Vulnerabilities > CVE-2013-0747 - Improper Input Validation vulnerability in multiple products

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL

Summary

The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event.

Vulnerable Configurations

Part Description Count
Application
Mozilla
600
OS
Opensuse
3
OS
Suse
7
OS
Canonical
4

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Server Side Include (SSI) Injection
    An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
  • Cross Zone Scripting
    An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-17.NASL
    descriptionThe Mozilla January 8th 2013 security release contains updates : Mozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was updated to version 2.15. Mozilla Thunderbird was updated to version 17.0.2. Mozilla XULRunner was updated to version 17.0.2. - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 Miscellaneous memory safety hazards - MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20 13-0767 CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 Use-after-free and buffer overflow issues found using Address Sanitizer - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow in Canvas - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in addressbar during page loads - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free when displaying table with many columns and column groups - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are shared across iframes - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to handling of SSL on threads - MFSA 2013-08/CVE-2013-0745 (bmo#794158) AutoWrapperChanger fails to keep objects alive during garbage collection - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment mismatch with quickstubs returned values - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event manipulation in plugin handler to bypass same-origin policy - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space layout leaked in XBL objects - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow in JavaScript string concatenation - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption in XBL with XML bindings containing SVG - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object Wrapper (COW) bypass through changing prototype - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege escalation through plugin objects - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in serializeToStream - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in ListenerManager - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in Vibrate - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in JavaScript Proxy objects Mozilla NSPR was updated to 4.9.4, containing some small bugfixes and new features. Mozilla NSS was updated to 3.14.1 containing various new features, security fix and bugfixes : - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628) revoke mis-issued intermediate certificates from TURKTRUST Cryptographic changes done : - Support for TLS 1.1 (RFC 4346) - Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764) - Support for AES-CTR, AES-CTS, and AES-GCM - Support for Keying Material Exporters for TLS (RFC 5705) - Support for certificate signatures using the MD5 hash algorithm is now disabled by default - The NSS license has changed to MPL 2.0. Previous releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1 tri-license. For more information about MPL 2.0, please see http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional explanation on GPL/LGPL compatibility, see security/nss/COPYING in the source code. - Export and DES cipher suites are disabled by default. Non-ECC AES and Triple DES cipher suites are enabled by default Please see http://www.mozilla.org/security/announce/ for more information.
    last seen2020-06-05
    modified2014-06-13
    plugin id74918
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74918
    titleopenSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2013-17.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74918);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-0759", "CVE-2012-5829", "CVE-2013-0744", "CVE-2013-0745", "CVE-2013-0746", "CVE-2013-0747", "CVE-2013-0748", "CVE-2013-0749", "CVE-2013-0750", "CVE-2013-0751", "CVE-2013-0752", "CVE-2013-0753", "CVE-2013-0754", "CVE-2013-0755", "CVE-2013-0756", "CVE-2013-0757", "CVE-2013-0758", "CVE-2013-0759", "CVE-2013-0760", "CVE-2013-0761", "CVE-2013-0762", "CVE-2013-0763", "CVE-2013-0764", "CVE-2013-0766", "CVE-2013-0767", "CVE-2013-0768", "CVE-2013-0769", "CVE-2013-0770", "CVE-2013-0771");
    
      script_name(english:"openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)");
      script_summary(english:"Check for the openSUSE-2013-17 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Mozilla January 8th 2013 security release contains updates :
    
    Mozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was
    updated to version 2.15. Mozilla Thunderbird was updated to version
    17.0.2. Mozilla XULRunner was updated to version 17.0.2.
    
      - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770
        Miscellaneous memory safety hazards
    
      - MFSA
        2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20
        13-0767
        CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829
        Use-after-free and buffer overflow issues found using
        Address Sanitizer
    
      - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow
        in Canvas
    
      - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in
        addressbar during page loads
    
      - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free
        when displaying table with many columns and column
        groups
    
      - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are
        shared across iframes
    
      - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to
        handling of SSL on threads
    
      - MFSA 2013-08/CVE-2013-0745 (bmo#794158)
        AutoWrapperChanger fails to keep objects alive during
        garbage collection
    
      - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment
        mismatch with quickstubs returned values
    
      - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event
        manipulation in plugin handler to bypass same-origin
        policy
    
      - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space
        layout leaked in XBL objects
    
      - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow
        in JavaScript string concatenation
    
      - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory
        corruption in XBL with XML bindings containing SVG
    
      - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object
        Wrapper (COW) bypass through changing prototype
    
      - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege
        escalation through plugin objects
    
      - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free
        in serializeToStream
    
      - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free
        in ListenerManager
    
      - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free
        in Vibrate
    
      - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free
        in JavaScript Proxy objects
    
    Mozilla NSPR was updated to 4.9.4, containing some small bugfixes and
    new features.
    
    Mozilla NSS was updated to 3.14.1 containing various new features,
    security fix and bugfixes :
    
      - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)
        revoke mis-issued intermediate certificates from
        TURKTRUST
    
    Cryptographic changes done :
    
      - Support for TLS 1.1 (RFC 4346)
    
      - Experimental support for DTLS 1.0 (RFC 4347) and
        DTLS-SRTP (RFC 5764)
    
      - Support for AES-CTR, AES-CTS, and AES-GCM
    
      - Support for Keying Material Exporters for TLS (RFC 5705)
    
      - Support for certificate signatures using the MD5 hash
        algorithm is now disabled by default
    
      - The NSS license has changed to MPL 2.0. Previous
        releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1
        tri-license. For more information about MPL 2.0, please
        see http://www.mozilla.org/MPL/2.0/FAQ.html. For an
        additional explanation on GPL/LGPL compatibility, see
        security/nss/COPYING in the source code.
    
      - Export and DES cipher suites are disabled by default.
        Non-ECC AES and Triple DES cipher suites are enabled by
        default
    
    Please see http://www.mozilla.org/security/announce/ for more
    information."
      );
      # http://www.mozilla.org/MPL/2.0/FAQ.html.
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/MPL/2.0/FAQ.html."
      );
      # http://www.mozilla.org/security/announce/
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=796628"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox / seamonkey / thunderbird packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox 17.0.1 Flash Privileged Code Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-irc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-other");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-venkman");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-buildsymbols");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.1|SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1 / 12.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-18.0-2.58.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-branding-upstream-18.0-2.58.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-buildsymbols-18.0-2.58.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-debuginfo-18.0-2.58.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-debugsource-18.0-2.58.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-devel-18.0-2.58.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-translations-common-18.0-2.58.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-translations-other-18.0-2.58.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-buildsymbols-17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-debuginfo-17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-debugsource-17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-devel-17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-devel-debuginfo-17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-translations-common-17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-translations-other-17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"enigmail-1.5.0+17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"enigmail-debuginfo-1.5.0+17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"libfreebl3-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"libfreebl3-debuginfo-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"libsoftokn3-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"libsoftokn3-debuginfo-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-js-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-js-debuginfo-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nspr-4.9.4-3.11.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nspr-debuginfo-4.9.4-3.11.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nspr-debugsource-4.9.4-3.11.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nspr-devel-4.9.4-3.11.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-certs-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-certs-debuginfo-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-debuginfo-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-debugsource-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-devel-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-sysinit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-sysinit-debuginfo-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-tools-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-tools-debuginfo-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-2.15-2.49.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-debuginfo-2.15-2.49.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-debugsource-2.15-2.49.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-dom-inspector-2.15-2.49.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-irc-2.15-2.49.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-translations-common-2.15-2.49.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-translations-other-2.15-2.49.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-venkman-2.15-2.49.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-buildsymbols-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-debuginfo-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-debugsource-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-devel-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-devel-debuginfo-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libfreebl3-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libsoftokn3-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-js-32bit-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-js-debuginfo-32bit-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-nspr-32bit-4.9.4-3.11.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-nspr-debuginfo-32bit-4.9.4-3.11.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-nss-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"xulrunner-32bit-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"xulrunner-debuginfo-32bit-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-18.0-2.29.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-branding-upstream-18.0-2.29.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-buildsymbols-18.0-2.29.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-debuginfo-18.0-2.29.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-debugsource-18.0-2.29.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-devel-18.0-2.29.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-translations-common-18.0-2.29.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-translations-other-18.0-2.29.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-buildsymbols-17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-debuginfo-17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-debugsource-17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-devel-17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-devel-debuginfo-17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-translations-common-17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-translations-other-17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"enigmail-1.5.0+17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"enigmail-debuginfo-1.5.0+17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"libfreebl3-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"libfreebl3-debuginfo-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"libsoftokn3-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"libsoftokn3-debuginfo-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-js-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-js-debuginfo-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nspr-4.9.4-1.8.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nspr-debuginfo-4.9.4-1.8.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nspr-debugsource-4.9.4-1.8.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nspr-devel-4.9.4-1.8.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-certs-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-certs-debuginfo-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-debuginfo-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-debugsource-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-devel-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-sysinit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-sysinit-debuginfo-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-tools-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-tools-debuginfo-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-2.15-2.30.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-debuginfo-2.15-2.30.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-debugsource-2.15-2.30.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-dom-inspector-2.15-2.30.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-irc-2.15-2.30.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-translations-common-2.15-2.30.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-translations-other-2.15-2.30.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-venkman-2.15-2.30.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-buildsymbols-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-debuginfo-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-debugsource-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-devel-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-devel-debuginfo-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libfreebl3-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libsoftokn3-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-js-32bit-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-js-debuginfo-32bit-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nspr-32bit-4.9.4-1.8.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nspr-debuginfo-32bit-4.9.4-1.8.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xulrunner-32bit-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xulrunner-debuginfo-32bit-17.0.2-2.26.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-upstream / etc");
    }
    
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_1702.NASL
    descriptionThe installed version of Firefox 17.x is potentially affected by the following security issues : - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id63550
    published2013-01-15
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63550
    titleFirefox ESR 17.x < 17.0.2 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63550);
      script_version("1.19");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id(
        "CVE-2013-0744",
        "CVE-2013-0745",
        "CVE-2013-0746",
        "CVE-2013-0747",
        "CVE-2013-0748",
        "CVE-2013-0750",
        "CVE-2013-0752",
        "CVE-2013-0753",
        "CVE-2013-0754",
        "CVE-2013-0755",
        "CVE-2013-0756",
        "CVE-2013-0757",
        "CVE-2013-0758",
        "CVE-2013-0759",
        "CVE-2013-0764",
        "CVE-2013-0768"
      );
      script_bugtraq_id(
        57204,
        57209,
        57211,
        57213,
        57215,
        57217,
        57218,
        57228,
        57232,
        57234,
        57235,
        57236,
        57238,
        57240,
        57241,
        57244,
        57258
      );
    
      script_name(english:"Firefox ESR 17.x < 17.0.2 Multiple Vulnerabilities");
      script_summary(english:"Checks version of Firefox");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a web browser that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Firefox 17.x is potentially affected by the
    following security issues :
        
      - Two intermediate certificates were improperly issued by
        TURKTRUST certificate authority. (CVE-2013-0743)
    
      - A use-after-free error exists related to displaying
        HTML tables with many columns and column groups.
        (CVE-2013-0744)
    
      - An error exists related to the 'AutoWrapperChanger'
        class that does not properly manage objects during
        garbage collection. (CVE-2012-0745)
    
      - An error exists related to 'jsval', 'quickstubs', and
        compartmental mismatches that could lead to potentially
        exploitable crashes. (CVE-2013-0746)
    
      - Errors exist related to events in the plugin handler
        that could allow same-origin policy bypass.
        (CVE-2013-0747)
    
      - An error related to the 'toString' method of XBL
        objects could lead to address information leakage.
        (CVE-2013-0748)
    
      - A buffer overflow exists related to JavaScript string
        concatenation. (CVE-2013-0750)
        
      - An error exists related to multiple XML bindings with
        SVG content, contained in XBL files. (CVE-2013-0752)
    
      - A use-after-free error exists related to
        'XMLSerializer' and 'serializeToStream'.
        (CVE-2013-0753)
    
      - A use-after-free error exists related to garbage
        collection and 'ListenManager'. (CVE-2013-0754)
    
      - A use-after-free error exists related to the 'Vibrate'
        library and 'domDoc'. (CVE-2013-0755)
    
      - A use-after-free error exists related to JavaScript
        'Proxy' objects. (CVE-2013-0756)
      
      - 'Chrome Object Wrappers' (COW) can be bypassed by
        changing object prototypes, which could allow 
        arbitrary code execution. (CVE-2013-0757)
    
      - An error related to SVG elements and plugins could 
        allow privilege escalation. (CVE-2013-0758)
    
      - An error exists related to the address bar that could
        allow URL spoofing attacks. (CVE-2013-0759)
    
      - An error exists related to SSL and threading that
        could result in potentially exploitable crashes.
        (CVE-2013-0764)
    
      - An error exists related to 'Canvas' and bad height or
        width values passed to it from HTML. (CVE-2013-0768)");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-003/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-006/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-037/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-038/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-039/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-03/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-04/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-05/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-07/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-08/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-09/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-10/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-11/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-12/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-13/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-14/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-15/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-16/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-17/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-18/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-19/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-20/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Firefox 17.0.2 ESR or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0768");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox 17.0.1 Flash Privileged Code Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Firefox/Version");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    port = get_kb_item_or_exit("SMB/transport"); 
    
    installs = get_kb_list("SMB/Mozilla/Firefox/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");
    
    mozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'17.0.2', min:'17.0', severity:SECURITY_HOLE, xss:TRUE);
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_17_0_2.NASL
    descriptionThe installed version of Thunderbird is earlier than 17.0.2 and thus, is potentially affected by the following security issues : - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id63547
    published2013-01-15
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63547
    titleThunderbird < 17.0.2 Multiple Vulnerabilities (Mac OS X)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63547);
      script_version("1.19");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id(
        "CVE-2013-0744",
        "CVE-2013-0745",
        "CVE-2013-0746",
        "CVE-2013-0747",
        "CVE-2013-0748",
        "CVE-2013-0749",
        "CVE-2013-0750",
        "CVE-2013-0752",
        "CVE-2013-0753",
        "CVE-2013-0754",
        "CVE-2013-0755",
        "CVE-2013-0756",
        "CVE-2013-0757",
        "CVE-2013-0758",
        "CVE-2013-0759",
        "CVE-2013-0761",
        "CVE-2013-0762",
        "CVE-2013-0763",
        "CVE-2013-0764",
        "CVE-2013-0766",
        "CVE-2013-0767",
        "CVE-2013-0768",
        "CVE-2013-0769",
        "CVE-2013-0771"
      );
      script_bugtraq_id(
        57193,
        57194,
        57195,
        57196,
        57197,
        57198,
        57203,
        57204,
        57205,
        57209,
        57211,
        57213,
        57215,
        57217,
        57218,
        57228,
        57232,
        57234,
        57235,
        57236,
        57238,
        57240,
        57241,
        57244,
        57258
      );
    
      script_name(english:"Thunderbird < 17.0.2 Multiple Vulnerabilities (Mac OS X)");
      script_summary(english:"Checks version of Thunderbird");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Mac OS X host contains a mail client that is potentially
    affected by several vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Thunderbird is earlier than 17.0.2 and thus,
    is potentially affected by the following security issues :
        
      - Two intermediate certificates were improperly issued by
        TURKTRUST certificate authority. (CVE-2013-0743)
    
      - A use-after-free error exists related to displaying
        HTML tables with many columns and column groups.
        (CVE-2013-0744)
    
      - An error exists related to the 'AutoWrapperChanger'
        class that does not properly manage objects during
        garbage collection. (CVE-2012-0745)
    
      - An error exists related to 'jsval', 'quickstubs', and
        compartmental mismatches that could lead to potentially
        exploitable crashes. (CVE-2013-0746)
    
      - Errors exist related to events in the plugin handler
        that could allow same-origin policy bypass.
        (CVE-2013-0747)
    
      - An error related to the 'toString' method of XBL
        objects could lead to address information leakage.
        (CVE-2013-0748)
    
      - Unspecified memory corruption issues exist.
        (CVE-2013-0749, CVE-2013-0769)
    
      - A buffer overflow exists related to JavaScript string
        concatenation. (CVE-2013-0750)
        
      - An error exists related to multiple XML bindings with
        SVG content, contained in XBL files. (CVE-2013-0752)
    
      - A use-after-free error exists related to
        'XMLSerializer' and 'serializeToStream'.
        (CVE-2013-0753)
    
      - A use-after-free error exists related to garbage
        collection and 'ListenManager'. (CVE-2013-0754)
    
      - A use-after-free error exists related to the 'Vibrate'
        library and 'domDoc'. (CVE-2013-0755)
    
      - A use-after-free error exists related to JavaScript
        'Proxy' objects. (CVE-2013-0756)
      
      - 'Chrome Object Wrappers' (COW) can be bypassed by
        changing object prototypes, which could allow 
        arbitrary code execution. (CVE-2013-0757)
    
      - An error related to SVG elements and plugins could 
        allow privilege escalation. (CVE-2013-0758)
    
      - An error exists related to the address bar that could
        allow URL spoofing attacks. (CVE-2013-0759)
    
      - Multiple, unspecified use-after-free, out-of-bounds read
        and buffer overflow errors exist. (CVE-2013-0761,
        CVE-2013-0762, CVE-2013-0763, CVE-2013-0766,
        CVE-2013-0767, CVE-2013-0771)
    
      - An error exists related to SSL and threading that
        could result in potentially exploitable crashes.
        (CVE-2013-0764)
    
      - An error exists related to 'Canvas' and bad height or
        width values passed to it from HTML. (CVE-2013-0768)");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-003/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-006/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-037/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-038/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-039/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-03/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-04/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-05/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-07/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-08/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-09/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-10/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-11/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-12/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-13/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-14/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-15/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-16/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-17/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-18/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-19/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-20/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Thunderbird 17.0.2 / 17.0.2 ESR or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0769");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox 17.0.1 Flash Privileged Code Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_thunderbird_installed.nasl");
      script_require_keys("MacOSX/Thunderbird/Installed");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    kb_base = "MacOSX/Thunderbird";
    get_kb_item_or_exit(kb_base+"/Installed");
    
    version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
    path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);
    
    mozilla_check_version(product:'thunderbird', version:version, path:path, esr:FALSE, fix:'17.0.2', skippat:'^10\\.0\\.', severity:SECURITY_HOLE, xss:TRUE);
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1681-1.NASL
    descriptionChristoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O
    last seen2020-06-01
    modified2020-06-02
    plugin id63447
    published2013-01-09
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63447
    titleUbuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1681-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1681-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63447);
      script_version("1.20");
      script_cvs_date("Date: 2019/09/19 12:54:28");
    
      script_cve_id("CVE-2012-5829", "CVE-2013-0744", "CVE-2013-0745", "CVE-2013-0746", "CVE-2013-0747", "CVE-2013-0748", "CVE-2013-0749", "CVE-2013-0750", "CVE-2013-0752", "CVE-2013-0753", "CVE-2013-0754", "CVE-2013-0755", "CVE-2013-0756", "CVE-2013-0757", "CVE-2013-0758", "CVE-2013-0759", "CVE-2013-0760", "CVE-2013-0761", "CVE-2013-0762", "CVE-2013-0763", "CVE-2013-0764", "CVE-2013-0766", "CVE-2013-0767", "CVE-2013-0768", "CVE-2013-0769", "CVE-2013-0770", "CVE-2013-0771");
      script_xref(name:"USN", value:"1681-1");
    
      script_name(english:"Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1681-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa,
    Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse
    Ruderman, and Julian Seward discovered multiple memory safety issues
    affecting Firefox. If the user were tricked into opening a specially
    crafted page, an attacker could possibly exploit these to cause a
    denial of service via application crash, or potentially execute code
    with the privileges of the user invoking Firefox. (CVE-2013-0769,
    CVE-2013-0749, CVE-2013-0770)
    
    Abhishek Arya discovered several user-after-free and buffer overflows
    in Firefox. An attacker could exploit these to cause a denial of
    service via application crash, or potentially execute code with the
    privileges of the user invoking Firefox. (CVE-2013-0760,
    CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0766,
    CVE-2013-0767, CVE-2013-0771, CVE-2012-5829)
    
    A stack buffer was discovered in Firefox. If the user were tricked
    into opening a specially crafted page, an attacker could possibly
    exploit this to cause a denial of service via application crash, or
    potentially execute code with the privileges of the user invoking
    Firefox. (CVE-2013-0768)
    
    Masato Kinugawa discovered that Firefox did not always properly
    display URL values in the address bar. A remote attacker could exploit
    this to conduct URL spoofing and phishing attacks. (CVE-2013-0759)
    
    Atte Kettunen discovered that Firefox did not properly handle HTML
    tables with a large number of columns and column groups. If the user
    were tricked into opening a specially crafted page, an attacker could
    exploit this to cause a denial of service via application crash, or
    potentially execute code with the privileges of the user invoking
    Firefox. (CVE-2013-0744)
    
    Jerry Baker discovered that Firefox did not always properly handle
    threading when performing downloads over SSL connections. An attacker
    could exploit this to cause a denial of service via application crash.
    (CVE-2013-0764)
    
    Olli Pettay and Boris Zbarsky discovered flaws in the Javacript engine
    of Firefox. An attacker could cause a denial of service via
    application crash, or potentially execute code with the privileges of
    the user invoking Firefox. (CVE-2013-0745, CVE-2013-0746)
    
    Jesse Ruderman discovered a flaw in the way Firefox handled plugins.
    If a user were tricked into opening a specially crafted page, a remote
    attacker could exploit this to bypass security protections to conduct
    clickjacking attacks. (CVE-2013-0747)
    
    Jesse Ruderman discovered an information leak in Firefox. An attacker
    could exploit this to reveal memory address layout which could help in
    bypassing ASLR protections. (CVE-2013-0748)
    
    An integer overflow was discovered in the JavaScript engine, leading
    to a heap-based buffer overflow. If the user were tricked into opening
    a specially crafted page, an attacker could possibly exploit this to
    execute code with the privileges of the user invoking Firefox.
    (CVE-2013-0750)
    
    Sviatoslav Chagaev discovered that Firefox did not properly handle XBL
    files with multiple XML bindings with SVG content. An attacker could
    cause a denial of service via application crash, or potentially
    execute code with the privileges of the user invoking Firefox.
    (CVE-2013-0752)
    
    Mariusz Mlynski discovered two flaws to gain access to privileged
    chrome functions. An attacker could possibly exploit this to execute
    code with the privileges of the user invoking Firefox. (CVE-2013-0757,
    CVE-2013-0758)
    
    Several use-after-free issues were discovered in Firefox. If the user
    were tricked into opening a specially crafted page, an attacker could
    possibly exploit this to execute code with the privileges of the user
    invoking Firefox. (CVE-2013-0753, CVE-2013-0754, CVE-2013-0755,
    CVE-2013-0756)
    
    Two intermediate CA certificates were mis-issued by the TURKTRUST
    certificate authority. If a remote attacker were able to perform a
    man-in-the-middle attack, this flaw could be exploited to view
    sensitive information. (CVE-2013-0743).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1681-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox 17.0.1 Flash Privileged Code Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/09");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04|11\.10|12\.04|12\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 11.10 / 12.04 / 12.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"firefox", pkgver:"18.0+build1-0ubuntu0.10.04.3")) flag++;
    if (ubuntu_check(osver:"11.10", pkgname:"firefox", pkgver:"18.0+build1-0ubuntu0.11.10.3")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"firefox", pkgver:"18.0+build1-0ubuntu0.12.04.3")) flag++;
    if (ubuntu_check(osver:"12.10", pkgname:"firefox", pkgver:"18.0+build1-0ubuntu0.12.10.3")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
    }
    
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_180.NASL
    descriptionThe installed version of Firefox is earlier than 18.0 and thus, is potentially affected by the following security issues : - Multiple, unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. (CVE-2012-5829, CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771) - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id63551
    published2013-01-15
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63551
    titleFirefox < 18.0 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63551);
      script_version("1.20");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id(
        "CVE-2013-0744",
        "CVE-2013-0745",
        "CVE-2013-0746",
        "CVE-2013-0747",
        "CVE-2013-0748",
        "CVE-2013-0749",
        "CVE-2013-0750",
        "CVE-2013-0752",
        "CVE-2013-0753",
        "CVE-2013-0754",
        "CVE-2013-0755",
        "CVE-2013-0756",
        "CVE-2013-0757",
        "CVE-2013-0758",
        "CVE-2013-0759",
        "CVE-2013-0760",
        "CVE-2013-0761",
        "CVE-2013-0763",
        "CVE-2013-0764",
        "CVE-2013-0766",
        "CVE-2013-0767",
        "CVE-2013-0768",
        "CVE-2013-0769",
        "CVE-2013-0770",
        "CVE-2013-0771"
      );
      script_bugtraq_id(
        57193,
        57194,
        57195,
        57196,
        57197,
        57198,
        57199,
        57203,
        57204,
        57205,
        57207,
        57209,
        57211,
        57213,
        57215,
        57217,
        57218,
        57228,
        57232,
        57234,
        57235,
        57236,
        57238,
        57240,
        57241,
        57244,
        57258
      );
    
      script_name(english:"Firefox < 18.0 Multiple Vulnerabilities");
      script_summary(english:"Checks version of Firefox");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a web browser that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Firefox is earlier than 18.0 and thus, is
    potentially affected by the following security issues :
    
      - Multiple, unspecified use-after-free, out-of-bounds read
        and buffer overflow errors exist. (CVE-2012-5829,
        CVE-2013-0760, CVE-2013-0761, CVE-2013-0762,
        CVE-2013-0763, CVE-2013-0766, CVE-2013-0767,
        CVE-2013-0771)
    
      - Two intermediate certificates were improperly issued by
        TURKTRUST certificate authority. (CVE-2013-0743)
    
      - A use-after-free error exists related to displaying
        HTML tables with many columns and column groups.
        (CVE-2013-0744)
    
      - An error exists related to the 'AutoWrapperChanger'
        class that does not properly manage objects during
        garbage collection. (CVE-2012-0745)
    
      - An error exists related to 'jsval', 'quickstubs', and
        compartmental mismatches that can lead potentially
        exploitable crashes. (CVE-2013-0746)
    
      - Errors exist related to events in the plugin handler
        that can allow same-origin policy bypass.
        (CVE-2013-0747)
    
      - An error related to the 'toString' method of XBL
        objects can lead to address information leakage.
        (CVE-2013-0748)
    
      - An unspecified memory corruption issue exists.
        (CVE-2013-0749, CVE-2013-0769, CVE-2013-0770)
    
      - A buffer overflow exists related to JavaScript string
        concatenation. (CVE-2013-0750)
    
      - An error exists related to multiple XML bindings with
        SVG content, contained in XBL files. (CVE-2013-0752)
    
      - A use-after-free error exists related to
        'XMLSerializer' and 'serializeToStream'.
        (CVE-2013-0753)
    
      - A use-after-free error exists related to garbage
        collection and 'ListenManager'. (CVE-2013-0754)
    
      - A use-after-free error exists related to the 'Vibrate'
        library and 'domDoc'. (CVE-2013-0755)
    
      - A use-after-free error exists related to JavaScript
        'Proxy' objects. (CVE-2013-0756)
      
      - 'Chrome Object Wrappers' (COW) can be bypassed by
        changing object prototypes and can allow arbitrary
        code execution. (CVE-2013-0757)
    
      - An error related to SVG elements and plugins can allow
        privilege escalation. (CVE-2013-0758)
    
      - An error exists related to the address bar that can
        allow URL spoofing attacks. (CVE-2013-0759)
    
      - An error exists related to SSL and threading that
        can result in potentially exploitable crashes.
        (CVE-2013-0764)
    
      - An error exists related to 'Canvas' and bad height or
        width values passed to it from HTML. (CVE-2013-0768)");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-003/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-006/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-037/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-038/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-039/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-01/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-02/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-03/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-04/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-05/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-07/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-08/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-09/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-10/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-11/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-12/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-13/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-14/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-15/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-16/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-17/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-18/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-19/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-20/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Firefox 18.0 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0770");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox 17.0.1 Flash Privileged Code Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Firefox/Version");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    port = get_kb_item_or_exit("SMB/transport"); 
    
    installs = get_kb_list("SMB/Mozilla/Firefox/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");
    
    mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'18.0', severity:SECURITY_HOLE, xss:TRUE);
    
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1681-4.NASL
    descriptionUSN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, Firefox suffered from instabilities when accessing some websites. This update fixes the problem. We apologize for the inconvenience. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O
    last seen2020-06-01
    modified2020-06-02
    plugin id64480
    published2013-02-06
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64480
    titleUbuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1681-4)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1681-4. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(64480);
      script_version("1.15");
      script_cvs_date("Date: 2019/09/19 12:54:28");
    
      script_cve_id("CVE-2012-5829", "CVE-2013-0744", "CVE-2013-0745", "CVE-2013-0746", "CVE-2013-0747", "CVE-2013-0748", "CVE-2013-0749", "CVE-2013-0750", "CVE-2013-0752", "CVE-2013-0753", "CVE-2013-0754", "CVE-2013-0755", "CVE-2013-0756", "CVE-2013-0757", "CVE-2013-0758", "CVE-2013-0759", "CVE-2013-0760", "CVE-2013-0761", "CVE-2013-0762", "CVE-2013-0763", "CVE-2013-0764", "CVE-2013-0766", "CVE-2013-0767", "CVE-2013-0768", "CVE-2013-0769", "CVE-2013-0770", "CVE-2013-0771");
      script_xref(name:"USN", value:"1681-4");
    
      script_name(english:"Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1681-4)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream
    regression, Firefox suffered from instabilities when accessing some
    websites. This update fixes the problem.
    
    We apologize for the inconvenience.
    
    Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa,
    Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse
    Ruderman, and Julian Seward discovered multiple memory safety issues
    affecting Firefox. If the user were tricked into opening a specially
    crafted page, an attacker could possibly exploit these to cause a
    denial of service via application crash, or potentially execute code
    with the privileges of the user invoking Firefox. (CVE-2013-0769,
    CVE-2013-0749, CVE-2013-0770)
    
    Abhishek Arya discovered several user-after-free and buffer
    overflows in Firefox. An attacker could exploit these to
    cause a denial of service via application crash, or
    potentially execute code with the privileges of the user
    invoking Firefox. (CVE-2013-0760, CVE-2013-0761,
    CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767,
    CVE-2013-0771, CVE-2012-5829)
    
    A stack buffer was discovered in Firefox. If the user were
    tricked into opening a specially crafted page, an attacker
    could possibly exploit this to cause a denial of service via
    application crash, or potentially execute code with the
    privileges of the user invoking Firefox. (CVE-2013-0768)
    
    Masato Kinugawa discovered that Firefox did not always
    properly display URL values in the address bar. A remote
    attacker could exploit this to conduct URL spoofing and
    phishing attacks. (CVE-2013-0759)
    
    Atte Kettunen discovered that Firefox did not properly
    handle HTML tables with a large number of columns and column
    groups. If the user were tricked into opening a specially
    crafted page, an attacker could exploit this to cause a
    denial of service via application crash, or potentially
    execute code with the privileges of the user invoking
    Firefox. (CVE-2013-0744)
    
    Jerry Baker discovered that Firefox did not always properly
    handle threading when performing downloads over SSL
    connections. An attacker could exploit this to cause a
    denial of service via application crash. (CVE-2013-0764)
    
    Olli Pettay and Boris Zbarsky discovered flaws in the
    Javacript engine of Firefox. An attacker could cause a
    denial of service via application crash, or potentially
    execute code with the privileges of the user invoking
    Firefox. (CVE-2013-0745, CVE-2013-0746)
    
    Jesse Ruderman discovered a flaw in the way Firefox handled
    plugins. If a user were tricked into opening a specially
    crafted page, a remote attacker could exploit this to bypass
    security protections to conduct clickjacking attacks.
    (CVE-2013-0747)
    
    Jesse Ruderman discovered an information leak in Firefox. An
    attacker could exploit this to reveal memory address layout
    which could help in bypassing ASLR protections.
    (CVE-2013-0748)
    
    An integer overflow was discovered in the JavaScript engine,
    leading to a heap-based buffer overflow. If the user were
    tricked into opening a specially crafted page, an attacker
    could possibly exploit this to execute code with the
    privileges of the user invoking Firefox. (CVE-2013-0750)
    
    Sviatoslav Chagaev discovered that Firefox did not properly
    handle XBL files with multiple XML bindings with SVG
    content. An attacker could cause a denial of service via
    application crash, or potentially execute code with the
    privileges of the user invoking Firefox. (CVE-2013-0752)
    
    Mariusz Mlynski discovered two flaws to gain access to
    privileged chrome functions. An attacker could possibly
    exploit this to execute code with the privileges of the user
    invoking Firefox. (CVE-2013-0757, CVE-2013-0758)
    
    Several use-after-free issues were discovered in Firefox. If
    the user were tricked into opening a specially crafted page,
    an attacker could possibly exploit this to execute code with
    the privileges of the user invoking Firefox. (CVE-2013-0753,
    CVE-2013-0754, CVE-2013-0755, CVE-2013-0756)
    
    Two intermediate CA certificates were mis-issued by the
    TURKTRUST certificate authority. If a remote attacker were
    able to perform a man-in-the-middle attack, this flaw could
    be exploited to view sensitive information. (CVE-2013-0743).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1681-4/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox 17.0.1 Flash Privileged Code Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/02/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04|11\.10|12\.04|12\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 11.10 / 12.04 / 12.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"firefox", pkgver:"18.0.2+build1-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"11.10", pkgname:"firefox", pkgver:"18.0.2+build1-0ubuntu0.11.10.1")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"firefox", pkgver:"18.0.2+build1-0ubuntu0.12.04.1")) flag++;
    if (ubuntu_check(osver:"12.10", pkgname:"firefox", pkgver:"18.0.2+build1-0ubuntu0.12.10.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_A4ED66325AA911E28FCBC8600054B392.NASL
    descriptionThe Mozilla Project reports : MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2) MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer MFSA 2013-03 Buffer Overflow in Canvas MFSA 2013-04 URL spoofing in addressbar during page loads MFSA 2013-05 Use-after-free when displaying table with many columns and column groups MFSA 2013-06 Touch events are shared across iframes MFSA 2013-07 Crash due to handling of SSL on threads MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection MFSA 2013-09 Compartment mismatch with quickstubs returned values MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy MFSA 2013-11 Address space layout leaked in XBL objects MFSA 2013-12 Buffer overflow in JavaScript string concatenation MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype MFSA 2013-15 Privilege escalation through plugin objects MFSA 2013-16 Use-after-free in serializeToStream MFSA 2013-17 Use-after-free in ListenerManager MFSA 2013-18 Use-after-free in Vibrate MFSA 2013-19 Use-after-free in JavaScript Proxy objects MFSA 2013-20 Mis-issued TURKTRUST certificates
    last seen2020-06-01
    modified2020-06-02
    plugin id63463
    published2013-01-10
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63463
    titleFreeBSD : mozilla -- multiple vulnerabilities (a4ed6632-5aa9-11e2-8fcb-c8600054b392)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2019 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63463);
      script_version("1.19");
      script_cvs_date("Date: 2019/07/10 16:04:13");
    
      script_cve_id("CVE-2012-5829", "CVE-2013-0744", "CVE-2013-0745", "CVE-2013-0746", "CVE-2013-0747", "CVE-2013-0748", "CVE-2013-0749", "CVE-2013-0750", "CVE-2013-0751", "CVE-2013-0752", "CVE-2013-0753", "CVE-2013-0754", "CVE-2013-0755", "CVE-2013-0756", "CVE-2013-0757", "CVE-2013-0758", "CVE-2013-0759", "CVE-2013-0760", "CVE-2013-0761", "CVE-2013-0762", "CVE-2013-0763", "CVE-2013-0764", "CVE-2013-0766", "CVE-2013-0767", "CVE-2013-0768", "CVE-2013-0769", "CVE-2013-0770", "CVE-2013-0771");
    
      script_name(english:"FreeBSD : mozilla -- multiple vulnerabilities (a4ed6632-5aa9-11e2-8fcb-c8600054b392)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Mozilla Project reports :
    
    MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12
    / rv:17.0.2)
    
    MFSA 2013-02 Use-after-free and buffer overflow issues found using
    Address Sanitizer
    
    MFSA 2013-03 Buffer Overflow in Canvas
    
    MFSA 2013-04 URL spoofing in addressbar during page loads
    
    MFSA 2013-05 Use-after-free when displaying table with many columns
    and column groups
    
    MFSA 2013-06 Touch events are shared across iframes
    
    MFSA 2013-07 Crash due to handling of SSL on threads
    
    MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during
    garbage collection
    
    MFSA 2013-09 Compartment mismatch with quickstubs returned values
    
    MFSA 2013-10 Event manipulation in plugin handler to bypass
    same-origin policy
    
    MFSA 2013-11 Address space layout leaked in XBL objects
    
    MFSA 2013-12 Buffer overflow in JavaScript string concatenation
    
    MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG
    
    MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing
    prototype
    
    MFSA 2013-15 Privilege escalation through plugin objects
    
    MFSA 2013-16 Use-after-free in serializeToStream
    
    MFSA 2013-17 Use-after-free in ListenerManager
    
    MFSA 2013-18 Use-after-free in Vibrate
    
    MFSA 2013-19 Use-after-free in JavaScript Proxy objects
    
    MFSA 2013-20 Mis-issued TURKTRUST certificates"
      );
      # http://www.mozilla.org/security/announce/2013/mfsa2013-01.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-01/"
      );
      # http://www.mozilla.org/security/announce/2013/mfsa2013-02.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-02/"
      );
      # http://www.mozilla.org/security/announce/2013/mfsa2013-03.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-03/"
      );
      # http://www.mozilla.org/security/announce/2013/mfsa2013-04.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-04/"
      );
      # http://www.mozilla.org/security/announce/2013/mfsa2013-05.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-05/"
      );
      # http://www.mozilla.org/security/announce/2013/mfsa2013-06.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-06/"
      );
      # http://www.mozilla.org/security/announce/2013/mfsa2013-07.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-07/"
      );
      # http://www.mozilla.org/security/announce/2013/mfsa2013-08.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-08/"
      );
      # http://www.mozilla.org/security/announce/2013/mfsa2013-09.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-09/"
      );
      # http://www.mozilla.org/security/announce/2013/mfsa2013-10.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-10/"
      );
      # http://www.mozilla.org/security/announce/2013/mfsa2013-11.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-11/"
      );
      # http://www.mozilla.org/security/announce/2013/mfsa2013-12.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-12/"
      );
      # http://www.mozilla.org/security/announce/2013/mfsa2013-13.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-13/"
      );
      # http://www.mozilla.org/security/announce/2013/mfsa2013-14.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-14/"
      );
      # http://www.mozilla.org/security/announce/2013/mfsa2013-15.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-15/"
      );
      # http://www.mozilla.org/security/announce/2013/mfsa2013-16.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-16/"
      );
      # http://www.mozilla.org/security/announce/2013/mfsa2013-17.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-17/"
      );
      # http://www.mozilla.org/security/announce/2013/mfsa2013-18.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-18/"
      );
      # http://www.mozilla.org/security/announce/2013/mfsa2013-19.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-19/"
      );
      # http://www.mozilla.org/security/announce/2013/mfsa2013-20.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-20/"
      );
      # http://www.mozilla.org/security/known-vulnerabilities/
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/known-vulnerabilities/"
      );
      # https://vuxml.freebsd.org/freebsd/a4ed6632-5aa9-11e2-8fcb-c8600054b392.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f10bdcd8"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox 17.0.1 Flash Privileged Code Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ca_root_nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:libxul");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:thunderbird");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"firefox>11.0,1<17.0.2,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"firefox<10.0.12,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-firefox<17.0.2,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-seamonkey<2.15")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-thunderbird<17.0.2")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"seamonkey<2.15")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"thunderbird>11.0<17.0.2")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"thunderbird<10.0.12")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"libxul>1.9.2.*<10.0.12")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"ca_root_nss<3.14.1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_18_0.NASL
    descriptionThe installed version of Firefox is earlier than 18.0 and thus, is potentially affected by the following security issues : - Multiple unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. (CVE-2012-5829, CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771) - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id63545
    published2013-01-15
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63545
    titleFirefox < 18.0 Multiple Vulnerabilities (Mac OS X)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63545);
      script_version("1.23");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id(
        "CVE-2012-5829",
        "CVE-2013-0744",
        "CVE-2013-0745",
        "CVE-2013-0746",
        "CVE-2013-0747",
        "CVE-2013-0748",
        "CVE-2013-0749",
        "CVE-2013-0750",
        "CVE-2013-0752",
        "CVE-2013-0753",
        "CVE-2013-0754",
        "CVE-2013-0755",
        "CVE-2013-0756",
        "CVE-2013-0757",
        "CVE-2013-0758",
        "CVE-2013-0759",
        "CVE-2013-0760",
        "CVE-2013-0761",
        "CVE-2013-0762",
        "CVE-2013-0763",
        "CVE-2013-0764",
        "CVE-2013-0766",
        "CVE-2013-0767",
        "CVE-2013-0768",
        "CVE-2013-0769",
        "CVE-2013-0770",
        "CVE-2013-0771"
      );
      script_bugtraq_id(
        56636,
        57193,
        57194,
        57195,
        57196,
        57197,
        57198,
        57199,
        57203,
        57204,
        57205,
        57207,
        57209,
        57211,
        57213,
        57215,
        57217,
        57218,
        57228,
        57232,
        57234,
        57235,
        57236,
        57238,
        57240,
        57241,
        57244,
        57258
      );
    
      script_name(english:"Firefox < 18.0 Multiple Vulnerabilities (Mac OS X)");
      script_summary(english:"Checks version of Firefox");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Mac OS X host contains a web browser that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Firefox is earlier than 18.0 and thus, is
    potentially affected by the following security issues :
    
      - Multiple unspecified use-after-free, out-of-bounds read
        and buffer overflow errors exist. (CVE-2012-5829,
        CVE-2013-0760, CVE-2013-0761, CVE-2013-0762,
        CVE-2013-0763, CVE-2013-0766, CVE-2013-0767,
        CVE-2013-0771)
    
      - Two intermediate certificates were improperly issued by
        TURKTRUST certificate authority. (CVE-2013-0743)
    
      - A use-after-free error exists related to displaying
        HTML tables with many columns and column groups.
        (CVE-2013-0744)
    
      - An error exists related to the 'AutoWrapperChanger'
        class that does not properly manage objects during
        garbage collection. (CVE-2012-0745)
    
      - An error exists related to 'jsval', 'quickstubs', and
        compartmental mismatches that can lead to potentially
        exploitable crashes. (CVE-2013-0746)
    
      - Errors exist related to events in the plugin handler
        that can allow same-origin policy bypass.
        (CVE-2013-0747)
    
      - An error related to the 'toString' method of XBL
        objects can lead to address information leakage.
        (CVE-2013-0748)
    
      - An unspecified memory corruption issue exists.
        (CVE-2013-0749, CVE-2013-0769, CVE-2013-0770)
    
      - A buffer overflow exists related to JavaScript string
        concatenation. (CVE-2013-0750)
    
      - An error exists related to multiple XML bindings with
        SVG content, contained in XBL files. (CVE-2013-0752)
    
      - A use-after-free error exists related to
        'XMLSerializer' and 'serializeToStream'.
        (CVE-2013-0753)
    
      - A use-after-free error exists related to garbage
        collection and 'ListenManager'. (CVE-2013-0754)
    
      - A use-after-free error exists related to the 'Vibrate'
        library and 'domDoc'. (CVE-2013-0755)
    
      - A use-after-free error exists related to JavaScript
        'Proxy' objects. (CVE-2013-0756)
      
      - 'Chrome Object Wrappers' (COW) can be bypassed by
        changing object prototypes and can allow arbitrary
        code execution. (CVE-2013-0757)
    
      - An error related to SVG elements and plugins can allow
        privilege escalation. (CVE-2013-0758)
    
      - An error exists related to the address bar that can
        allow URL spoofing attacks. (CVE-2013-0759)
    
      - An error exists related to SSL and threading that
        can result in potentially exploitable crashes.
        (CVE-2013-0764)
    
      - An error exists related to 'Canvas' and bad height or
        width values passed to it from HTML. (CVE-2013-0768)");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-003/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-006/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-037/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-038/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-039/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-01/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-02/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-03/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-04/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-05/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-07/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-08/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-09/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-10/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-11/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-12/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-13/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-14/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-15/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-16/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-17/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-18/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-19/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-20/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Firefox 18.0 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0770");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox 17.0.1 Flash Privileged Code Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_firefox_installed.nasl");
      script_require_keys("MacOSX/Firefox/Installed");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    kb_base = "MacOSX/Firefox";
    get_kb_item_or_exit(kb_base+"/Installed");
    
    version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
    path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);
    
    if (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');
    
    mozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'18.0', skippat:'^10\\.0\\.', severity:SECURITY_HOLE, xss:TRUE);
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_FIREFOX-201301-130110.NASL
    descriptionMozilla Firefox was updated to the 10.0.12ESR release. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2013-01) - Christoph Diehl, Christian Holler, Mats Palmgren, and Chiaki Ishikawa reported memory safety problems and crashes that affect Firefox ESR 10, Firefox ESR 17, and Firefox 17. (CVE-2013-0769) - Bill Gianopoulos, Benoit Jacob, Christoph Diehl, Christian Holler, Gary Kwong, Robert O
    last seen2020-06-05
    modified2013-01-25
    plugin id64136
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64136
    titleSuSE 11.2 Security Update : MozillaFirefox (SAT Patch Number 7224)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(64136);
      script_version("1.14");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-5829", "CVE-2013-0744", "CVE-2013-0745", "CVE-2013-0746", "CVE-2013-0747", "CVE-2013-0748", "CVE-2013-0749", "CVE-2013-0750", "CVE-2013-0751", "CVE-2013-0752", "CVE-2013-0753", "CVE-2013-0754", "CVE-2013-0755", "CVE-2013-0756", "CVE-2013-0757", "CVE-2013-0758", "CVE-2013-0759", "CVE-2013-0760", "CVE-2013-0761", "CVE-2013-0762", "CVE-2013-0763", "CVE-2013-0764", "CVE-2013-0766", "CVE-2013-0767", "CVE-2013-0768", "CVE-2013-0769", "CVE-2013-0770", "CVE-2013-0771");
    
      script_name(english:"SuSE 11.2 Security Update : MozillaFirefox (SAT Patch Number 7224)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Mozilla Firefox was updated to the 10.0.12ESR release.
    
      - Mozilla developers identified and fixed several memory
        safety bugs in the browser engine used in Firefox and
        other Mozilla-based products. Some of these bugs showed
        evidence of memory corruption under certain
        circumstances, and we presume that with enough effort at
        least some of these could be exploited to run arbitrary
        code. (MFSA 2013-01)
    
      - Christoph Diehl, Christian Holler, Mats Palmgren, and
        Chiaki Ishikawa reported memory safety problems and
        crashes that affect Firefox ESR 10, Firefox ESR 17, and
        Firefox 17. (CVE-2013-0769)
    
      - Bill Gianopoulos, Benoit Jacob, Christoph Diehl,
        Christian Holler, Gary Kwong, Robert O'Callahan, and
        Scoobidiver reported memory safety problems and crashes
        that affect Firefox ESR 17 and Firefox 17.
        (CVE-2013-0749)
    
      - Jesse Ruderman, Christian Holler, Julian Seward, and
        Scoobidiver reported memory safety problems and crashes
        that affect Firefox 17. (CVE-2013-0770)
    
      - Security researcher Abhishek Arya (Inferno) of the
        Google Chrome Security Team discovered a series
        critically rated of use-after-free, out of bounds read,
        and buffer overflow issues using the Address Sanitizer
        tool in shipped software. These issues are potentially
        exploitable, allowing for remote code execution. We
        would also like to thank Abhishek for reporting three
        additional user-after-free and out of bounds read flaws
        introduced during Firefox development that were fixed
        before general release. (MFSA 2013-02)
    
    The following issue was fixed in Firefox 18 :
    
      - Global-buffer-overflow in
        CharDistributionAnalysis::HandleOneChar. (CVE-2013-0760)
    
    The following issues were fixed in Firefox 18, ESR 17.0.1, and ESR
    10.0.12 :
    
      - Heap-use-after-free in imgRequest::OnStopFrame.
        (CVE-2013-0762)
    
      - Heap-use-after-free in ~nsHTMLEditRules. (CVE-2013-0766)
    
      - Out of bounds read in
        nsSVGPathElement::GetPathLengthScale. (CVE-2013-0767)
    
    The following issues were fixed in Firefox 18 and ESR 17.0.1 :
    
      - Heap-use-after-free in
        mozilla::TrackUnionStream::EndTrack. (CVE-2013-0761)
    
      - Heap-use-after-free in Mesa, triggerable by resizing a
        WebGL canvas. (CVE-2013-0763)
    
      - Heap-buffer-overflow in
        gfxTextRun::ShrinkToLigatureBoundaries. (CVE-2013-0771)
    
    The following issue was fixed in Firefox 18 and in the earlier ESR
    10.0.11 release :
    
      - Heap-buffer-overflow in nsWindow::OnExposeEvent.
        (CVE-2012-5829)
    
      - Security researcher miaubiz used the Address Sanitizer
        tool to discover a buffer overflow in Canvas when
        specific bad height and width values were given through
        HTML. This could lead to a potentially exploitable
        crash. (CVE-2013-0768). (MFSA 2013-03)
    
        Miaubiz also found a potentially exploitable crash when
        2D and 3D content was mixed which was introduced during
        Firefox development and fixed before general release.
    
      - Security researcher Masato Kinugawa found a flaw in
        which the displayed URL values within the addressbar can
        be spoofed by a page during loading. This allows for
        phishing attacks where a malicious page can spoof the
        identify of another site. (CVE-2013-0759). (MFSA
        2013-04)
    
      - Using the Address Sanitizer tool, security researcher
        Atte Kettunen from OUSPG discovered that the combination
        of large numbers of columns and column groups in a table
        could cause the array containing the columns during
        rendering to overwrite itself. This can lead to a
        user-after-free causing a potentially exploitable crash.
        (CVE-2013-0744). (MFSA 2013-05)
    
      - Mozilla developer Wesley Johnston reported that when
        there are two or more iframes on the same HTML page, an
        iframe is able to see the touch events and their targets
        that occur within the other iframes on the page. If the
        iframes are from the same origin, they can also access
        the properties and methods of the targets of other
        iframes but same-origin policy (SOP) restricts access
        across domains. This allows for information leakage and
        possibilities for cross-site scripting (XSS) if another
        vulnerability can be used to get around SOP
        restrictions. (CVE-2013-0751). (MFSA 2013-06)
    
      - Mozilla community member Jerry Baker reported a crashing
        issue found through Thunderbird when downloading
        messages over a Secure Sockets Layer (SSL) connection.
        This was caused by a bug in the networking code assuming
        that secure connections were entirely handled on the
        socket transport thread when they can occur on a variety
        of threads. The resulting crash was potentially
        exploitable. (CVE-2013-0764). (MFSA 2013-07)
    
      - Mozilla developer Olli Pettay discovered that the
        AutoWrapperChanger class fails to keep some JavaScript
        objects alive during garbage collection. This can lead
        to an exploitable crash allowing for arbitrary code
        execution. (CVE-2013-0745). (MFSA 2013-08)
    
      - Mozilla developer Boris Zbarsky reported reported a
        problem where jsval-returning quickstubs fail to wrap
        their return values, causing a compartment mismatch.
        This mismatch can cause garbage collection to occur
        incorrectly and lead to a potentially exploitable crash.
        (CVE-2013-0746). (MFSA 2013-09)
    
      - Mozilla security researcher Jesse Ruderman reported that
        events in the plugin handler can be manipulated by web
        content to bypass same-origin policy (SOP) restrictions.
        This can allow for clickjacking on malicious web pages.
        (CVE-2013-0747). (MFSA 2013-10)
    
      - Mozilla security researcher Jesse Ruderman discovered
        that using the toString function of XBL objects can lead
        to inappropriate information leakage by revealing the
        address space layout instead of just the ID of the
        object. This layout information could potentially be
        used to bypass ASLR and other security protections.
        (CVE-2013-0748). (MFSA 2013-11)
    
      - Security researcher pa_kt reported a flaw via
        TippingPoint's Zero Day Initiative that an integer
        overflow is possible when calculating the length for a
        JavaScript string concatenation, which is then used for
        memory allocation. This results in a buffer overflow,
        leading to a potentially exploitable memory corruption.
        (CVE-2013-0750). (MFSA 2013-12)
    
      - Security researcher Sviatoslav Chagaev reported that
        when using an XBL file containing multiple XML bindings
        with SVG content, a memory corruption can occur. In
        concern with remote XUL, this can lead to an exploitable
        crash. (CVE-2013-0752). (MFSA 2013-13)
    
      - Security researcher Mariusz Mlynski reported that it is
        possible to change the prototype of an object and bypass
        Chrome Object Wrappers (COW) to gain access to chrome
        privileged functions. This could allow for arbitrary
        code execution. (CVE-2013-0757). (MFSA 2013-14)
    
      - Security researcher Mariusz Mlynski reported that it is
        possible to open a chrome privileged web page through
        plugin objects through interaction with SVG elements.
        This could allow for arbitrary code execution.
        (CVE-2013-0758). (MFSA 2013-15)
    
      - Security researcher regenrecht reported, via
        TippingPoint's Zero Day Initiative, a use-after-free in
        XMLSerializer by the exposing of serializeToStream to
        web content. This can lead to arbitrary code execution
        when exploited. (CVE-2013-0753). (MFSA 2013-16)
    
      - Security researcher regenrecht reported, via
        TippingPoint's Zero Day Initiative, a use-after-free
        within the ListenerManager when garbage collection is
        forced after data in listener objects have been
        allocated in some circumstances. This results in a
        use-after-free which can lead to arbitrary code
        execution. (CVE-2013-0754). (MFSA 2013-17)
    
      - Security researcher regenrecht reported, via
        TippingPoint's Zero Day Initiative, a use-after-free
        using the domDoc pointer within Vibrate library. This
        can lead to arbitrary code execution when exploited.
        (CVE-2013-0755). (MFSA 2013-18)
    
      - Security researcher regenrecht reported, via
        TippingPoint's Zero Day Initiative, a garbage collection
        flaw in JavaScript Proxy objects. This can lead to a
        use-after-free leading to arbitrary code execution.
        (CVE-2013-0756). (MFSA 2013-19)
    
      - Google reported to Mozilla that TURKTRUST, a certificate
        authority in Mozilla's root program, had mis-issued two
        intermediate certificates to customers. The issue was
        not specific to Firefox but there was evidence that one
        of the certificates was used for man-in-the-middle
        (MITM) traffic management of domain names that the
        customer did not legitimately own or control. This issue
        was resolved by revoking the trust for these specific
        mis-issued certificates. (CVE-2013-0743). (MFSA 2013-20)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2013/mfsa2013-01.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2013/mfsa2013-02.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2013/mfsa2013-03.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2013/mfsa2013-04.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2013/mfsa2013-05.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2013/mfsa2013-06.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2013/mfsa2013-07.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2013/mfsa2013-08.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2013/mfsa2013-09.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2013/mfsa2013-10.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2013/mfsa2013-11.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2013/mfsa2013-12.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2013/mfsa2013-13.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2013/mfsa2013-14.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2013/mfsa2013-15.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2013/mfsa2013-16.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2013/mfsa2013-17.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2013/mfsa2013-18.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2013/mfsa2013-19.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2013/mfsa2013-20.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=796895"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5829.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0743.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0744.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0745.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0746.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0747.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0748.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0749.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0750.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0751.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0752.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0753.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0754.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0755.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0756.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0757.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0758.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0759.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0760.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0761.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0762.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0763.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0764.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0766.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0767.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0768.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0769.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0770.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0771.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 7224.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox 17.0.1 Flash Privileged Code Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:MozillaFirefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libfreebl3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nspr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nspr-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nss-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"MozillaFirefox-10.0.12-0.4.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"MozillaFirefox-translations-10.0.12-0.4.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libfreebl3-3.14.1-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"mozilla-nspr-4.9.4-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"mozilla-nss-3.14.1-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"mozilla-nss-tools-3.14.1-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"MozillaFirefox-10.0.12-0.4.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"MozillaFirefox-translations-10.0.12-0.4.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libfreebl3-3.14.1-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libfreebl3-32bit-3.14.1-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"mozilla-nspr-4.9.4-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"mozilla-nspr-32bit-4.9.4-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"mozilla-nss-3.14.1-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"mozilla-nss-32bit-3.14.1-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"mozilla-nss-tools-3.14.1-0.3.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"MozillaFirefox-10.0.12-0.4.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"MozillaFirefox-translations-10.0.12-0.4.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"libfreebl3-3.14.1-0.3.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"mozilla-nspr-4.9.4-0.3.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"mozilla-nss-3.14.1-0.3.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"mozilla-nss-tools-3.14.1-0.3.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libfreebl3-32bit-3.14.1-0.3.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"mozilla-nspr-32bit-4.9.4-0.3.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"mozilla-nss-32bit-3.14.1-0.3.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libfreebl3-32bit-3.14.1-0.3.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"mozilla-nspr-32bit-4.9.4-0.3.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"mozilla-nss-32bit-3.14.1-0.3.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2013-0306-1.NASL
    descriptionMozilla Firefox is updated to the 10.0.12ESR version. This is a roll-up update for LTSS. It fixes a lot of security issues and bugs. 10.0.12ESR fixes specifically : MFSA 2013-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Christoph Diehl, Christian Holler, Mats Palmgren, and Chiaki Ishikawa reported memory safety problems and crashes that affect Firefox ESR 10, Firefox ESR 17, and Firefox 17. (CVE-2013-0769) Bill Gianopoulos, Benoit Jacob, Christoph Diehl, Christian Holler, Gary Kwong, Robert O
    last seen2020-06-05
    modified2015-05-20
    plugin id83574
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83574
    titleSUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2013:0306-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2013:0306-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83574);
      script_version("2.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-5829", "CVE-2013-0743", "CVE-2013-0744", "CVE-2013-0745", "CVE-2013-0746", "CVE-2013-0747", "CVE-2013-0748", "CVE-2013-0749", "CVE-2013-0750", "CVE-2013-0751", "CVE-2013-0752", "CVE-2013-0753", "CVE-2013-0754", "CVE-2013-0755", "CVE-2013-0756", "CVE-2013-0757", "CVE-2013-0758", "CVE-2013-0759", "CVE-2013-0760", "CVE-2013-0762", "CVE-2013-0763", "CVE-2013-0764", "CVE-2013-0766", "CVE-2013-0768", "CVE-2013-0769", "CVE-2013-0770", "CVE-2013-0771");
      script_bugtraq_id(56607, 56636, 57185, 57193, 57194, 57197, 57198, 57199, 57203, 57204, 57205, 57207, 57209, 57211, 57213, 57215, 57217, 57218, 57228, 57232, 57234, 57235, 57236, 57238, 57240, 57241, 57244, 57258, 57260);
    
      script_name(english:"SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2013:0306-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Mozilla Firefox is updated to the 10.0.12ESR version.
    
    This is a roll-up update for LTSS.
    
    It fixes a lot of security issues and bugs. 10.0.12ESR fixes
    specifically :
    
    MFSA 2013-01: Mozilla developers identified and fixed several memory
    safety bugs in the browser engine used in Firefox and other
    Mozilla-based products. Some of these bugs showed evidence of memory
    corruption under certain circumstances, and we presume that with
    enough effort at least some of these could be exploited to run
    arbitrary code.
    
    Christoph Diehl, Christian Holler, Mats Palmgren, and Chiaki
    Ishikawa reported memory safety problems and crashes that
    affect Firefox ESR 10, Firefox ESR 17, and Firefox 17.
    (CVE-2013-0769)
    
    Bill Gianopoulos, Benoit Jacob, Christoph Diehl, Christian
    Holler, Gary Kwong, Robert O'Callahan, and Scoobidiver
    reported memory safety problems and crashes that affect
    Firefox ESR 17 and Firefox 17. (CVE-2013-0749)
    
    Jesse Ruderman, Christian Holler, Julian Seward, and
    Scoobidiver reported memory safety problems and crashes that
    affect Firefox 17. (CVE-2013-0770)
    
    MFSA 2013-02: Security researcher Abhishek Arya (Inferno) of
    the Google Chrome Security Team discovered a series
    critically rated of use-after-free, out of bounds read, and
    buffer overflow issues using the Address Sanitizer tool in
    shipped software. These issues are potentially exploitable,
    allowing for remote code execution. We would also like to
    thank Abhishek for reporting three additional
    user-after-free and out of bounds read flaws introduced
    during Firefox development that were fixed before general
    release.
    
    The following issue has been fixed in Firefox 18 :
    
       - Global-buffer-overflow in
        CharDistributionAnalysis::HandleOneChar (CVE-2013-0760)
    
        The following issues has been fixed in Firefox 18, ESR
        17.0.1, and ESR 10.0.12 :
    
       - Heap-use-after-free in imgRequest::OnStopFrame
        (CVE-2013-0762)
      - Heap-use-after-free in ~nsHTMLEditRules (CVE-2013-0766)
      - Out of bounds read in
        nsSVGPathElement::GetPathLengthScale (CVE-2013-0763)
      - Heap-buffer-overflow in
        gfxTextRun::ShrinkToLigatureBoundaries (CVE-2013-0771)
    
        The following issue has been fixed in Firefox 18 and in
        the earlier ESR 10.0.11 release :
    
       - Heap-buffer-overflow in nsWindow::OnExposeEvent
        (CVE-2012-5829) MFSA 2013-03: Security researcher
        miaubiz used the Address Sanitizer tool to discover a
        buffer overflow in Canvas when specific bad height and
        width values were given through HTML. This could lead to
        a potentially exploitable crash. (CVE-2013-0768)
    
        Miaubiz also found a potentially exploitable crash when
        2D and 3D content was mixed which was introduced during
        Firefox development and fixed before general release.
    
        MFSA 2013-04: Security researcher Masato Kinugawa found
        a flaw in which the displayed URL values within the
        addressbar can be spoofed by a page during loading. This
        allows for phishing attacks where a malicious page can
        spoof the identify of another site. (CVE-2013-0759)
    
        MFSA 2013-05: Using the Address Sanitizer tool, security
        researcher Atte Kettunen from OUSPG discovered that the
        combination of large numbers of columns and column
        groups in a table could cause the array containing the
        columns during rendering to overwrite itself. This can
        lead to a user-after-free causing a potentially
        exploitable crash. (CVE-2013-0744)
    
        MFSA 2013-06: Mozilla developer Wesley Johnston reported
        that when there are two or more iframes on the same HTML
        page, an iframe is able to see the touch events and
        their targets that occur within the other iframes on the
        page. If the iframes are from the same origin, they can
        also access the properties and methods of the targets of
        other iframes but same-origin policy (SOP) restricts
        access across domains. This allows for information
        leakage and possibilities for cross-site scripting (XSS)
        if another vulnerability can be used to get around SOP
        restrictions. (CVE-2013-0751)
    
        MFSA 2013-07: Mozilla community member Jerry Baker
        reported a crashing issue found through Thunderbird when
        downloading messages over a Secure Sockets Layer (SSL)
        connection. This was caused by a bug in the networking
        code assuming that secure connections were entirely
        handled on the socket transport thread when they can
        occur on a variety of threads. The resulting crash was
        potentially exploitable. (CVE-2013-0764)
    
        MFSA 2013-08: Mozilla developer Olli Pettay discovered
        that the AutoWrapperChanger class fails to keep some
        JavaScript objects alive during garbage collection. This
        can lead to an exploitable crash allowing for arbitrary
        code execution. (CVE-2013-0745)
    
        MFSA 2013-09: Mozilla developer Boris Zbarsky reported
        reported a problem where jsval-returning quickstubs fail
        to wrap their return values, causing a compartment
        mismatch. This mismatch can cause garbage collection to
        occur incorrectly and lead to a potentially exploitable
        crash. (CVE-2013-0746)
    
        MFSA 2013-10: Mozilla security researcher Jesse Ruderman
        reported that events in the plugin handler can be
        manipulated by web content to bypass same-origin policy
        (SOP) restrictions. This can allow for clickjacking on
        malicious web pages. (CVE-2013-0747)
    
        MFSA 2013-11: Mozilla security researcher Jesse Ruderman
        discovered that using the toString function of XBL
        objects can lead to inappropriate information leakage by
        revealing the address space layout instead of just the
        ID of the object. This layout information could
        potentially be used to bypass ASLR and other security
        protections. (CVE-2013-0748)
    
        MFSA 2013-12: Security researcher pa_kt reported a flaw
        via TippingPoint's Zero Day Initiative that an integer
        overflow is possible when calculating the length for a
        JavaScript string concatenation, which is then used for
        memory allocation. This results in a buffer overflow,
        leading to a potentially exploitable memory corruption.
        (CVE-2013-0750)
    
        MFSA 2013-13: Security researcher Sviatoslav Chagaev
        reported that when using an XBL file containing multiple
        XML bindings with SVG content, a memory corruption can
        occur. In concern with remote XUL, this can lead to an
        exploitable crash. (CVE-2013-0752)
    
        MFSA 2013-14: Security researcher Mariusz Mlynski
        reported that it is possible to change the prototype of
        an object and bypass Chrome Object Wrappers (COW) to
        gain access to chrome privileged functions. This could
        allow for arbitrary code execution. (CVE-2013-0757)
    
        MFSA 2013-15: Security researcher Mariusz Mlynski
        reported that it is possible to open a chrome privileged
        web page through plugin objects through interaction with
        SVG elements. This could allow for arbitrary code
        execution. (CVE-2013-0758)
    
        MFSA 2013-16: Security researcher regenrecht reported,
        via TippingPoint's Zero Day Initiative, a use-after-free
        in XMLSerializer by the exposing of serializeToStream to
        web content. This can lead to arbitrary code execution
        when exploited. (CVE-2013-0753)
    
        MFSA 2013-17: Security researcher regenrecht reported,
        via TippingPoint's Zero Day Initiative, a use-after-free
        within the ListenerManager when garbage collection is
        forced after data in listener objects have been
        allocated in some circumstances. This results in a
        use-after-free which can lead to arbitrary code
        execution. (CVE-2013-0754)
    
        MFSA 2013-18: Security researcher regenrecht reported,
        via TippingPoint's Zero Day Initiative, a use-after-free
        using the domDoc pointer within Vibrate library. This
        can lead to arbitrary code execution when exploited.
        (CVE-2013-0755)
    
        MFSA 2013-19: Security researcher regenrecht reported,
        via TippingPoint's Zero Day Initiative, a garbage
        collection flaw in JavaScript Proxy objects. This can
        lead to a use-after-free leading to arbitrary code
        execution. (CVE-2013-0756)
    
        MFSA 2013-20: Google reported to Mozilla that TURKTRUST,
        a certificate authority in Mozilla's root program, had
        mis-issued two intermediate certificates to customers.
        The issue was not specific to Firefox but there was
        evidence that one of the certificates was used for
        man-in-the-middle (MITM) traffic management of domain
        names that the customer did not legitimately own or
        control. This issue was resolved by revoking the trust
        for these specific mis-issued certificates.
        (CVE-2013-0743)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # http://download.suse.com/patch/finder/?keywords=8d645904d43fff2d5195e42ae81f6d59
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5e596b06"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/666101"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/681836"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/684069"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/712248"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/769762"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/796895"
      );
      # https://www.suse.com/support/update/announcement/2013/suse-su-20130306-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5acd6ef0"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected Mozilla Firefox packages"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox 17.0.1 Flash Privileged Code Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-branding-SLED");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:firefox3-cairo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:firefox3-gtk2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:firefox3-pango");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nspr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nspr-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/02/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^(SLES10)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES10", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES10" && (! ereg(pattern:"^3$", string:sp))) audit(AUDIT_OS_NOT, "SLES10 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES10", sp:"3", cpu:"x86_64", reference:"firefox3-cairo-32bit-1.2.4-0.8.5")) flag++;
    if (rpm_check(release:"SLES10", sp:"3", cpu:"x86_64", reference:"firefox3-gtk2-32bit-2.10.6-0.12.21")) flag++;
    if (rpm_check(release:"SLES10", sp:"3", cpu:"x86_64", reference:"firefox3-pango-32bit-1.14.5-0.12.178")) flag++;
    if (rpm_check(release:"SLES10", sp:"3", cpu:"x86_64", reference:"mozilla-nspr-32bit-4.9.4-0.6.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"3", cpu:"x86_64", reference:"mozilla-nss-32bit-3.14.1-0.6.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"3", cpu:"s390x", reference:"firefox3-cairo-32bit-1.2.4-0.8.5")) flag++;
    if (rpm_check(release:"SLES10", sp:"3", cpu:"s390x", reference:"firefox3-gtk2-32bit-2.10.6-0.12.21")) flag++;
    if (rpm_check(release:"SLES10", sp:"3", cpu:"s390x", reference:"firefox3-pango-32bit-1.14.5-0.12.178")) flag++;
    if (rpm_check(release:"SLES10", sp:"3", cpu:"s390x", reference:"mozilla-nspr-32bit-4.9.4-0.6.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"3", cpu:"s390x", reference:"mozilla-nss-32bit-3.14.1-0.6.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"3", reference:"firefox3-cairo-1.2.4-0.8.5")) flag++;
    if (rpm_check(release:"SLES10", sp:"3", reference:"firefox3-gtk2-2.10.6-0.12.21")) flag++;
    if (rpm_check(release:"SLES10", sp:"3", reference:"firefox3-pango-1.14.5-0.12.178")) flag++;
    if (rpm_check(release:"SLES10", sp:"3", reference:"mozilla-nspr-4.9.4-0.6.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"3", reference:"mozilla-nspr-devel-4.9.4-0.6.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"3", reference:"mozilla-nss-3.14.1-0.6.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"3", reference:"mozilla-nss-devel-3.14.1-0.6.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"3", reference:"mozilla-nss-tools-3.14.1-0.6.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"3", reference:"MozillaFirefox-10.0.12-0.6.3")) flag++;
    if (rpm_check(release:"SLES10", sp:"3", reference:"MozillaFirefox-branding-SLED-7-0.8.46")) flag++;
    if (rpm_check(release:"SLES10", sp:"3", reference:"MozillaFirefox-translations-10.0.12-0.6.3")) flag++;
    
    
    if (flag)
    {
      set_kb_item(name:'www/0/XSS', value:TRUE);
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla Firefox");
    }
    
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_1702.NASL
    descriptionThe installed version of Thunderbird is earlier than 17.0.2 and thus, is potentially affected by the following security issues : - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id63553
    published2013-01-15
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63553
    titleMozilla Thunderbird < 17.0.2 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63553);
      script_version("1.19");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id(
        "CVE-2013-0744",
        "CVE-2013-0745",
        "CVE-2013-0746",
        "CVE-2013-0747",
        "CVE-2013-0748",
        "CVE-2013-0749",
        "CVE-2013-0750",
        "CVE-2013-0752",
        "CVE-2013-0753",
        "CVE-2013-0754",
        "CVE-2013-0755",
        "CVE-2013-0756",
        "CVE-2013-0757",
        "CVE-2013-0758",
        "CVE-2013-0759",
        "CVE-2013-0761",
        "CVE-2013-0762",
        "CVE-2013-0763",
        "CVE-2013-0764",
        "CVE-2013-0766",
        "CVE-2013-0767",
        "CVE-2013-0768",
        "CVE-2013-0769",
        "CVE-2013-0771"
      );
      script_bugtraq_id(
        57193,
        57194,
        57195,
        57196,
        57197,
        57198,
        57203,
        57204,
        57205,
        57209,
        57211,
        57213,
        57215,
        57217,
        57218,
        57228,
        57232,
        57234,
        57235,
        57236,
        57238,
        57240,
        57241,
        57244,
        57258
      );
    
      script_name(english:"Mozilla Thunderbird < 17.0.2 Multiple Vulnerabilities");
      script_summary(english:"Checks version of Thunderbird");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a mail client that is potentially
    affected by several vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Thunderbird is earlier than 17.0.2 and thus,
    is potentially affected by the following security issues :
    
      - Two intermediate certificates were improperly issued by
        TURKTRUST certificate authority. (CVE-2013-0743)
    
      - A use-after-free error exists related to displaying
        HTML tables with many columns and column groups.
        (CVE-2013-0744)
    
      - An error exists related to the 'AutoWrapperChanger'
        class that does not properly manage objects during
        garbage collection. (CVE-2012-0745)
    
      - An error exists related to 'jsval', 'quickstubs', and
        compartmental mismatches that could lead to potentially
        exploitable crashes. (CVE-2013-0746)
    
      - Errors exist related to events in the plugin handler
        that could allow same-origin policy bypass.
        (CVE-2013-0747)
    
      - An error related to the 'toString' method of XBL
        objects could lead to address information leakage.
        (CVE-2013-0748)
    
      - An unspecified memory corruption issue exists.
        (CVE-2013-0749, CVE-2013-0769)
    
      - A buffer overflow exists related to JavaScript string
        concatenation. (CVE-2013-0750)
        
      - An error exists related to multiple XML bindings with
        SVG content, contained in XBL files. (CVE-2013-0752)
    
      - A use-after-free error exists related to
        'XMLSerializer' and 'serializeToStream'.
        (CVE-2013-0753)
    
      - A use-after-free error exists related to garbage
        collection and 'ListenManager'. (CVE-2013-0754)
    
      - A use-after-free error exists related to the 'Vibrate'
        library and 'domDoc'. (CVE-2013-0755)
    
      - A use-after-free error exists related to JavaScript
        'Proxy' objects. (CVE-2013-0756)
      
      - 'Chrome Object Wrappers' (COW) can be bypassed by
        changing object prototypes, which could allow 
        arbitrary code execution. (CVE-2013-0757)
    
      - An error related to SVG elements and plugins could 
        allow privilege escalation. (CVE-2013-0758)
    
      - An error exists related to the address bar that could
        allow URL spoofing attacks. (CVE-2013-0759)
    
      - Multiple, unspecified use-after-free, out-of-bounds read
        and buffer overflow errors exist. (CVE-2013-0761,
        CVE-2013-0762, CVE-2013-0763, CVE-2013-0766,
        CVE-2013-0767, CVE-2013-0771)
    
      - An error exists related to SSL and threading that
        could result in potentially exploitable crashes.
        (CVE-2013-0764)
    
      - An error exists related to 'Canvas' and bad height or
        width values passed to it from HTML. (CVE-2013-0768)");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-003/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-006/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-037/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-038/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-039/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-01/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-02/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-03/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-04/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-05/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-07/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-08/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-09/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-10/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-11/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-12/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-13/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-14/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-15/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-16/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-17/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-18/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-19/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-20/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Thunderbird 17.0.2 / 17.0.2 ESR or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0769");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox 17.0.1 Flash Privileged Code Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Thunderbird/Version");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    port = get_kb_item_or_exit("SMB/transport");
    
    installs = get_kb_list("SMB/Mozilla/Thunderbird/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Thunderbird");
    
    mozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'17.0.2', severity:SECURITY_HOLE, xss:TRUE);
  • NASL familyWindows
    NASL idSEAMONKEY_215.NASL
    descriptionThe installed version of SeaMonkey is earlier than 2.15 and thus, is potentially affected by the following security issues : - Multiple, unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. (CVE-2012-5829, CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771) - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id63554
    published2013-01-15
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63554
    titleSeaMonkey < 2.15 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63554);
      script_version("1.20");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id(
        "CVE-2013-0744",
        "CVE-2013-0745",
        "CVE-2013-0746",
        "CVE-2013-0747",
        "CVE-2013-0748",
        "CVE-2013-0749",
        "CVE-2013-0750",
        "CVE-2013-0752",
        "CVE-2013-0753",
        "CVE-2013-0754",
        "CVE-2013-0755",
        "CVE-2013-0756",
        "CVE-2013-0757",
        "CVE-2013-0758",
        "CVE-2013-0759",
        "CVE-2013-0760",
        "CVE-2013-0761",
        "CVE-2013-0763",
        "CVE-2013-0764",
        "CVE-2013-0766",
        "CVE-2013-0767",
        "CVE-2013-0768",
        "CVE-2013-0769",
        "CVE-2013-0770",
        "CVE-2013-0771"
      );
      script_bugtraq_id(
        57193,
        57194,
        57195,
        57196,
        57197,
        57198,
        57199,
        57203,
        57204,
        57205,
        57207,
        57209,
        57211,
        57213,
        57215,
        57217,
        57218,
        57228,
        57232,
        57234,
        57235,
        57236,
        57238,
        57240,
        57241,
        57244,
        57258
      );
    
      script_name(english:"SeaMonkey < 2.15 Multiple Vulnerabilities");
      script_summary(english:"Checks version of SeaMonkey");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a web browser that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of SeaMonkey is earlier than 2.15 and thus,
    is potentially affected by the following security issues :
    
      - Multiple, unspecified use-after-free, out-of-bounds read
        and buffer overflow errors exist. (CVE-2012-5829,
        CVE-2013-0760, CVE-2013-0761, CVE-2013-0762,
        CVE-2013-0763, CVE-2013-0766, CVE-2013-0767,
        CVE-2013-0771)
    
      - Two intermediate certificates were improperly issued by
        TURKTRUST certificate authority. (CVE-2013-0743)
    
      - A use-after-free error exists related to displaying
        HTML tables with many columns and column groups.
        (CVE-2013-0744)
    
      - An error exists related to the 'AutoWrapperChanger'
        class that does not properly manage objects during
        garbage collection. (CVE-2012-0745)
    
      - An error exists related to 'jsval', 'quickstubs', and
        compartmental mismatches that can lead potentially
        exploitable crashes. (CVE-2013-0746)
    
      - Errors exist related to events in the plugin handler
        that can allow same-origin policy bypass.
        (CVE-2013-0747)
    
      - An error related to the 'toString' method of XBL
        objects can lead to address information leakage.
        (CVE-2013-0748)
    
      - An unspecified memory corruption issue exists.
        (CVE-2013-0749, CVE-2013-0769, CVE-2013-0770)
    
      - A buffer overflow exists related to JavaScript string
        concatenation. (CVE-2013-0750)
    
      - An error exists related to multiple XML bindings with
        SVG content, contained in XBL files. (CVE-2013-0752)
    
      - A use-after-free error exists related to
        'XMLSerializer' and 'serializeToStream'.
        (CVE-2013-0753)
    
      - A use-after-free error exists related to garbage
        collection and 'ListenManager'. (CVE-2013-0754)
    
      - A use-after-free error exists related to the 'Vibrate'
        library and 'domDoc'. (CVE-2013-0755)
    
      - A use-after-free error exists related to JavaScript
        'Proxy' objects. (CVE-2013-0756)
      
      - 'Chrome Object Wrappers' (COW) can be bypassed by
        changing object prototypes and can allow arbitrary
        code execution. (CVE-2013-0757)
    
      - An error related to SVG elements and plugins can allow
        privilege escalation. (CVE-2013-0758)
    
      - An error exists related to the address bar that can
        allow URL spoofing attacks. (CVE-2013-0759)
    
      - An error exists related to SSL and threading that
        can result in potentially exploitable crashes.
        (CVE-2013-0764)
    
      - An error exists related to 'Canvas' and bad height or
        width values passed to it from HTML. (CVE-2013-0768)");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-003/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-006/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-037/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-038/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-039/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-01/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-02/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-03/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-04/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-05/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-07/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-08/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-09/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-10/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-11/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-12/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-13/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-14/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-15/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-16/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-17/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-18/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-19/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-20/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to SeaMonkey 2.15 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0770");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox 17.0.1 Flash Privileged Code Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:seamonkey");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("SeaMonkey/Version");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    port = get_kb_item("SMB/transport");
    if (!port) port = 445;
    
    installs = get_kb_list("SMB/SeaMonkey/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "SeaMonkey");
    
    mozilla_check_version(installs:installs, product:'seamonkey', fix:'2.15', severity:SECURITY_HOLE, xss:TRUE);
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_10012.NASL
    descriptionThe installed version of Firefox 10.x is potentially affected by the following security issues : - Multiple, unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. (CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771) - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id63548
    published2013-01-15
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63548
    titleFirefox 10.x < 10.0.12 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63548);
      script_version("1.19");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id(
        "CVE-2013-0744",
        "CVE-2013-0745",
        "CVE-2013-0746",
        "CVE-2013-0747",
        "CVE-2013-0748",
        "CVE-2013-0749",
        "CVE-2013-0750",
        "CVE-2013-0752",
        "CVE-2013-0753",
        "CVE-2013-0754",
        "CVE-2013-0755",
        "CVE-2013-0756",
        "CVE-2013-0757",
        "CVE-2013-0758",
        "CVE-2013-0759",
        "CVE-2013-0761",
        "CVE-2013-0762",
        "CVE-2013-0763",
        "CVE-2013-0764",
        "CVE-2013-0766",
        "CVE-2013-0767",
        "CVE-2013-0768",
        "CVE-2013-0769",
        "CVE-2013-0771"
      );
      script_bugtraq_id(
        57193,
        57194,
        57195,
        57196,
        57197,
        57198,
        57203,
        57204,
        57205,
        57209,
        57211,
        57213,
        57215,
        57217,
        57218,
        57228,
        57232,
        57234,
        57235,
        57236,
        57238,
        57240,
        57241,
        57244,
        57258
      );
    
      script_name(english:"Firefox 10.x < 10.0.12 Multiple Vulnerabilities");
      script_summary(english:"Checks version of Firefox");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a web browser that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Firefox 10.x is potentially affected by the
    following security issues :
    
       - Multiple, unspecified use-after-free, out-of-bounds read
        and buffer overflow errors exist. (CVE-2013-0761,
        CVE-2013-0762, CVE-2013-0763, CVE-2013-0766,
        CVE-2013-0767, CVE-2013-0771)
        
      - Two intermediate certificates were improperly issued by
        TURKTRUST certificate authority. (CVE-2013-0743)
    
      - A use-after-free error exists related to displaying
        HTML tables with many columns and column groups.
        (CVE-2013-0744)
    
      - An error exists related to the 'AutoWrapperChanger'
        class that does not properly manage objects during
        garbage collection. (CVE-2012-0745)
    
      - An error exists related to 'jsval', 'quickstubs', and
        compartmental mismatches that could lead to potentially
        exploitable crashes. (CVE-2013-0746)
    
      - Errors exist related to events in the plugin handler
        that could allow same-origin policy bypass.
        (CVE-2013-0747)
    
      - An error related to the 'toString' method of XBL
        objects could lead to address information leakage.
        (CVE-2013-0748)
    
      - An unspecified memory corruption issue exists.
        (CVE-2013-0749, CVE-2013-0769)
    
      - A buffer overflow exists related to JavaScript string
        concatenation. (CVE-2013-0750)
        
      - An error exists related to multiple XML bindings with
        SVG content, contained in XBL files. (CVE-2013-0752)
    
      - A use-after-free error exists related to
        'XMLSerializer' and 'serializeToStream'.
        (CVE-2013-0753)
    
      - A use-after-free error exists related to garbage
        collection and 'ListenManager'. (CVE-2013-0754)
    
      - A use-after-free error exists related to the 'Vibrate'
        library and 'domDoc'. (CVE-2013-0755)
    
      - A use-after-free error exists related to JavaScript
        'Proxy' objects. (CVE-2013-0756)
      
      - 'Chrome Object Wrappers' (COW) can be bypassed by
        changing object prototypes, which could allow 
        arbitrary code execution. (CVE-2013-0757)
    
      - An error related to SVG elements and plugins could 
        allow privilege escalation. (CVE-2013-0758)
    
      - An error exists related to the address bar that could
        allow URL spoofing attacks. (CVE-2013-0759)
    
      - An error exists related to SSL and threading that
        could result in potentially exploitable crashes.
        (CVE-2013-0764)
    
      - An error exists related to 'Canvas' and bad height or
        width values passed to it from HTML. (CVE-2013-0768) 
    
    Please note the 10.x ESR branch will no longer be supported as of 
    02/13/2013. Only the 17.x ESR branch will receive security updates 
    after that date.");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-003/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-006/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-037/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-038/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-039/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-01/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-02/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-03/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-04/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-05/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-07/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-08/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-09/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-10/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-11/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-12/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-13/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-14/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-15/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-16/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-17/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-18/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-19/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-20/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Firefox 10.0.12 ESR or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0769");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox 17.0.1 Flash Privileged Code Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Firefox/Version");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    port = get_kb_item_or_exit("SMB/transport"); 
    
    installs = get_kb_list("SMB/Mozilla/Firefox/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");
    
    mozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'10.0.12', min:'10.0', severity:SECURITY_HOLE, xss:TRUE);
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1681-3.NASL
    descriptionUSN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, some translations became unusable after upgrading. This update fixes the problem. We apologize for the inconvenience. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O
    last seen2020-06-01
    modified2020-06-02
    plugin id63665
    published2013-01-23
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63665
    titleUbuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1681-3)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1681-3. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63665);
      script_version("1.16");
      script_cvs_date("Date: 2019/09/19 12:54:28");
    
      script_cve_id("CVE-2012-5829", "CVE-2013-0744", "CVE-2013-0745", "CVE-2013-0746", "CVE-2013-0747", "CVE-2013-0748", "CVE-2013-0749", "CVE-2013-0750", "CVE-2013-0752", "CVE-2013-0753", "CVE-2013-0754", "CVE-2013-0755", "CVE-2013-0756", "CVE-2013-0757", "CVE-2013-0758", "CVE-2013-0759", "CVE-2013-0760", "CVE-2013-0761", "CVE-2013-0762", "CVE-2013-0763", "CVE-2013-0764", "CVE-2013-0766", "CVE-2013-0767", "CVE-2013-0768", "CVE-2013-0769", "CVE-2013-0770", "CVE-2013-0771");
      script_xref(name:"USN", value:"1681-3");
    
      script_name(english:"Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1681-3)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream
    regression, some translations became unusable after upgrading. This
    update fixes the problem.
    
    We apologize for the inconvenience.
    
    Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa,
    Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse
    Ruderman, and Julian Seward discovered multiple memory safety issues
    affecting Firefox. If the user were tricked into opening a specially
    crafted page, an attacker could possibly exploit these to cause a
    denial of service via application crash, or potentially execute code
    with the privileges of the user invoking Firefox. (CVE-2013-0769,
    CVE-2013-0749, CVE-2013-0770)
    
    Abhishek Arya discovered several user-after-free and buffer
    overflows in Firefox. An attacker could exploit these to
    cause a denial of service via application crash, or
    potentially execute code with the privileges of the user
    invoking Firefox. (CVE-2013-0760, CVE-2013-0761,
    CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767,
    CVE-2013-0771, CVE-2012-5829)
    
    A stack buffer was discovered in Firefox. If the user were
    tricked into opening a specially crafted page, an attacker
    could possibly exploit this to cause a denial of service via
    application crash, or potentially execute code with the
    privileges of the user invoking Firefox. (CVE-2013-0768)
    
    Masato Kinugawa discovered that Firefox did not always
    properly display URL values in the address bar. A remote
    attacker could exploit this to conduct URL spoofing and
    phishing attacks. (CVE-2013-0759)
    
    Atte Kettunen discovered that Firefox did not properly
    handle HTML tables with a large number of columns and column
    groups. If the user were tricked into opening a specially
    crafted page, an attacker could exploit this to cause a
    denial of service via application crash, or potentially
    execute code with the privileges of the user invoking
    Firefox. (CVE-2013-0744)
    
    Jerry Baker discovered that Firefox did not always properly
    handle threading when performing downloads over SSL
    connections. An attacker could exploit this to cause a
    denial of service via application crash. (CVE-2013-0764)
    
    Olli Pettay and Boris Zbarsky discovered flaws in the
    Javacript engine of Firefox. An attacker could cause a
    denial of service via application crash, or potentially
    execute code with the privileges of the user invoking
    Firefox. (CVE-2013-0745, CVE-2013-0746)
    
    Jesse Ruderman discovered a flaw in the way Firefox handled
    plugins. If a user were tricked into opening a specially
    crafted page, a remote attacker could exploit this to bypass
    security protections to conduct clickjacking attacks.
    (CVE-2013-0747)
    
    Jesse Ruderman discovered an information leak in Firefox. An
    attacker could exploit this to reveal memory address layout
    which could help in bypassing ASLR protections.
    (CVE-2013-0748)
    
    An integer overflow was discovered in the JavaScript engine,
    leading to a heap-based buffer overflow. If the user were
    tricked into opening a specially crafted page, an attacker
    could possibly exploit this to execute code with the
    privileges of the user invoking Firefox. (CVE-2013-0750)
    
    Sviatoslav Chagaev discovered that Firefox did not properly
    handle XBL files with multiple XML bindings with SVG
    content. An attacker could cause a denial of service via
    application crash, or potentially execute code with the
    privileges of the user invoking Firefox. (CVE-2013-0752)
    
    Mariusz Mlynski discovered two flaws to gain access to
    privileged chrome functions. An attacker could possibly
    exploit this to execute code with the privileges of the user
    invoking Firefox. (CVE-2013-0757, CVE-2013-0758)
    
    Several use-after-free issues were discovered in Firefox. If
    the user were tricked into opening a specially crafted page,
    an attacker could possibly exploit this to execute code with
    the privileges of the user invoking Firefox. (CVE-2013-0753,
    CVE-2013-0754, CVE-2013-0755, CVE-2013-0756)
    
    Two intermediate CA certificates were mis-issued by the
    TURKTRUST certificate authority. If a remote attacker were
    able to perform a man-in-the-middle attack, this flaw could
    be exploited to view sensitive information. (CVE-2013-0743).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1681-3/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox 17.0.1 Flash Privileged Code Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04|11\.10|12\.04|12\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 11.10 / 12.04 / 12.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"firefox", pkgver:"18.0.1+build1-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"11.10", pkgname:"firefox", pkgver:"18.0.1+build1-0ubuntu0.11.10.1")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"firefox", pkgver:"18.0.1+build1-0ubuntu0.12.04.1")) flag++;
    if (ubuntu_check(osver:"12.10", pkgname:"firefox", pkgver:"18.0.1+build1-0ubuntu0.12.10.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201309-23.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201309-23 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Further, a remote attacker could conduct XSS attacks, spoof URLs, bypass address space layout randomization, conduct clickjacking attacks, obtain potentially sensitive information, bypass access restrictions, modify the local filesystem, or conduct other unspecified attacks. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id70183
    published2013-09-28
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70183
    titleGLSA-201309-23 : Mozilla Products: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201309-23.
    #
    # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(70183);
      script_version("1.16");
      script_cvs_date("Date: 2019/08/12 17:35:38");
    
      script_cve_id("CVE-2013-0744", "CVE-2013-0745", "CVE-2013-0746", "CVE-2013-0747", "CVE-2013-0748", "CVE-2013-0749", "CVE-2013-0750", "CVE-2013-0751", "CVE-2013-0752", "CVE-2013-0753", "CVE-2013-0754", "CVE-2013-0755", "CVE-2013-0756", "CVE-2013-0757", "CVE-2013-0758", "CVE-2013-0759", "CVE-2013-0760", "CVE-2013-0761", "CVE-2013-0762", "CVE-2013-0763", "CVE-2013-0764", "CVE-2013-0765", "CVE-2013-0766", "CVE-2013-0767", "CVE-2013-0768", "CVE-2013-0769", "CVE-2013-0770", "CVE-2013-0771", "CVE-2013-0772", "CVE-2013-0773", "CVE-2013-0774", "CVE-2013-0775", "CVE-2013-0776", "CVE-2013-0777", "CVE-2013-0778", "CVE-2013-0779", "CVE-2013-0780", "CVE-2013-0781", "CVE-2013-0782", "CVE-2013-0783", "CVE-2013-0784", "CVE-2013-0787", "CVE-2013-0788", "CVE-2013-0789", "CVE-2013-0791", "CVE-2013-0792", "CVE-2013-0793", "CVE-2013-0794", "CVE-2013-0795", "CVE-2013-0796", "CVE-2013-0797", "CVE-2013-0799", "CVE-2013-0800", "CVE-2013-0801", "CVE-2013-1670", "CVE-2013-1671", "CVE-2013-1674", "CVE-2013-1675", "CVE-2013-1676", "CVE-2013-1677", "CVE-2013-1678", "CVE-2013-1679", "CVE-2013-1680", "CVE-2013-1681", "CVE-2013-1682", "CVE-2013-1684", "CVE-2013-1687", "CVE-2013-1690", "CVE-2013-1692", "CVE-2013-1693", "CVE-2013-1694", "CVE-2013-1697", "CVE-2013-1701", "CVE-2013-1702", "CVE-2013-1704", "CVE-2013-1705", "CVE-2013-1707", "CVE-2013-1708", "CVE-2013-1709", "CVE-2013-1710", "CVE-2013-1711", "CVE-2013-1712", "CVE-2013-1713", "CVE-2013-1714", "CVE-2013-1717", "CVE-2013-1718", "CVE-2013-1719", "CVE-2013-1720", "CVE-2013-1722", "CVE-2013-1723", "CVE-2013-1724", "CVE-2013-1725", "CVE-2013-1726", "CVE-2013-1728", "CVE-2013-1730", "CVE-2013-1732", "CVE-2013-1735", "CVE-2013-1736", "CVE-2013-1737", "CVE-2013-1738");
      script_bugtraq_id(57193, 57194, 57195, 57196, 57197, 57198, 57199, 57203, 57204, 57205, 57207, 57209, 57211, 57213, 57215, 57217, 57218, 57228, 57232, 57234, 57235, 57236, 57238, 57240, 57241, 57244, 57260, 58034, 58036, 58037, 58038, 58040, 58041, 58042, 58043, 58044, 58047, 58048, 58049, 58050, 58051, 58391, 58819, 58821, 58824, 58825, 58826, 58827, 58828, 58831, 58835, 58836, 58837, 59855, 59858, 59859, 59860, 59861, 59862, 59863, 59864, 59865, 59868, 59869, 60765, 60766, 60776, 60777, 60778, 60783, 60784, 60787, 61864, 61867, 61871, 61872, 61873, 61874, 61875, 61876, 61877, 61878, 61882, 61896, 61900, 62460, 62462, 62463, 62464, 62465, 62466, 62467, 62468, 62469, 62472, 62473, 62475, 62478, 62479, 62482);
      script_xref(name:"GLSA", value:"201309-23");
    
      script_name(english:"GLSA-201309-23 : Mozilla Products: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201309-23
    (Mozilla Products: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Mozilla Firefox,
          Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced
          below for details.
      
    Impact :
    
        A remote attacker could entice a user to view a specially crafted web
          page or email, possibly resulting in execution of arbitrary code or a
          Denial of Service condition. Further, a remote attacker could conduct XSS
          attacks, spoof URLs, bypass address space layout randomization, conduct
          clickjacking attacks, obtain potentially sensitive information, bypass
          access restrictions, modify the local filesystem, or conduct other
          unspecified attacks.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201309-23"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Mozilla Firefox users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-client/firefox-17.0.9'
        All users of the Mozilla Firefox binary package should upgrade to the
          latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-17.0.9'
        All Mozilla Thunderbird users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-17.0.9'
        All users of the Mozilla Thunderbird binary package should upgrade to
          the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=mail-client/thunderbird-bin-17.0.9'
        All SeaMonkey users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-client/seamonkey-2.21'
        All users of the Mozilla SeaMonkey binary package should upgrade to the
          latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-2.21'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox toString console.time Privileged Javascript Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firefox-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:thunderbird-bin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/09/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"mail-client/thunderbird-bin", unaffected:make_list("ge 17.0.9"), vulnerable:make_list("lt 17.0.9"))) flag++;
    if (qpkg_check(package:"www-client/firefox", unaffected:make_list("ge 17.0.9"), vulnerable:make_list("lt 17.0.9"))) flag++;
    if (qpkg_check(package:"mail-client/thunderbird", unaffected:make_list("ge 17.0.9"), vulnerable:make_list("lt 17.0.9"))) flag++;
    if (qpkg_check(package:"www-client/firefox-bin", unaffected:make_list("ge 17.0.9"), vulnerable:make_list("lt 17.0.9"))) flag++;
    if (qpkg_check(package:"www-client/seamonkey", unaffected:make_list("ge 2.21"), vulnerable:make_list("lt 2.21"))) flag++;
    if (qpkg_check(package:"www-client/seamonkey-bin", unaffected:make_list("ge 2.21"), vulnerable:make_list("lt 2.21"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla Products");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1681-2.NASL
    descriptionUSN-1681-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O
    last seen2020-06-01
    modified2020-06-02
    plugin id63448
    published2013-01-09
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63448
    titleUbuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1681-2)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_FIREFOX-201301-8426.NASL
    descriptionMozilla Firefox was updated to the 10.0.12ESR release. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2013-01) o Christoph Diehl, Christian Holler, Mats Palmgren, and Chiaki Ishikawa reported memory safety problems and crashes that affect Firefox ESR 10, Firefox ESR 17, and Firefox 17. (CVE-2013-0769) o Bill Gianopoulos, Benoit Jacob, Christoph Diehl, Christian Holler, Gary Kwong, Robert O
    last seen2020-06-05
    modified2013-01-20
    plugin id63626
    published2013-01-20
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63626
    titleSuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 8426)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_17_0_2.NASL
    descriptionThe installed version of Firefox ESR is earlier than 17.0.2 and thus, is potentially affected by the following security issues : - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id63544
    published2013-01-15
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63544
    titleFirefox ESR < 17.0.2 Multiple Vulnerabilities (Mac OS X)

Oval

accepted2014-10-06T04:02:12.020-04:00
classvulnerability
contributors
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameRichard Helbing
    organizationbaramundi software
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
definition_extensions
  • commentMozilla Seamonkey is installed
    ovaloval:org.mitre.oval:def:6372
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox ESR is installed
    ovaloval:org.mitre.oval:def:22414
  • commentMozilla Thunderbird ESR is installed
    ovaloval:org.mitre.oval:def:22216
descriptionThe gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event.
familywindows
idoval:org.mitre.oval:def:16866
statusaccepted
submitted2013-05-13T10:26:26.748+04:00
titleThe gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event.
version38