based products that could be exploited to execute arbitrary code. (CVE-2012-5842, CVE-2012-5843) - An error exists in the method
    last seen2020-06-01
    modified2020-06-02
    plugin id63001
    published2012-11-21
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63001
    titleSeaMonkey < 2.14 Multiple Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1681-4.NASL
    descriptionUSN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, Firefox suffered from instabilities when accessing some websites. This update fixes the problem. We apologize for the inconvenience. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O
    last seen2020-06-01
    modified2020-06-02
    plugin id64480
    published2013-02-06
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64480
    titleUbuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1681-4)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_A4ED66325AA911E28FCBC8600054B392.NASL
    descriptionThe Mozilla Project reports : MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2) MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer MFSA 2013-03 Buffer Overflow in Canvas MFSA 2013-04 URL spoofing in addressbar during page loads MFSA 2013-05 Use-after-free when displaying table with many columns and column groups MFSA 2013-06 Touch events are shared across iframes MFSA 2013-07 Crash due to handling of SSL on threads MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection MFSA 2013-09 Compartment mismatch with quickstubs returned values MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy MFSA 2013-11 Address space layout leaked in XBL objects MFSA 2013-12 Buffer overflow in JavaScript string concatenation MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype MFSA 2013-15 Privilege escalation through plugin objects MFSA 2013-16 Use-after-free in serializeToStream MFSA 2013-17 Use-after-free in ListenerManager MFSA 2013-18 Use-after-free in Vibrate MFSA 2013-19 Use-after-free in JavaScript Proxy objects MFSA 2013-20 Mis-issued TURKTRUST certificates
    last seen2020-06-01
    modified2020-06-02
    plugin id63463
    published2013-01-10
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63463
    titleFreeBSD : mozilla -- multiple vulnerabilities (a4ed6632-5aa9-11e2-8fcb-c8600054b392)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_18_0.NASL
    descriptionThe installed version of Firefox is earlier than 18.0 and thus, is potentially affected by the following security issues : - Multiple unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. (CVE-2012-5829, CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771) - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id63545
    published2013-01-15
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63545
    titleFirefox < 18.0 Multiple Vulnerabilities (Mac OS X)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-18931.NASL
    descriptionUpdate to 2.14 Fix CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-{4212-4218}, CVE-2012-5829, CVE-2012-5839, CVE-2012-5840, CVE-2012-5836, CVE-2012-4202, CVE-2012-5842, CVE-2012-5843 and others, see http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html for more info. Update to latest upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-12-04
    plugin id63141
    published2012-12-04
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63141
    titleFedora 16 : seamonkey-2.14-1.fc16 (2012-18931)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20121120_THUNDERBIRD_ON_SL5_X.NASL
    descriptionSeveral flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5839, CVE-2012-5840, CVE-2012-5842) A buffer overflow flaw was found in the way Thunderbird handled GIF (Graphics Interchange Format) images. Content containing a malicious GIF image could cause Thunderbird to crash or, possibly, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-4202) A flaw was found in the way Thunderbird decoded the HZ-GB-2312 character encoding. Malicious content could cause Thunderbird to run JavaScript code with the permissions of different content. (CVE-2012-4207) A flaw was found in the location object implementation in Thunderbird. Malicious content could possibly use this flaw to allow restricted content to be loaded by plug-ins. (CVE-2012-4209) A flaw was found in the way cross-origin wrappers were implemented. Malicious content could use this flaw to perform cross-site scripting attacks. (CVE-2012-5841) A flaw was found in the evalInSandbox implementation in Thunderbird. Malicious content could use this flaw to perform cross-site scripting attacks. (CVE-2012-4201) Note: All issues except CVE-2012-4202 cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-03-18
    modified2012-11-23
    plugin id63020
    published2012-11-23
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63020
    titleScientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20121120)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_FIREFOX-201301-130110.NASL
    descriptionMozilla Firefox was updated to the 10.0.12ESR release. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2013-01) - Christoph Diehl, Christian Holler, Mats Palmgren, and Chiaki Ishikawa reported memory safety problems and crashes that affect Firefox ESR 10, Firefox ESR 17, and Firefox 17. (CVE-2013-0769) - Bill Gianopoulos, Benoit Jacob, Christoph Diehl, Christian Holler, Gary Kwong, Robert O
    last seen2020-06-05
    modified2013-01-25
    plugin id64136
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64136
    titleSuSE 11.2 Security Update : MozillaFirefox (SAT Patch Number 7224)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-820.NASL
    descriptionChanges in seamonkey : - update to SeaMonkey 2.14 (bnc#790140) - MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 Miscellaneous memory safety hazards - MFSA 2012-92/CVE-2012-4202 (bmo#758200) Buffer overflow while rendering GIF images - MFSA 2012-93/CVE-2012-4201 (bmo#747607) evalInSanbox location context incorrectly applied - MFSA 2012-94/CVE-2012-5836 (bmo#792857) Crash when combining SVG text on path with CSS - MFSA 2012-96/CVE-2012-4204 (bmo#778603) Memory corruption in str_unescape - MFSA 2012-97/CVE-2012-4205 (bmo#779821) XMLHttpRequest inherits incorrect principal within sandbox - MFSA 2012-99/CVE-2012-4208 (bmo#798264) XrayWrappers exposes chrome-only properties when not in chrome compartment - MFSA 2012-100/CVE-2012-5841 (bmo#805807) Improper security filtering for cross-origin wrappers - MFSA 2012-101/CVE-2012-4207 (bmo#801681) Improper character decoding in HZ-GB-2312 charset - MFSA 2012-103/CVE-2012-4209 (bmo#792405) Frames can shadow top.location - MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/ CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/ CVE-2012-4213/CVE-2012-4217/CVE-2012-4218 Use-after-free and buffer overflow issues found using Address Sanitizer - MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2 012-5838 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer - rebased patches - disabled WebRTC since build is broken (bmo#776877)
    last seen2020-06-05
    modified2014-06-13
    plugin id74827
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74827
    titleopenSUSE Security Update : seamonkey (openSUSE-SU-2012:1584-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-818.NASL
    descriptionChanges in MozillaThunderbird : - update to Thunderbird 17.0 (bnc#790140) - MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 Miscellaneous memory safety hazards - MFSA 2012-92/CVE-2012-4202 (bmo#758200) Buffer overflow while rendering GIF images - MFSA 2012-93/CVE-2012-4201 (bmo#747607) evalInSanbox location context incorrectly applied - MFSA 2012-94/CVE-2012-5836 (bmo#792857) Crash when combining SVG text on path with CSS - MFSA 2012-96/CVE-2012-4204 (bmo#778603) Memory corruption in str_unescape - MFSA 2012-97/CVE-2012-4205 (bmo#779821) XMLHttpRequest inherits incorrect principal within sandbox - MFSA 2012-99/CVE-2012-4208 (bmo#798264) XrayWrappers exposes chrome-only properties when not in chrome compartment - MFSA 2012-100/CVE-2012-5841 (bmo#805807) Improper security filtering for cross-origin wrappers - MFSA 2012-101/CVE-2012-4207 (bmo#801681) Improper character decoding in HZ-GB-2312 charset - MFSA 2012-102/CVE-2012-5837 (bmo#800363) Script entered into Developer Toolbar runs with chrome privileges - MFSA 2012-103/CVE-2012-4209 (bmo#792405) Frames can shadow top.location - MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/ CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/ CVE-2012-4213/CVE-2012-4217/CVE-2012-4218 Use-after-free and buffer overflow issues found using Address Sanitizer - MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2 012-5838 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer - rebased patches - disabled WebRTC since build is broken (bmo#776877) - update Enigmail to 1.4.6
    last seen2020-06-05
    modified2014-06-13
    plugin id74825
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74825
    titleopenSUSE Security Update : MozillaThunderbird (openSUSE-SU-2012:1585-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2013-0306-1.NASL
    descriptionMozilla Firefox is updated to the 10.0.12ESR version. This is a roll-up update for LTSS. It fixes a lot of security issues and bugs. 10.0.12ESR fixes specifically : MFSA 2013-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Christoph Diehl, Christian Holler, Mats Palmgren, and Chiaki Ishikawa reported memory safety problems and crashes that affect Firefox ESR 10, Firefox ESR 17, and Firefox 17. (CVE-2013-0769) Bill Gianopoulos, Benoit Jacob, Christoph Diehl, Christian Holler, Gary Kwong, Robert O
    last seen2020-06-05
    modified2015-05-20
    plugin id83574
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83574
    titleSUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2013:0306-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_D23119DF335D11E2B64CC8600054B392.NASL
    descriptionThe Mozilla Project reports : MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11) MFSA 2012-92 Buffer overflow while rendering GIF images MFSA 2012-93 evalInSanbox location context incorrectly applied MFSA 2012-94 Crash when combining SVG text on path with CSS MFSA 2012-95 Javascript: URLs run in privileged context on New Tab page MFSA 2012-96 Memory corruption in str_unescape MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox MFSA 2012-98 Firefox installer DLL hijacking MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment MFSA 2012-100 Improper security filtering for cross-origin wrappers MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset MFSA 2012-102 Script entered into Developer Toolbar runs with chrome privileges MFSA 2012-103 Frames can shadow top.location MFSA 2012-104 CSS and HTML injection through Style Inspector MFSA 2012-105 Use-after-free and buffer overflow issues found MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer
    last seen2020-06-01
    modified2020-06-02
    plugin id62979
    published2012-11-21
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62979
    titleFreeBSD : mozilla -- multiple vulnerabilities (d23119df-335d-11e2-b64c-c8600054b392)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-18894.NASL
    descriptionUpdate to 2.14 Fix CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-{4212-4218}, CVE-2012-5829, CVE-2012-5839, CVE-2012-5840, CVE-2012-5836, CVE-2012-4202, CVE-2012-5842, CVE-2012-5843 and others, see http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html for more info. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-12-04
    plugin id63140
    published2012-12-04
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63140
    titleFedora 18 : seamonkey-2.14-1.fc18 (2012-18894)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_17_0.NASL
    descriptionThe installed version of Firefox is earlier than 17.0 and thus, is potentially affected by the following security issues : - Several memory safety bugs exist in the browser engine used in Mozilla-based products that could be exploited to execute arbitrary code. (CVE-2012-5842, CVE-2012-5843) - An error exists in the method
    last seen2020-06-01
    modified2020-06-02
    plugin id62994
    published2012-11-21
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62994
    titleFirefox < 17.0 Multiple Vulnerabilities (Mac OS X)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_FIREFOX-20121121-121123.NASL
    descriptionMozilla Firefox has been updated to the 10.0.11 ESR security release, which fixes various bugs and security issues. - Security researcher miaubiz used the Address Sanitizer tool to discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that have been fixed before general release. (MFSA 2012-106) In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References The following issues have been fixed in Firefox 17 and ESR 10.0.11 : - use-after-free when loading html file on osx. (CVE-2012-5830) - Mesa crashes on certain texImage2D calls involving level>0. (CVE-2012-5833) - integer overflow, invalid write w/webgl bufferdata (CVE-2012-5835) The following issues have been fixed in Firefox 17 : - crash in copyTexImage2D with image dimensions too large for given level. (CVE-2012-5838) - Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that have been fixed before general release. (MFSA 2012-105) In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References The following issues have been fixed in Firefox 17 and ESR 10.0.11 : - Heap-use-after-free in nsTextEditorState::PrepareEditor. (CVE-2012-4214) - Heap-use-after-free in nsPlaintextEditor::FireClipboardEvent. (CVE-2012-4215) - Heap-use-after-free in gfxFont::GetFontEntry. (CVE-2012-4216) - Heap-buffer-overflow in nsWindow::OnExposeEvent. (CVE-2012-5829) - heap-buffer-overflow in gfxShapedWord::CompressedGlyph::IsClusterStart - CVE-2012-5839 - Heap-use-after-free in nsTextEditorState::PrepareEditor (CVE-2012-5840) The following issues have been fixed in Firefox 17 : - Heap-use-after-free in XPCWrappedNative::Mark. (CVE-2012-4212) - Heap-use-after-free in nsEditor::FindNextLeafNode. (CVE-2012-4213) - Heap-use-after-free in nsViewManager::ProcessPendingUpdates. (CVE-2012-4217) - Heap-use-after-free BuildTextRunsScanner::BreakSink::SetBreaks. (CVE-2012-4218) - Security researcher Mariusz Mlynski reported that when a maliciously crafted stylesheet is inspected in the Style Inspector, HTML and CSS can run in a chrome privileged context without being properly sanitized first. This can lead to arbitrary code execution. (MFSA 2012-104 / CVE-2012-4210) - Security researcher Mariusz Mlynski reported that the location property can be accessed by binary plugins through top.location with a frame whose name attribute
    last seen2020-06-05
    modified2013-01-25
    plugin id64135
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64135
    titleSuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7093)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_170.NASL
    descriptionThe installed version of Firefox is earlier than 17.0 and thus, is potentially affected by the following security issues : - Several memory safety bugs exist in the browser engine used in Mozilla-based products that could be exploited to execute arbitrary code. (CVE-2012-5842, CVE-2012-5843) - An error exists in the method
    last seen2020-06-01
    modified2020-06-02
    plugin id62998
    published2012-11-21
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62998
    titleFirefox < 17.0 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_10_0_11.NASL
    descriptionThe installed version of Thunderbird 10.x is potentially affected by the following security issues : - Several memory safety bugs exist in the browser engine used in Mozilla-based products that could be exploited to execute arbitrary code. (CVE-2012-5843) - An error exists in the method
    last seen2020-06-01
    modified2020-06-02
    plugin id62995
    published2012-11-21
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62995
    titleThunderbird 10.x < 10.0.11 Multiple Vulnerabilities (Mac OS X)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-1483.NASL
    descriptionFrom Red Hat Security Advisory 2012:1483 : An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5839, CVE-2012-5840, CVE-2012-5842) A buffer overflow flaw was found in the way Thunderbird handled GIF (Graphics Interchange Format) images. Content containing a malicious GIF image could cause Thunderbird to crash or, possibly, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-4202) A flaw was found in the way Thunderbird decoded the HZ-GB-2312 character encoding. Malicious content could cause Thunderbird to run JavaScript code with the permissions of different content. (CVE-2012-4207) A flaw was found in the location object implementation in Thunderbird. Malicious content could possibly use this flaw to allow restricted content to be loaded by plug-ins. (CVE-2012-4209) A flaw was found in the way cross-origin wrappers were implemented. Malicious content could use this flaw to perform cross-site scripting attacks. (CVE-2012-5841) A flaw was found in the evalInSandbox implementation in Thunderbird. Malicious content could use this flaw to perform cross-site scripting attacks. (CVE-2012-4201) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Abhishek Arya, miaubiz, Jesse Ruderman, Andrew McCreight, Bob Clary, Kyle Huey, Atte Kettunen, Masato Kinugawa, Mariusz Mlynski, Bobby Holley, and moz_bug_r_a4 as the original reporters of these issues. Note: All issues except CVE-2012-4202 cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.11 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2013-07-12
    plugin id68660
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68660
    titleOracle Linux 6 : thunderbird (ELSA-2012-1483)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-18952.NASL
    descriptionUpdate to 2.14 Fix CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-{4212-4218}, CVE-2012-5829, CVE-2012-5839, CVE-2012-5840, CVE-2012-5836, CVE-2012-4202, CVE-2012-5842, CVE-2012-5843 and others, see http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html for more info. Update to latest upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-12-04
    plugin id63142
    published2012-12-04
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63142
    titleFedora 17 : seamonkey-2.14-1.fc17 (2012-18952)
  • NASL familyWindows
    NASL idSEAMONKEY_215.NASL
    descriptionThe installed version of SeaMonkey is earlier than 2.15 and thus, is potentially affected by the following security issues : - Multiple, unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. (CVE-2012-5829, CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771) - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id63554
    published2013-01-15
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63554
    titleSeaMonkey < 2.15 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_10_0_11.NASL
    descriptionThe installed version of Firefox is earlier than 10.0.11 and thus, is potentially affected by the following security issues : - Several memory safety bugs exist in the browser engine used in Mozilla-based products that could be exploited to execute arbitrary code. (CVE-2012-5843) - An error exists in the method
    last seen2020-06-01
    modified2020-06-02
    plugin id62993
    published2012-11-21
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62993
    titleFirefox < 10.0.11 Multiple Vulnerabilities (Mac OS X)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_17_0.NASL
    descriptionThe installed version of Thunderbird 16.x is potentially affected by the following security issues : - Several memory safety bugs exist in the browser engine used in Mozilla-based products that could be exploited to execute arbitrary code. (CVE-2012-5842, CVE-2012-5843) - An error exists in the method
    last seen2020-06-01
    modified2020-06-02
    plugin id62996
    published2012-11-21
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62996
    titleThunderbird 16.x Multiple Vulnerabilities (Mac OS X)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_10011.NASL
    descriptionThe installed version of Firefox 10.x is potentially affected by the following security issues : - Several memory safety bugs exist in the browser engine used in Mozilla-based products that could be exploited to execute arbitrary code. (CVE-2012-5843) - An error exists in the method
    last seen2020-06-01
    modified2020-06-02
    plugin id62997
    published2012-11-21
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62997
    titleFirefox 10.x < 10.0.11 Multiple Vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-1482.NASL
    descriptionFrom Red Hat Security Advisory 2012:1482 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5839, CVE-2012-5840, CVE-2012-5842) A buffer overflow flaw was found in the way Firefox handled GIF (Graphics Interchange Format) images. A web page containing a malicious GIF image could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-4202) A flaw was found in the way the Style Inspector tool in Firefox handled certain Cascading Style Sheets (CSS). Running the tool (Tools -> Web Developer -> Inspect) on malicious CSS could result in the execution of HTML and CSS content with chrome privileges. (CVE-2012-4210) A flaw was found in the way Firefox decoded the HZ-GB-2312 character encoding. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2012-4207) A flaw was found in the location object implementation in Firefox. Malicious content could possibly use this flaw to allow restricted content to be loaded by plug-ins. (CVE-2012-4209) A flaw was found in the way cross-origin wrappers were implemented. Malicious content could use this flaw to perform cross-site scripting attacks. (CVE-2012-5841) A flaw was found in the evalInSandbox implementation in Firefox. Malicious content could use this flaw to perform cross-site scripting attacks. (CVE-2012-4201) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.11 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Abhishek Arya, miaubiz, Jesse Ruderman, Andrew McCreight, Bob Clary, Kyle Huey, Atte Kettunen, Mariusz Mlynski, Masato Kinugawa, Bobby Holley, and moz_bug_r_a4 as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.11 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2013-07-12
    plugin id68659
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68659
    titleOracle Linux 5 / 6 : firefox (ELSA-2012-1482)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201301-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id63402
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63402
    titleGLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1636-1.NASL
    descriptionGary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or arbitrary code as the user invoking the program. (CVE-2012-5842, CVE-2012-5843) Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Thunderbird. (CVE-2012-4202) It was discovered that the evalInSandbox function
    last seen2020-06-01
    modified2020-06-02
    plugin id63023
    published2012-11-23
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63023
    titleUbuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1636-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1681-3.NASL
    descriptionUSN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, some translations became unusable after upgrading. This update fixes the problem. We apologize for the inconvenience. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O
    last seen2020-06-01
    modified2020-06-02
    plugin id63665
    published2013-01-23
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63665
    titleUbuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1681-3)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1681-2.NASL
    descriptionUSN-1681-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O
    last seen2020-06-01
    modified2020-06-02
    plugin id63448
    published2013-01-09
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63448
    titleUbuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1681-2)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1638-3.NASL
    descriptionUSN-1638-1 fixed vulnerabilities in Firefox. The new packages introduced regressions in cookies handling and the User Agent string. This update fixes the problem. Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-5842, CVE-2012-5843) Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Firefox. (CVE-2012-4202) It was discovered that the evalInSandbox function
    last seen2020-06-01
    modified2020-06-02
    plugin id63145
    published2012-12-04
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63145
    titleUbuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regressions (USN-1638-3)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1482.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5839, CVE-2012-5840, CVE-2012-5842) A buffer overflow flaw was found in the way Firefox handled GIF (Graphics Interchange Format) images. A web page containing a malicious GIF image could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-4202) A flaw was found in the way the Style Inspector tool in Firefox handled certain Cascading Style Sheets (CSS). Running the tool (Tools -> Web Developer -> Inspect) on malicious CSS could result in the execution of HTML and CSS content with chrome privileges. (CVE-2012-4210) A flaw was found in the way Firefox decoded the HZ-GB-2312 character encoding. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2012-4207) A flaw was found in the location object implementation in Firefox. Malicious content could possibly use this flaw to allow restricted content to be loaded by plug-ins. (CVE-2012-4209) A flaw was found in the way cross-origin wrappers were implemented. Malicious content could use this flaw to perform cross-site scripting attacks. (CVE-2012-5841) A flaw was found in the evalInSandbox implementation in Firefox. Malicious content could use this flaw to perform cross-site scripting attacks. (CVE-2012-4201) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.11 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Abhishek Arya, miaubiz, Jesse Ruderman, Andrew McCreight, Bob Clary, Kyle Huey, Atte Kettunen, Mariusz Mlynski, Masato Kinugawa, Bobby Holley, and moz_bug_r_a4 as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.11 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2012-11-21
    plugin id62980
    published2012-11-21
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62980
    titleRHEL 5 / 6 : firefox (RHSA-2012:1482)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-817.NASL
    descriptionChanges in MozillaFirefox : - update to Firefox 17.0 (bnc#790140) - MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 Miscellaneous memory safety hazards - MFSA 2012-92/CVE-2012-4202 (bmo#758200) Buffer overflow while rendering GIF images - MFSA 2012-93/CVE-2012-4201 (bmo#747607) evalInSanbox location context incorrectly applied - MFSA 2012-94/CVE-2012-5836 (bmo#792857) Crash when combining SVG text on path with CSS - MFSA 2012-95/CVE-2012-4203 (bmo#765628) Javascript: URLs run in privileged context on New Tab page - MFSA 2012-96/CVE-2012-4204 (bmo#778603) Memory corruption in str_unescape - MFSA 2012-97/CVE-2012-4205 (bmo#779821) XMLHttpRequest inherits incorrect principal within sandbox - MFSA 2012-99/CVE-2012-4208 (bmo#798264) XrayWrappers exposes chrome-only properties when not in chrome compartment - MFSA 2012-100/CVE-2012-5841 (bmo#805807) Improper security filtering for cross-origin wrappers - MFSA 2012-101/CVE-2012-4207 (bmo#801681) Improper character decoding in HZ-GB-2312 charset - MFSA 2012-102/CVE-2012-5837 (bmo#800363) Script entered into Developer Toolbar runs with chrome privileges - MFSA 2012-103/CVE-2012-4209 (bmo#792405) Frames can shadow top.location - MFSA 2012-104/CVE-2012-4210 (bmo#796866) CSS and HTML injection through Style Inspector - MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/ CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/ CVE-2012-4213/CVE-2012-4217/CVE-2012-4218 Use-after-free and buffer overflow issues found using Address Sanitizer - MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2 012-5838 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer - rebased patches - disabled WebRTC since build is broken (bmo#776877)
    last seen2020-06-05
    modified2014-06-13
    plugin id74824
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74824
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:1583-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_FIREFOX-201301-8426.NASL
    descriptionMozilla Firefox was updated to the 10.0.12ESR release. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2013-01) o Christoph Diehl, Christian Holler, Mats Palmgren, and Chiaki Ishikawa reported memory safety problems and crashes that affect Firefox ESR 10, Firefox ESR 17, and Firefox 17. (CVE-2013-0769) o Bill Gianopoulos, Benoit Jacob, Christoph Diehl, Christian Holler, Gary Kwong, Robert O
    last seen2020-06-05
    modified2013-01-20
    plugin id63626
    published2013-01-20
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63626
    titleSuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 8426)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_170.NASL
    descriptionThe installed version of Thunderbird is earlier than 17.0 and thus, is potentially affected by the following security issues : - Several memory safety bugs exist in the browser engine used in Mozilla-based products that could be exploited to execute arbitrary code. (CVE-2012-5842, CVE-2012-5843) - An error exists in the method
    last seen2020-06-01
    modified2020-06-02
    plugin id63000
    published2012-11-21
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63000
    titleMozilla Thunderbird < 17.0 Multiple Vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2583.NASL
    descriptionMultiple vulnerabilities have been found in Iceweasel, the Debian web browser based on Mozilla Firefox : - CVE-2012-5829 Heap-based buffer overflow in the nsWindow::OnExposeEvent function could allow remote attackers to execute arbitrary code. - CVE-2012-5842 Multiple unspecified vulnerabilities in the browser engine could allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code. - CVE-2012-4207 The HZ-GB-2312 character-set implementation does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. - CVE-2012-4201 The evalInSandbox implementation uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on. - CVE-2012-4216 Use-after-free vulnerability in the gfxFont::GetFontEntry function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
    last seen2020-03-17
    modified2012-12-09
    plugin id63193
    published2012-12-09
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63193
    titleDebian DSA-2583-1 : iceweasel - several vulnerabilities

Oval

accepted2014-10-06T04:02:10.398-04:00
classvulnerability
contributors
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameRichard Helbing
    organizationbaramundi software
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
definition_extensions
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Seamonkey is installed
    ovaloval:org.mitre.oval:def:6372
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox ESR is installed
    ovaloval:org.mitre.oval:def:22414
  • commentMozilla Thunderbird ESR is installed
    ovaloval:org.mitre.oval:def:22216
descriptionHeap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.
familywindows
idoval:org.mitre.oval:def:16849
statusaccepted
submitted2013-05-13T10:26:26.748+04:00
titleHeap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.
version35

Redhat

advisories
  • rhsa
    idRHSA-2012:1482
  • rhsa
    idRHSA-2012:1483
rpms
  • firefox-0:10.0.11-1.el5_8
  • firefox-0:10.0.11-1.el6_3
  • firefox-debuginfo-0:10.0.11-1.el5_8
  • firefox-debuginfo-0:10.0.11-1.el6_3
  • xulrunner-0:10.0.11-1.el5_8
  • xulrunner-0:10.0.11-1.el6_3
  • xulrunner-debuginfo-0:10.0.11-1.el5_8
  • xulrunner-debuginfo-0:10.0.11-1.el6_3
  • xulrunner-devel-0:10.0.11-1.el5_8
  • xulrunner-devel-0:10.0.11-1.el6_3
  • thunderbird-0:10.0.11-1.el5_8
  • thunderbird-0:10.0.11-1.el6_3
  • thunderbird-debuginfo-0:10.0.11-1.el5_8
  • thunderbird-debuginfo-0:10.0.11-1.el6_3

References