Vulnerabilities > CVE-2013-0748 - Information Exposure vulnerability in multiple products

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE

Summary

The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR protection mechanism by calling the toString function of an XBL object.

Vulnerable Configurations

Part Description Count
Application
Mozilla
598
OS
Opensuse
3
OS
Suse
7
OS
Redhat
9
OS
Canonical
4

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-17.NASL
    descriptionThe Mozilla January 8th 2013 security release contains updates : Mozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was updated to version 2.15. Mozilla Thunderbird was updated to version 17.0.2. Mozilla XULRunner was updated to version 17.0.2. - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 Miscellaneous memory safety hazards - MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20 13-0767 CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 Use-after-free and buffer overflow issues found using Address Sanitizer - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow in Canvas - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in addressbar during page loads - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free when displaying table with many columns and column groups - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are shared across iframes - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to handling of SSL on threads - MFSA 2013-08/CVE-2013-0745 (bmo#794158) AutoWrapperChanger fails to keep objects alive during garbage collection - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment mismatch with quickstubs returned values - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event manipulation in plugin handler to bypass same-origin policy - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space layout leaked in XBL objects - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow in JavaScript string concatenation - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption in XBL with XML bindings containing SVG - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object Wrapper (COW) bypass through changing prototype - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege escalation through plugin objects - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in serializeToStream - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in ListenerManager - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in Vibrate - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in JavaScript Proxy objects Mozilla NSPR was updated to 4.9.4, containing some small bugfixes and new features. Mozilla NSS was updated to 3.14.1 containing various new features, security fix and bugfixes : - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628) revoke mis-issued intermediate certificates from TURKTRUST Cryptographic changes done : - Support for TLS 1.1 (RFC 4346) - Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764) - Support for AES-CTR, AES-CTS, and AES-GCM - Support for Keying Material Exporters for TLS (RFC 5705) - Support for certificate signatures using the MD5 hash algorithm is now disabled by default - The NSS license has changed to MPL 2.0. Previous releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1 tri-license. For more information about MPL 2.0, please see http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional explanation on GPL/LGPL compatibility, see security/nss/COPYING in the source code. - Export and DES cipher suites are disabled by default. Non-ECC AES and Triple DES cipher suites are enabled by default Please see http://www.mozilla.org/security/announce/ for more information.
    last seen2020-06-05
    modified2014-06-13
    plugin id74918
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74918
    titleopenSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2013-17.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74918);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-0759", "CVE-2012-5829", "CVE-2013-0744", "CVE-2013-0745", "CVE-2013-0746", "CVE-2013-0747", "CVE-2013-0748", "CVE-2013-0749", "CVE-2013-0750", "CVE-2013-0751", "CVE-2013-0752", "CVE-2013-0753", "CVE-2013-0754", "CVE-2013-0755", "CVE-2013-0756", "CVE-2013-0757", "CVE-2013-0758", "CVE-2013-0759", "CVE-2013-0760", "CVE-2013-0761", "CVE-2013-0762", "CVE-2013-0763", "CVE-2013-0764", "CVE-2013-0766", "CVE-2013-0767", "CVE-2013-0768", "CVE-2013-0769", "CVE-2013-0770", "CVE-2013-0771");
    
      script_name(english:"openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)");
      script_summary(english:"Check for the openSUSE-2013-17 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Mozilla January 8th 2013 security release contains updates :
    
    Mozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was
    updated to version 2.15. Mozilla Thunderbird was updated to version
    17.0.2. Mozilla XULRunner was updated to version 17.0.2.
    
      - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770
        Miscellaneous memory safety hazards
    
      - MFSA
        2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20
        13-0767
        CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829
        Use-after-free and buffer overflow issues found using
        Address Sanitizer
    
      - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow
        in Canvas
    
      - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in
        addressbar during page loads
    
      - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free
        when displaying table with many columns and column
        groups
    
      - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are
        shared across iframes
    
      - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to
        handling of SSL on threads
    
      - MFSA 2013-08/CVE-2013-0745 (bmo#794158)
        AutoWrapperChanger fails to keep objects alive during
        garbage collection
    
      - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment
        mismatch with quickstubs returned values
    
      - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event
        manipulation in plugin handler to bypass same-origin
        policy
    
      - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space
        layout leaked in XBL objects
    
      - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow
        in JavaScript string concatenation
    
      - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory
        corruption in XBL with XML bindings containing SVG
    
      - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object
        Wrapper (COW) bypass through changing prototype
    
      - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege
        escalation through plugin objects
    
      - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free
        in serializeToStream
    
      - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free
        in ListenerManager
    
      - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free
        in Vibrate
    
      - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free
        in JavaScript Proxy objects
    
    Mozilla NSPR was updated to 4.9.4, containing some small bugfixes and
    new features.
    
    Mozilla NSS was updated to 3.14.1 containing various new features,
    security fix and bugfixes :
    
      - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)
        revoke mis-issued intermediate certificates from
        TURKTRUST
    
    Cryptographic changes done :
    
      - Support for TLS 1.1 (RFC 4346)
    
      - Experimental support for DTLS 1.0 (RFC 4347) and
        DTLS-SRTP (RFC 5764)
    
      - Support for AES-CTR, AES-CTS, and AES-GCM
    
      - Support for Keying Material Exporters for TLS (RFC 5705)
    
      - Support for certificate signatures using the MD5 hash
        algorithm is now disabled by default
    
      - The NSS license has changed to MPL 2.0. Previous
        releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1
        tri-license. For more information about MPL 2.0, please
        see http://www.mozilla.org/MPL/2.0/FAQ.html. For an
        additional explanation on GPL/LGPL compatibility, see
        security/nss/COPYING in the source code.
    
      - Export and DES cipher suites are disabled by default.
        Non-ECC AES and Triple DES cipher suites are enabled by
        default
    
    Please see http://www.mozilla.org/security/announce/ for more
    information."
      );
      # http://www.mozilla.org/MPL/2.0/FAQ.html.
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/MPL/2.0/FAQ.html."
      );
      # http://www.mozilla.org/security/announce/
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=796628"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox / seamonkey / thunderbird packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox 17.0.1 Flash Privileged Code Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-irc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-other");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-venkman");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-buildsymbols");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.1|SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1 / 12.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-18.0-2.58.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-branding-upstream-18.0-2.58.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-buildsymbols-18.0-2.58.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-debuginfo-18.0-2.58.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-debugsource-18.0-2.58.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-devel-18.0-2.58.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-translations-common-18.0-2.58.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-translations-other-18.0-2.58.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-buildsymbols-17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-debuginfo-17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-debugsource-17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-devel-17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-devel-debuginfo-17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-translations-common-17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-translations-other-17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"enigmail-1.5.0+17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"enigmail-debuginfo-1.5.0+17.0.2-33.47.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"libfreebl3-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"libfreebl3-debuginfo-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"libsoftokn3-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"libsoftokn3-debuginfo-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-js-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-js-debuginfo-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nspr-4.9.4-3.11.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nspr-debuginfo-4.9.4-3.11.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nspr-debugsource-4.9.4-3.11.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nspr-devel-4.9.4-3.11.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-certs-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-certs-debuginfo-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-debuginfo-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-debugsource-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-devel-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-sysinit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-sysinit-debuginfo-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-tools-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"mozilla-nss-tools-debuginfo-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-2.15-2.49.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-debuginfo-2.15-2.49.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-debugsource-2.15-2.49.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-dom-inspector-2.15-2.49.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-irc-2.15-2.49.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-translations-common-2.15-2.49.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-translations-other-2.15-2.49.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-venkman-2.15-2.49.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-buildsymbols-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-debuginfo-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-debugsource-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-devel-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-devel-debuginfo-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libfreebl3-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libsoftokn3-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-js-32bit-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-js-debuginfo-32bit-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-nspr-32bit-4.9.4-3.11.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-nspr-debuginfo-32bit-4.9.4-3.11.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-nss-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-9.21.3") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"xulrunner-32bit-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"xulrunner-debuginfo-32bit-17.0.2-2.53.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-18.0-2.29.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-branding-upstream-18.0-2.29.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-buildsymbols-18.0-2.29.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-debuginfo-18.0-2.29.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-debugsource-18.0-2.29.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-devel-18.0-2.29.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-translations-common-18.0-2.29.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-translations-other-18.0-2.29.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-buildsymbols-17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-debuginfo-17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-debugsource-17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-devel-17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-devel-debuginfo-17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-translations-common-17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-translations-other-17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"enigmail-1.5.0+17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"enigmail-debuginfo-1.5.0+17.0.2-49.27.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"libfreebl3-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"libfreebl3-debuginfo-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"libsoftokn3-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"libsoftokn3-debuginfo-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-js-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-js-debuginfo-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nspr-4.9.4-1.8.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nspr-debuginfo-4.9.4-1.8.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nspr-debugsource-4.9.4-1.8.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nspr-devel-4.9.4-1.8.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-certs-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-certs-debuginfo-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-debuginfo-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-debugsource-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-devel-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-sysinit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-sysinit-debuginfo-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-tools-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-tools-debuginfo-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-2.15-2.30.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-debuginfo-2.15-2.30.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-debugsource-2.15-2.30.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-dom-inspector-2.15-2.30.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-irc-2.15-2.30.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-translations-common-2.15-2.30.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-translations-other-2.15-2.30.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-venkman-2.15-2.30.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-buildsymbols-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-debuginfo-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-debugsource-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-devel-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-devel-debuginfo-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libfreebl3-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libsoftokn3-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-js-32bit-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-js-debuginfo-32bit-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nspr-32bit-4.9.4-1.8.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nspr-debuginfo-32bit-4.9.4-1.8.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-2.11.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xulrunner-32bit-17.0.2-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xulrunner-debuginfo-32bit-17.0.2-2.26.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-upstream / etc");
    }
    
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_1702.NASL
    descriptionThe installed version of Firefox 17.x is potentially affected by the following security issues : - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id63550
    published2013-01-15
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63550
    titleFirefox ESR 17.x < 17.0.2 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63550);
      script_version("1.19");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id(
        "CVE-2013-0744",
        "CVE-2013-0745",
        "CVE-2013-0746",
        "CVE-2013-0747",
        "CVE-2013-0748",
        "CVE-2013-0750",
        "CVE-2013-0752",
        "CVE-2013-0753",
        "CVE-2013-0754",
        "CVE-2013-0755",
        "CVE-2013-0756",
        "CVE-2013-0757",
        "CVE-2013-0758",
        "CVE-2013-0759",
        "CVE-2013-0764",
        "CVE-2013-0768"
      );
      script_bugtraq_id(
        57204,
        57209,
        57211,
        57213,
        57215,
        57217,
        57218,
        57228,
        57232,
        57234,
        57235,
        57236,
        57238,
        57240,
        57241,
        57244,
        57258
      );
    
      script_name(english:"Firefox ESR 17.x < 17.0.2 Multiple Vulnerabilities");
      script_summary(english:"Checks version of Firefox");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a web browser that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Firefox 17.x is potentially affected by the
    following security issues :
        
      - Two intermediate certificates were improperly issued by
        TURKTRUST certificate authority. (CVE-2013-0743)
    
      - A use-after-free error exists related to displaying
        HTML tables with many columns and column groups.
        (CVE-2013-0744)
    
      - An error exists related to the 'AutoWrapperChanger'
        class that does not properly manage objects during
        garbage collection. (CVE-2012-0745)
    
      - An error exists related to 'jsval', 'quickstubs', and
        compartmental mismatches that could lead to potentially
        exploitable crashes. (CVE-2013-0746)
    
      - Errors exist related to events in the plugin handler
        that could allow same-origin policy bypass.
        (CVE-2013-0747)
    
      - An error related to the 'toString' method of XBL
        objects could lead to address information leakage.
        (CVE-2013-0748)
    
      - A buffer overflow exists related to JavaScript string
        concatenation. (CVE-2013-0750)
        
      - An error exists related to multiple XML bindings with
        SVG content, contained in XBL files. (CVE-2013-0752)
    
      - A use-after-free error exists related to
        'XMLSerializer' and 'serializeToStream'.
        (CVE-2013-0753)
    
      - A use-after-free error exists related to garbage
        collection and 'ListenManager'. (CVE-2013-0754)
    
      - A use-after-free error exists related to the 'Vibrate'
        library and 'domDoc'. (CVE-2013-0755)
    
      - A use-after-free error exists related to JavaScript
        'Proxy' objects. (CVE-2013-0756)
      
      - 'Chrome Object Wrappers' (COW) can be bypassed by
        changing object prototypes, which could allow 
        arbitrary code execution. (CVE-2013-0757)
    
      - An error related to SVG elements and plugins could 
        allow privilege escalation. (CVE-2013-0758)
    
      - An error exists related to the address bar that could
        allow URL spoofing attacks. (CVE-2013-0759)
    
      - An error exists related to SSL and threading that
        could result in potentially exploitable crashes.
        (CVE-2013-0764)
    
      - An error exists related to 'Canvas' and bad height or
        width values passed to it from HTML. (CVE-2013-0768)");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-003/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-006/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-037/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-038/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-039/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-03/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-04/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-05/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-07/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-08/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-09/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-10/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-11/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-12/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-13/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-14/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-15/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-16/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-17/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-18/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-19/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-20/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Firefox 17.0.2 ESR or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0768");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox 17.0.1 Flash Privileged Code Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Firefox/Version");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    port = get_kb_item_or_exit("SMB/transport"); 
    
    installs = get_kb_list("SMB/Mozilla/Firefox/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");
    
    mozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'17.0.2', min:'17.0', severity:SECURITY_HOLE, xss:TRUE);
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_10_0_12.NASL
    descriptionThe installed version of Thunderbird 10.x is potentially affected by the following security issues : - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to
    last seen2020-06-01
    modified2020-06-02
    plugin id63546
    published2013-01-15
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63546
    titleThunderbird 10.x < 10.0.12 Multiple Vulnerabilities (Mac OS X)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_17_0_2.NASL
    descriptionThe installed version of Thunderbird is earlier than 17.0.2 and thus, is potentially affected by the following security issues : - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id63547
    published2013-01-15
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63547
    titleThunderbird < 17.0.2 Multiple Vulnerabilities (Mac OS X)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0144.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769) A flaw was found in the way Chrome Object Wrappers were implemented. Malicious content could be used to cause Firefox to execute arbitrary code via plug-ins installed in Firefox. (CVE-2013-0758) A flaw in the way Firefox displayed URL values in the address bar could allow a malicious site or user to perform a phishing attack. (CVE-2013-0759) An information disclosure flaw was found in the way certain JavaScript functions were implemented in Firefox. An attacker could use this flaw to bypass Address Space Layout Randomization (ASLR) and other security restrictions. (CVE-2013-0748) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.12 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt, regenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse Ruderman as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.12 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2013-01-09
    plugin id63445
    published2013-01-09
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63445
    titleRHEL 5 / 6 : firefox (RHSA-2013:0144)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1681-1.NASL
    descriptionChristoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O
    last seen2020-06-01
    modified2020-06-02
    plugin id63447
    published2013-01-09
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63447
    titleUbuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1681-1)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_180.NASL
    descriptionThe installed version of Firefox is earlier than 18.0 and thus, is potentially affected by the following security issues : - Multiple, unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. (CVE-2012-5829, CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771) - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id63551
    published2013-01-15
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63551
    titleFirefox < 18.0 Multiple Vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-0144.NASL
    descriptionFrom Red Hat Security Advisory 2013:0144 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769) A flaw was found in the way Chrome Object Wrappers were implemented. Malicious content could be used to cause Firefox to execute arbitrary code via plug-ins installed in Firefox. (CVE-2013-0758) A flaw in the way Firefox displayed URL values in the address bar could allow a malicious site or user to perform a phishing attack. (CVE-2013-0759) An information disclosure flaw was found in the way certain JavaScript functions were implemented in Firefox. An attacker could use this flaw to bypass Address Space Layout Randomization (ASLR) and other security restrictions. (CVE-2013-0748) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.12 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt, regenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse Ruderman as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.12 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2013-07-12
    plugin id68707
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68707
    titleOracle Linux 5 / 6 : firefox (ELSA-2013-0144)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1681-4.NASL
    descriptionUSN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, Firefox suffered from instabilities when accessing some websites. This update fixes the problem. We apologize for the inconvenience. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O
    last seen2020-06-01
    modified2020-06-02
    plugin id64480
    published2013-02-06
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64480
    titleUbuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1681-4)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_A4ED66325AA911E28FCBC8600054B392.NASL
    descriptionThe Mozilla Project reports : MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2) MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer MFSA 2013-03 Buffer Overflow in Canvas MFSA 2013-04 URL spoofing in addressbar during page loads MFSA 2013-05 Use-after-free when displaying table with many columns and column groups MFSA 2013-06 Touch events are shared across iframes MFSA 2013-07 Crash due to handling of SSL on threads MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection MFSA 2013-09 Compartment mismatch with quickstubs returned values MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy MFSA 2013-11 Address space layout leaked in XBL objects MFSA 2013-12 Buffer overflow in JavaScript string concatenation MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype MFSA 2013-15 Privilege escalation through plugin objects MFSA 2013-16 Use-after-free in serializeToStream MFSA 2013-17 Use-after-free in ListenerManager MFSA 2013-18 Use-after-free in Vibrate MFSA 2013-19 Use-after-free in JavaScript Proxy objects MFSA 2013-20 Mis-issued TURKTRUST certificates
    last seen2020-06-01
    modified2020-06-02
    plugin id63463
    published2013-01-10
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63463
    titleFreeBSD : mozilla -- multiple vulnerabilities (a4ed6632-5aa9-11e2-8fcb-c8600054b392)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_18_0.NASL
    descriptionThe installed version of Firefox is earlier than 18.0 and thus, is potentially affected by the following security issues : - Multiple unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. (CVE-2012-5829, CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771) - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id63545
    published2013-01-15
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63545
    titleFirefox < 18.0 Multiple Vulnerabilities (Mac OS X)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_FIREFOX-201301-130110.NASL
    descriptionMozilla Firefox was updated to the 10.0.12ESR release. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2013-01) - Christoph Diehl, Christian Holler, Mats Palmgren, and Chiaki Ishikawa reported memory safety problems and crashes that affect Firefox ESR 10, Firefox ESR 17, and Firefox 17. (CVE-2013-0769) - Bill Gianopoulos, Benoit Jacob, Christoph Diehl, Christian Holler, Gary Kwong, Robert O
    last seen2020-06-05
    modified2013-01-25
    plugin id64136
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64136
    titleSuSE 11.2 Security Update : MozillaFirefox (SAT Patch Number 7224)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2013-0306-1.NASL
    descriptionMozilla Firefox is updated to the 10.0.12ESR version. This is a roll-up update for LTSS. It fixes a lot of security issues and bugs. 10.0.12ESR fixes specifically : MFSA 2013-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Christoph Diehl, Christian Holler, Mats Palmgren, and Chiaki Ishikawa reported memory safety problems and crashes that affect Firefox ESR 10, Firefox ESR 17, and Firefox 17. (CVE-2013-0769) Bill Gianopoulos, Benoit Jacob, Christoph Diehl, Christian Holler, Gary Kwong, Robert O
    last seen2020-06-05
    modified2015-05-20
    plugin id83574
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83574
    titleSUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2013:0306-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-0145.NASL
    descriptionAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769) A flaw was found in the way Chrome Object Wrappers were implemented. Malicious content could be used to cause Thunderbird to execute arbitrary code via plug-ins installed in Thunderbird. (CVE-2013-0758) A flaw in the way Thunderbird displayed URL values could allow malicious content or a user to perform a phishing attack. (CVE-2013-0759) An information disclosure flaw was found in the way certain JavaScript functions were implemented in Thunderbird. An attacker could use this flaw to bypass Address Space Layout Randomization (ASLR) and other security restrictions. (CVE-2013-0748) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt, regenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse Ruderman as the original reporters of these issues. Note: All issues except CVE-2013-0744, CVE-2013-0753, and CVE-2013-0754 cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.12 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2013-01-09
    plugin id63432
    published2013-01-09
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63432
    titleCentOS 5 / 6 : thunderbird (CESA-2013:0145)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0145.NASL
    descriptionAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769) A flaw was found in the way Chrome Object Wrappers were implemented. Malicious content could be used to cause Thunderbird to execute arbitrary code via plug-ins installed in Thunderbird. (CVE-2013-0758) A flaw in the way Thunderbird displayed URL values could allow malicious content or a user to perform a phishing attack. (CVE-2013-0759) An information disclosure flaw was found in the way certain JavaScript functions were implemented in Thunderbird. An attacker could use this flaw to bypass Address Space Layout Randomization (ASLR) and other security restrictions. (CVE-2013-0748) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt, regenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse Ruderman as the original reporters of these issues. Note: All issues except CVE-2013-0744, CVE-2013-0753, and CVE-2013-0754 cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.12 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2013-01-09
    plugin id63446
    published2013-01-09
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63446
    titleRHEL 5 / 6 : thunderbird (RHSA-2013:0145)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-0145.NASL
    descriptionFrom Red Hat Security Advisory 2013:0145 : An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769) A flaw was found in the way Chrome Object Wrappers were implemented. Malicious content could be used to cause Thunderbird to execute arbitrary code via plug-ins installed in Thunderbird. (CVE-2013-0758) A flaw in the way Thunderbird displayed URL values could allow malicious content or a user to perform a phishing attack. (CVE-2013-0759) An information disclosure flaw was found in the way certain JavaScript functions were implemented in Thunderbird. An attacker could use this flaw to bypass Address Space Layout Randomization (ASLR) and other security restrictions. (CVE-2013-0748) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt, regenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse Ruderman as the original reporters of these issues. Note: All issues except CVE-2013-0744, CVE-2013-0753, and CVE-2013-0754 cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.12 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2013-07-12
    plugin id68708
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68708
    titleOracle Linux 6 : thunderbird (ELSA-2013-0145)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_1702.NASL
    descriptionThe installed version of Thunderbird is earlier than 17.0.2 and thus, is potentially affected by the following security issues : - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id63553
    published2013-01-15
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63553
    titleMozilla Thunderbird < 17.0.2 Multiple Vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-0144.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769) A flaw was found in the way Chrome Object Wrappers were implemented. Malicious content could be used to cause Firefox to execute arbitrary code via plug-ins installed in Firefox. (CVE-2013-0758) A flaw in the way Firefox displayed URL values in the address bar could allow a malicious site or user to perform a phishing attack. (CVE-2013-0759) An information disclosure flaw was found in the way certain JavaScript functions were implemented in Firefox. An attacker could use this flaw to bypass Address Space Layout Randomization (ASLR) and other security restrictions. (CVE-2013-0748) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.12 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt, regenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse Ruderman as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.12 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id63431
    published2013-01-09
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63431
    titleCentOS 5 / 6 : firefox / xulrunner (CESA-2013:0144)
  • NASL familyWindows
    NASL idSEAMONKEY_215.NASL
    descriptionThe installed version of SeaMonkey is earlier than 2.15 and thus, is potentially affected by the following security issues : - Multiple, unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. (CVE-2012-5829, CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771) - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id63554
    published2013-01-15
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63554
    titleSeaMonkey < 2.15 Multiple Vulnerabilities
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_10012.NASL
    descriptionThe installed version of Firefox 10.x is potentially affected by the following security issues : - Multiple, unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. (CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771) - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id63548
    published2013-01-15
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63548
    titleFirefox 10.x < 10.0.12 Multiple Vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20130108_FIREFOX_ON_SL5_X.NASL
    descriptionSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769) A flaw was found in the way Chrome Object Wrappers were implemented. Malicious content could be used to cause Firefox to execute arbitrary code via plug-ins installed in Firefox. (CVE-2013-0758) A flaw in the way Firefox displayed URL values in the address bar could allow a malicious site or user to perform a phishing attack. (CVE-2013-0759) An information disclosure flaw was found in the way certain JavaScript functions were implemented in Firefox. An attacker could use this flaw to bypass Address Space Layout Randomization (ASLR) and other security restrictions. (CVE-2013-0748) After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-03-18
    modified2013-01-11
    plugin id63471
    published2013-01-11
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63471
    titleScientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20130108)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_10_0_12.NASL
    descriptionThe installed version of Firefox is earlier than 10.0.12 and thus, is potentially affected by the following security issues : - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to
    last seen2020-06-01
    modified2020-06-02
    plugin id63542
    published2013-01-15
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63542
    titleFirefox < 10.0.12 Multiple Vulnerabilities (Mac OS X)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1681-3.NASL
    descriptionUSN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, some translations became unusable after upgrading. This update fixes the problem. We apologize for the inconvenience. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O
    last seen2020-06-01
    modified2020-06-02
    plugin id63665
    published2013-01-23
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63665
    titleUbuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1681-3)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201309-23.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201309-23 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Further, a remote attacker could conduct XSS attacks, spoof URLs, bypass address space layout randomization, conduct clickjacking attacks, obtain potentially sensitive information, bypass access restrictions, modify the local filesystem, or conduct other unspecified attacks. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id70183
    published2013-09-28
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70183
    titleGLSA-201309-23 : Mozilla Products: Multiple vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1681-2.NASL
    descriptionUSN-1681-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O
    last seen2020-06-01
    modified2020-06-02
    plugin id63448
    published2013-01-09
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63448
    titleUbuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1681-2)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_10012.NASL
    descriptionThe installed version of Thunderbird 10.x is potentially affected by the following security issues : - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to
    last seen2020-06-01
    modified2020-06-02
    plugin id63552
    published2013-01-15
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63552
    titleMozilla Thunderbird 10.x < 10.0.12 Multiple Vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20130108_THUNDERBIRD_ON_SL5_X.NASL
    descriptionSeveral flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769) A flaw was found in the way Chrome Object Wrappers were implemented. Malicious content could be used to cause Thunderbird to execute arbitrary code via plug- ins installed in Thunderbird. (CVE-2013-0758) A flaw in the way Thunderbird displayed URL values could allow malicious content or a user to perform a phishing attack. (CVE-2013-0759) An information disclosure flaw was found in the way certain JavaScript functions were implemented in Thunderbird. An attacker could use this flaw to bypass Address Space Layout Randomization (ASLR) and other security restrictions. (CVE-2013-0748) Note: All issues except CVE-2013-0744, CVE-2013-0753, and CVE-2013-0754 cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-03-18
    modified2013-01-11
    plugin id63472
    published2013-01-11
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63472
    titleScientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20130108)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_FIREFOX-201301-8426.NASL
    descriptionMozilla Firefox was updated to the 10.0.12ESR release. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2013-01) o Christoph Diehl, Christian Holler, Mats Palmgren, and Chiaki Ishikawa reported memory safety problems and crashes that affect Firefox ESR 10, Firefox ESR 17, and Firefox 17. (CVE-2013-0769) o Bill Gianopoulos, Benoit Jacob, Christoph Diehl, Christian Holler, Gary Kwong, Robert O
    last seen2020-06-05
    modified2013-01-20
    plugin id63626
    published2013-01-20
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63626
    titleSuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 8426)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_17_0_2.NASL
    descriptionThe installed version of Firefox ESR is earlier than 17.0.2 and thus, is potentially affected by the following security issues : - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id63544
    published2013-01-15
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63544
    titleFirefox ESR < 17.0.2 Multiple Vulnerabilities (Mac OS X)

Oval

accepted2014-10-06T04:02:36.193-04:00
classvulnerability
contributors
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameRichard Helbing
    organizationbaramundi software
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
definition_extensions
  • commentMozilla Seamonkey is installed
    ovaloval:org.mitre.oval:def:6372
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox ESR is installed
    ovaloval:org.mitre.oval:def:22414
  • commentMozilla Firefox ESR is installed
    ovaloval:org.mitre.oval:def:22414
  • commentMozilla Thunderbird ESR is installed
    ovaloval:org.mitre.oval:def:22216
descriptionThe XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR protection mechanism by calling the toString function of an XBL object.
familywindows
idoval:org.mitre.oval:def:17109
statusaccepted
submitted2013-05-13T10:26:26.748+04:00
titleThe XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR protection mechanism by calling the toString function of an XBL object.
version39

Redhat

advisories
  • rhsa
    idRHSA-2013:0144
  • rhsa
    idRHSA-2013:0145
rpms
  • firefox-0:10.0.12-1.el5_9
  • firefox-0:10.0.12-1.el6_3
  • firefox-debuginfo-0:10.0.12-1.el5_9
  • firefox-debuginfo-0:10.0.12-1.el6_3
  • xulrunner-0:10.0.12-1.el5_9
  • xulrunner-0:10.0.12-1.el6_3
  • xulrunner-debuginfo-0:10.0.12-1.el5_9
  • xulrunner-debuginfo-0:10.0.12-1.el6_3
  • xulrunner-devel-0:10.0.12-1.el5_9
  • xulrunner-devel-0:10.0.12-1.el6_3
  • thunderbird-0:10.0.12-3.el5_9
  • thunderbird-0:10.0.12-3.el6_3
  • thunderbird-debuginfo-0:10.0.12-3.el5_9
  • thunderbird-debuginfo-0:10.0.12-3.el6_3