Vulnerabilities > CVE-2013-1704 - Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the time of a SetBody mutation event.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_THUNDERBIRD_17_0_8.NASL description The installed version of Thunderbird is earlier than 17.0.8 and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. (CVE-2013-1701, CVE-2013-1702) - Use-after-free errors exist related to DOM modification when using last seen 2020-06-01 modified 2020-06-02 plugin id 69266 published 2013-08-08 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69266 title Thunderbird < 17.0.8 Multiple Vulnerabilities (Mac OS X) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(69266); script_version("1.16"); script_cvs_date("Date: 2019/11/27"); script_cve_id( "CVE-2013-1701", "CVE-2013-1702", "CVE-2013-1704", "CVE-2013-1705", "CVE-2013-1708", "CVE-2013-1709", "CVE-2013-1710", "CVE-2013-1711", "CVE-2013-1713", "CVE-2013-1714", "CVE-2013-1717" ); script_bugtraq_id( 61864, 61867, 61871, 61872, 61874, 61875, 61876, 61877, 61882, 61896, 61900 ); script_name(english:"Thunderbird < 17.0.8 Multiple Vulnerabilities (Mac OS X)"); script_summary(english:"Checks version of Thunderbird"); script_set_attribute(attribute:"synopsis", value: "The remote Mac OS X host contains a mail client that is potentially affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The installed version of Thunderbird is earlier than 17.0.8 and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. (CVE-2013-1701, CVE-2013-1702) - Use-after-free errors exist related to DOM modification when using 'SetBody' and generating a 'Certificate Request Message'. (CVE-2013-1704, CVE-2013-1705) - An error exists in the function 'nsCString::CharAt' that could allow application crashes when decoding specially crafted WAV audio files. (CVE-2013-1708) - Unspecified errors exist related to HTML frames and history handling, 'XrayWrappers', JavaScript URI handling and web workers using 'XMLHttpRequest' that could allow cross-site scripting attacks. (CVE-2013-1709, CVE-2013-1711, CVE-2013-1713, CVE-2013-1714) - An unspecified error exists related to generating 'Certificate Request Message Format' (CRMF) requests that could allow cross-site scripting attacks. (CVE-2013-1710) - An error exists related to Java applets and 'file:///' URIs that could allow read-only access to arbitrary files. (CVE-2013-1717)"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-63/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-64/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-65/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-67/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-68/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-69/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-70/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-72/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-73/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-75/"); script_set_attribute(attribute:"solution", value: "Upgrade to Thunderbird 17.0.8 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1710"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/06"); script_set_attribute(attribute:"patch_publication_date", value:"2013/08/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/08"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_thunderbird_installed.nasl"); script_require_keys("MacOSX/Thunderbird/Installed"); exit(0); } include("mozilla_version.inc"); kb_base = "MacOSX/Thunderbird"; get_kb_item_or_exit(kb_base+"/Installed"); version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1); path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1); if (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Thunderbird install is in the ESR branch.'); mozilla_check_version(product:'thunderbird', version:version, path:path, esr:FALSE, fix:'17.0.8', severity:SECURITY_HOLE, xss:TRUE);
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_0998E79D005511E3905B0025905A4771.NASL description The Mozilla Project reports : MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8) MFSA 2013-64 Use after free mutating DOM during SetBody MFSA 2013-65 Buffer underflow when generating CRMF requests MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater MFSA 2013-67 Crash during WAV audio file decoding MFSA 2013-68 Document URI misrepresentation and masquerading MFSA 2013-69 CRMF requests allow for code execution and XSS attacks MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes MFSA 2013-71 Further Privilege escalation through Mozilla Updater MFSA 2013-72 Wrong principal used for validating URI for some JavaScript components MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest MFSA 2013-74 Firefox full and stub installer DLL hijacking MFSA 2013-75 Local Java applets may read contents of local file system last seen 2020-06-01 modified 2020-06-02 plugin id 69278 published 2013-08-09 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69278 title FreeBSD : mozilla -- multiple vulnerabilities (0998e79d-0055-11e3-905b-0025905a4771) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(69278); script_version("1.10"); script_cvs_date("Date: 2018/11/21 10:46:30"); script_cve_id("CVE-2013-1701", "CVE-2013-1702", "CVE-2013-1704", "CVE-2013-1705", "CVE-2013-1706", "CVE-2013-1707", "CVE-2013-1708", "CVE-2013-1709", "CVE-2013-1710", "CVE-2013-1711", "CVE-2013-1712", "CVE-2013-1713", "CVE-2013-1714", "CVE-2013-1715", "CVE-2013-1717"); script_name(english:"FreeBSD : mozilla -- multiple vulnerabilities (0998e79d-0055-11e3-905b-0025905a4771)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "The Mozilla Project reports : MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8) MFSA 2013-64 Use after free mutating DOM during SetBody MFSA 2013-65 Buffer underflow when generating CRMF requests MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater MFSA 2013-67 Crash during WAV audio file decoding MFSA 2013-68 Document URI misrepresentation and masquerading MFSA 2013-69 CRMF requests allow for code execution and XSS attacks MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes MFSA 2013-71 Further Privilege escalation through Mozilla Updater MFSA 2013-72 Wrong principal used for validating URI for some JavaScript components MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest MFSA 2013-74 Firefox full and stub installer DLL hijacking MFSA 2013-75 Local Java applets may read contents of local file system" ); # https://www.mozilla.org/security/announce/2013/mfsa2013-63.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-63/" ); # https://www.mozilla.org/security/announce/2013/mfsa2013-64.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-64/" ); # https://www.mozilla.org/security/announce/2013/mfsa2013-65.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-65/" ); # https://www.mozilla.org/security/announce/2013/mfsa2013-66.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-66/" ); # https://www.mozilla.org/security/announce/2013/mfsa2013-67.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-67/" ); # https://www.mozilla.org/security/announce/2013/mfsa2013-68.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-68/" ); # https://www.mozilla.org/security/announce/2013/mfsa2013-69.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-69/" ); # https://www.mozilla.org/security/announce/2013/mfsa2013-70.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-70/" ); # https://www.mozilla.org/security/announce/2013/mfsa2013-71.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-71/" ); # https://www.mozilla.org/security/announce/2013/mfsa2013-72.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-72/" ); # http://www.mozilla.org/security/known-vulnerabilities/ script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/known-vulnerabilities/" ); # https://vuxml.freebsd.org/freebsd/0998e79d-0055-11e3-905b-0025905a4771.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5ed72e18" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox toString console.time Privileged Javascript Injection'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-thunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:thunderbird"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/06"); script_set_attribute(attribute:"patch_publication_date", value:"2013/08/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"firefox>18.0,1<23.0,1")) flag++; if (pkg_test(save_report:TRUE, pkg:"firefox<17.0.8,1")) flag++; if (pkg_test(save_report:TRUE, pkg:"linux-firefox<17.0.8,1")) flag++; if (pkg_test(save_report:TRUE, pkg:"linux-seamonkey<2.20")) flag++; if (pkg_test(save_report:TRUE, pkg:"linux-thunderbird<17.0.8")) flag++; if (pkg_test(save_report:TRUE, pkg:"seamonkey<2.20")) flag++; if (pkg_test(save_report:TRUE, pkg:"thunderbird>11.0<17.0.8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Windows NASL id MOZILLA_FIREFOX_23.NASL description The installed version of Firefox is earlier than 23.0 and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. (CVE-2013-1701, CVE-2013-1702) - Use-after-free errors exist related to DOM modification when using last seen 2020-06-01 modified 2020-06-02 plugin id 69269 published 2013-08-08 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69269 title Firefox < 23.0 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(69269); script_version("1.16"); script_cvs_date("Date: 2019/11/27"); script_cve_id( "CVE-2013-1701", "CVE-2013-1702", "CVE-2013-1704", "CVE-2013-1705", "CVE-2013-1706", "CVE-2013-1707", "CVE-2013-1708", "CVE-2013-1709", "CVE-2013-1710", "CVE-2013-1711", "CVE-2013-1712", "CVE-2013-1713", "CVE-2013-1714", "CVE-2013-1715", "CVE-2013-1717" ); script_bugtraq_id( 61864, 61867, 61869, 61871, 61872, 61873, 61874, 61875, 61876, 61877, 61878, 61882, 61883, 61896, 61900 ); script_name(english:"Firefox < 23.0 Multiple Vulnerabilities"); script_summary(english:"Checks version of Firefox"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a web browser that is potentially affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The installed version of Firefox is earlier than 23.0 and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. (CVE-2013-1701, CVE-2013-1702) - Use-after-free errors exist related to DOM modification when using 'SetBody' and generating a 'Certificate Request Message'. (CVE-2013-1704, CVE-2013-1705) - Errors exist related to the update service and 'maintenanceservice.exe' that could allow buffer overflows when handling unexpectedly long path values. (CVE-2013-1706, CVE-2013-1707) - An error exists in the function 'nsCString::CharAt' that could allow application crashes when decoding specially crafted WAV audio files. (CVE-2013-1708) - Unspecified errors exist related to HTML frames and history handling, 'XrayWrappers', JavaScript URI handling and web workers using 'XMLHttpRequest' that could allow cross-site scripting attacks. (CVE-2013-1709, CVE-2013-1711, CVE-2013-1713, CVE-2013-1714) - An unspecified error exists related to generating 'Certificate Request Message Format' (CRMF) requests that could allow cross-site scripting attacks. (CVE-2013-1710) - DLL path loading errors exist related to the update service, full installer and the stub installer that could allow execution of arbitrary code. (CVE-2013-1712, CVE-2013-1715) - An error exists related to Java applets and 'file:///' URIs that could allow read-only access to arbitrary files. (CVE-2013-1717)"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-63/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-64/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-65/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-66/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-67/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-68/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-69/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-70/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-71/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-72/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-73/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-74/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-75/"); script_set_attribute(attribute:"solution", value: "Upgrade to Firefox 23.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1710"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/06"); script_set_attribute(attribute:"patch_publication_date", value:"2013/08/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/08"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Firefox/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item_or_exit("SMB/transport"); installs = get_kb_list("SMB/Mozilla/Firefox/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox"); mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'23.0', severity:SECURITY_HOLE, xss:TRUE);
NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-652.NASL description Changes in seamonkey : - update to SeaMonkey 2.20 (bnc#833389) - MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards - MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody - MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests - MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks - MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - removed obsolete seamonkey-shared-nss-db.patch Changes in seamonkey : - update to SeaMonkey 2.20 (bnc#833389) - MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards - MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody - MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests - MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks - MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - removed obsolete seamonkey-shared-nss-db.patch Changes in xulrunner : - update to 17.0.8esr (bnc#833389) - MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system Changes in xulrunner : - update to 17.0.8esr (bnc#833389) - MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system Changes in MozillaThunderbird : - update to Thunderbird 17.0.8 (bnc#833389) - MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - update Enigmail to 1.5.2 - bugfix release Changes in MozillaThunderbird : - update to Thunderbird 17.0.8 (bnc#833389) - MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - update Enigmail to 1.5.2 - bugfix release Changes in mozilla-nss : - fix 32bit requirement, it last seen 2020-06-05 modified 2014-06-13 plugin id 75122 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75122 title openSUSE Security Update : MozillaFirefox / MozillaThunderbird / mozilla-nspr / etc (openSUSE-SU-2013:1348-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2013-652. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75122); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-1701", "CVE-2013-1702", "CVE-2013-1704", "CVE-2013-1705", "CVE-2013-1708", "CVE-2013-1709", "CVE-2013-1710", "CVE-2013-1711", "CVE-2013-1713", "CVE-2013-1714", "CVE-2013-1717"); script_name(english:"openSUSE Security Update : MozillaFirefox / MozillaThunderbird / mozilla-nspr / etc (openSUSE-SU-2013:1348-1)"); script_summary(english:"Check for the openSUSE-2013-652 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Changes in seamonkey : - update to SeaMonkey 2.20 (bnc#833389) - MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards - MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody - MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests - MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks - MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - removed obsolete seamonkey-shared-nss-db.patch Changes in seamonkey : - update to SeaMonkey 2.20 (bnc#833389) - MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards - MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody - MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests - MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks - MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - removed obsolete seamonkey-shared-nss-db.patch Changes in xulrunner : - update to 17.0.8esr (bnc#833389) - MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system Changes in xulrunner : - update to 17.0.8esr (bnc#833389) - MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system Changes in MozillaThunderbird : - update to Thunderbird 17.0.8 (bnc#833389) - MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - update Enigmail to 1.5.2 - bugfix release Changes in MozillaThunderbird : - update to Thunderbird 17.0.8 (bnc#833389) - MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - update Enigmail to 1.5.2 - bugfix release Changes in mozilla-nss : - fix 32bit requirement, it's without () actually - update to 3.15.1 - TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported. - some bugfixes and improvements - require libnssckbi instead of mozilla-nss-certs so p11-kit can conflict with the latter (fate#314991) - update to 3.15 - Packaging + removed obsolete patches - nss-disable-expired-testcerts.patch - bug-834091.patch - New Functionality + Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE); + Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete. + Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt. + certutil has been updated to support creating name constraints extensions. - New Functions in ssl.h SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension. SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension. in ocsp.h CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses. in secpkcs7.h SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time. in xconst.h CERT_EncodeNameConstraintsExtension - Matching function for CERT_DecodeNameConstraintsExtension, added in NSS 3.10. in secitem.h SECITEM_AllocArray SECITEM_DupArray SECITEM_FreeArray SECITEM_ZfreeArray - Utility functions to handle the allocation and deallocation of SECItemArrays SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is now obsolete. SECITEM_ReallocItemV2 better matches caller expectations, in that it updates item->len on allocation. For more details of the issues with SECITEM_ReallocItem, see Bug 298649 and Bug 298938. in pk11pub.h PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. - New Types in secitem.h SECItemArray - Represents a variable-length array of SECItems. - New Macros in ssl.h SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure TLS client sockets to request the certificate_status extension (eg: OCSP stapling) when set to PR_TRUE - Notable changes + SECITEM_ReallocItem is now deprecated. Please consider using SECITEM_ReallocItemV2 in all future code. + The list of root CA certificates in the nssckbi module has been updated. + The default implementation of SSL_AuthCertificate has been updated to add certificate status responses stapled by the TLS server to the OCSP cache. - a lot of bugfixes - Add Source URL, see https://en.opensuse.org/SourceUrls Changes in mozilla-nss : - fix 32bit requirement, it's without () actually - update to 3.15.1 - TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported. - some bugfixes and improvements - require libnssckbi instead of mozilla-nss-certs so p11-kit can conflict with the latter (fate#314991) - update to 3.15 - Packaging + removed obsolete patches - nss-disable-expired-testcerts.patch - bug-834091.patch - New Functionality + Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE); + Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete. + Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt. + certutil has been updated to support creating name constraints extensions. - New Functions in ssl.h SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension. SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension. in ocsp.h CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses. in secpkcs7.h SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time. in xconst.h CERT_EncodeNameConstraintsExtension - Matching function for CERT_DecodeNameConstraintsExtension, added in NSS 3.10. in secitem.h SECITEM_AllocArray SECITEM_DupArray SECITEM_FreeArray SECITEM_ZfreeArray - Utility functions to handle the allocation and deallocation of SECItemArrays SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is now obsolete. SECITEM_ReallocItemV2 better matches caller expectations, in that it updates item->len on allocation. For more details of the issues with SECITEM_ReallocItem, see Bug 298649 and Bug 298938. in pk11pub.h PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. - New Types in secitem.h SECItemArray - Represents a variable-length array of SECItems. - New Macros in ssl.h SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure TLS client sockets to request the certificate_status extension (eg: OCSP stapling) when set to PR_TRUE - Notable changes + SECITEM_ReallocItem is now deprecated. Please consider using SECITEM_ReallocItemV2 in all future code. + The list of root CA certificates in the nssckbi module has been updated. + The default implementation of SSL_AuthCertificate has been updated to add certificate status responses stapled by the TLS server to the OCSP cache. - a lot of bugfixes - Add Source URL, see https://en.opensuse.org/SourceUrls Changes in mozilla-nspr : - update to version 4.10 - bmo#844513: Add AddressSanitizer (ASan) memory check annotations to PLArena. - bmo#849089: Simple changes to make NSPR's configure.in work with the current version of autoconf. - bmo#856196: Fix compiler warnings and clean up code in NSPR 4.10. - bmo#859066: Fix warning in nsprpub/pr/src/misc/prnetdb.c. - bmo#859830: Deprecate ANDROID_VERSION in favor of android/api-level.h. - bmo#861434: Make PR_SetThreadPriority() change priorities relatively to the main process instead of using absolute values on Linux. - bmo#871064L: _PR_InitThreads() should not call PR_SetThreadPriority. Changes in mozilla-nspr : - update to version 4.10 - bmo#844513: Add AddressSanitizer (ASan) memory check annotations to PLArena. - bmo#849089: Simple changes to make NSPR's configure.in work with the current version of autoconf. - bmo#856196: Fix compiler warnings and clean up code in NSPR 4.10. - bmo#859066: Fix warning in nsprpub/pr/src/misc/prnetdb.c. - bmo#859830: Deprecate ANDROID_VERSION in favor of android/api-level.h. - bmo#861434: Make PR_SetThreadPriority() change priorities relatively to the main process instead of using absolute values on Linux. - bmo#871064L: _PR_InitThreads() should not call PR_SetThreadPriority. Changes in MozillaFirefox : - update to Firefox 23.0 (bnc#833389) - MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards - MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody - MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests - MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks - MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - fix build on ARM (/-g/ matches /-grecord-switches/) Changes in MozillaFirefox : - update to Firefox 23.0 (bnc#833389) - MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards - MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody - MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests - MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks - MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - fix build on ARM (/-g/ matches /-grecord-switches/)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=833389" ); script_set_attribute( attribute:"see_also", value:"https://en.opensuse.org/SourceUrls" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2013-08/msg00036.html" ); script_set_attribute( attribute:"solution", value:"Update the affected MozillaFirefox / MozillaThunderbird / mozilla-nspr / etc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox toString console.time Privileged Javascript Injection'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-irc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-other"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-venkman"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-buildsymbols"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3"); script_set_attribute(attribute:"patch_publication_date", value:"2013/08/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.2|SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2 / 12.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-23.0-2.55.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-branding-upstream-23.0-2.55.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-buildsymbols-23.0-2.55.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-debuginfo-23.0-2.55.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-debugsource-23.0-2.55.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-devel-23.0-2.55.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-translations-common-23.0-2.55.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-translations-other-23.0-2.55.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-17.0.8-49.51.2") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-buildsymbols-17.0.8-49.51.2") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-debuginfo-17.0.8-49.51.2") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-debugsource-17.0.8-49.51.2") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-devel-17.0.8-49.51.2") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-devel-debuginfo-17.0.8-49.51.2") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-translations-common-17.0.8-49.51.2") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-translations-other-17.0.8-49.51.2") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"enigmail-1.5.2+17.0.8-49.51.2") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"enigmail-debuginfo-1.5.2+17.0.8-49.51.2") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"libfreebl3-3.15.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"libfreebl3-debuginfo-3.15.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"libsoftokn3-3.15.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"libsoftokn3-debuginfo-3.15.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"mozilla-js-17.0.8-2.50.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"mozilla-js-debuginfo-17.0.8-2.50.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nspr-4.10-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nspr-debuginfo-4.10-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nspr-debugsource-4.10-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nspr-devel-4.10-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-3.15.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-certs-3.15.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-certs-debuginfo-3.15.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-debuginfo-3.15.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-debugsource-3.15.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-devel-3.15.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-sysinit-3.15.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-sysinit-debuginfo-3.15.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-tools-3.15.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-tools-debuginfo-3.15.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-2.20-2.46.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-debuginfo-2.20-2.46.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-debugsource-2.20-2.46.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-dom-inspector-2.20-2.46.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-irc-2.20-2.46.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-translations-common-2.20-2.46.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-translations-other-2.20-2.46.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-venkman-2.20-2.46.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-17.0.8-2.50.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-buildsymbols-17.0.8-2.50.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-debuginfo-17.0.8-2.50.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-debugsource-17.0.8-2.50.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-devel-17.0.8-2.50.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-devel-debuginfo-17.0.8-2.50.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libfreebl3-32bit-3.15.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.15.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libsoftokn3-32bit-3.15.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.15.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-js-32bit-17.0.8-2.50.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-js-debuginfo-32bit-17.0.8-2.50.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nspr-32bit-4.10-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nspr-debuginfo-32bit-4.10-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-32bit-3.15.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.15.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.15.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.15.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.15.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.15.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xulrunner-32bit-17.0.8-2.50.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xulrunner-debuginfo-32bit-17.0.8-2.50.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-23.0-1.29.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-branding-upstream-23.0-1.29.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-buildsymbols-23.0-1.29.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-debuginfo-23.0-1.29.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-debugsource-23.0-1.29.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-devel-23.0-1.29.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-translations-common-23.0-1.29.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-translations-other-23.0-1.29.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-17.0.8-61.21.2") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-buildsymbols-17.0.8-61.21.2") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-debuginfo-17.0.8-61.21.2") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-debugsource-17.0.8-61.21.2") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-devel-17.0.8-61.21.2") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-devel-debuginfo-17.0.8-61.21.2") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-translations-common-17.0.8-61.21.2") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-translations-other-17.0.8-61.21.2") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"enigmail-1.5.2+17.0.8-61.21.2") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"enigmail-debuginfo-1.5.2+17.0.8-61.21.2") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libfreebl3-3.15.1-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libfreebl3-debuginfo-3.15.1-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libsoftokn3-3.15.1-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libsoftokn3-debuginfo-3.15.1-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-js-17.0.8-1.24.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-js-debuginfo-17.0.8-1.24.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nspr-4.10-1.14.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nspr-debuginfo-4.10-1.14.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nspr-debugsource-4.10-1.14.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nspr-devel-4.10-1.14.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-3.15.1-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-certs-3.15.1-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-certs-debuginfo-3.15.1-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-debuginfo-3.15.1-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-debugsource-3.15.1-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-devel-3.15.1-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-sysinit-3.15.1-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-sysinit-debuginfo-3.15.1-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-tools-3.15.1-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-tools-debuginfo-3.15.1-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-2.20-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-debuginfo-2.20-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-debugsource-2.20-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-dom-inspector-2.20-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-irc-2.20-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-translations-common-2.20-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-translations-other-2.20-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-venkman-2.20-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"xulrunner-17.0.8-1.24.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"xulrunner-buildsymbols-17.0.8-1.24.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"xulrunner-debuginfo-17.0.8-1.24.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"xulrunner-debugsource-17.0.8-1.24.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"xulrunner-devel-17.0.8-1.24.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"xulrunner-devel-debuginfo-17.0.8-1.24.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libfreebl3-32bit-3.15.1-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.15.1-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libsoftokn3-32bit-3.15.1-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.15.1-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-js-32bit-17.0.8-1.24.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-js-debuginfo-32bit-17.0.8-1.24.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nspr-32bit-4.10-1.14.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nspr-debuginfo-32bit-4.10-1.14.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-32bit-3.15.1-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.15.1-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.15.1-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.15.1-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.15.1-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.15.1-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"xulrunner-32bit-17.0.8-1.24.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"xulrunner-debuginfo-32bit-17.0.8-1.24.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-upstream / etc"); }
NASL family Windows NASL id MOZILLA_THUNDERBIRD_1708.NASL description The installed version of Thunderbird is a version prior to 17.0.8 and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. (CVE-2013-1701, CVE-2013-1702) - Use-after-free errors exist related to DOM modification when using last seen 2020-06-01 modified 2020-06-02 plugin id 69270 published 2013-08-08 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69270 title Mozilla Thunderbird < 17.0.8 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(69270); script_version("1.16"); script_cvs_date("Date: 2019/11/27"); script_cve_id( "CVE-2013-1701", "CVE-2013-1702", "CVE-2013-1704", "CVE-2013-1705", "CVE-2013-1706", "CVE-2013-1707", "CVE-2013-1708", "CVE-2013-1709", "CVE-2013-1710", "CVE-2013-1711", "CVE-2013-1712", "CVE-2013-1713", "CVE-2013-1714", "CVE-2013-1715", "CVE-2013-1717" ); script_bugtraq_id( 61864, 61867, 61869, 61871, 61872, 61873, 61874, 61875, 61876, 61877, 61878, 61882, 61883, 61896, 61900 ); script_name(english:"Mozilla Thunderbird < 17.0.8 Multiple Vulnerabilities"); script_summary(english:"Checks version of Thunderbird"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a mail client that is potentially affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The installed version of Thunderbird is a version prior to 17.0.8 and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. (CVE-2013-1701, CVE-2013-1702) - Use-after-free errors exist related to DOM modification when using 'SetBody' and generating a 'Certificate Request Message'. (CVE-2013-1704, CVE-2013-1705) - Errors exist related to the update service and 'maintenanceservice.exe' that could allow buffer overflows when handling unexpectedly long path values. (CVE-2013-1706, CVE-2013-1707) - An error exists in the function 'nsCString::CharAt' that could allow application crashes when decoding specially crafted WAV audio files. (CVE-2013-1708) - Unspecified errors exist related to HTML frames and history handling, 'XrayWrappers', JavaScript URI handling and web workers using 'XMLHttpRequest' that could allow cross-site scripting attacks. (CVE-2013-1709, CVE-2013-1711, CVE-2013-1713, CVE-2013-1714) - An unspecified error exists related to generating 'Certificate Request Message Format' (CRMF) requests that could allow cross-site scripting attacks. (CVE-2013-1710) - DLL path loading errors exist related to the update service, full installer and the stub installer that could allow execution of arbitrary code. (CVE-2013-1712, CVE-2013-1715) - An error exists related to Java applets and 'file:///' URIs that could allow read-only access to arbitrary files. (CVE-2013-1717)"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-63/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-64/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-65/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-66/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-67/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-68/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-69/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-70/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-71/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-72/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-73/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-74/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-75/"); script_set_attribute(attribute:"solution", value: "Upgrade to Thunderbird 17.0.8 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1710"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/06"); script_set_attribute(attribute:"patch_publication_date", value:"2013/08/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/08"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Thunderbird/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item_or_exit("SMB/transport"); installs = get_kb_list("SMB/Mozilla/Thunderbird/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Thunderbird"); mozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'17.0.8', severity:SECURITY_HOLE, xss:TRUE);
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1924-2.NASL description USN-1924-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubufox and Unity Firefox Extension. Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered multiple memory safety issues in Firefox. If the user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1701, CVE-2013-1702) A use-after-free bug was discovered when the DOM is modified during a SetBody mutation event. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1704) A use-after-free bug was discovered when generating a CRMF request with certain parameters. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1705) Aki Helin discovered a crash when decoding a WAV file in some circumstances. An attacker could potentially exploit this to cause a denial of service. (CVE-2013-1708) It was discovered that a document last seen 2020-06-01 modified 2020-06-02 plugin id 69235 published 2013-08-07 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69235 title Ubuntu 12.04 LTS / 12.10 / 13.04 : ubufox, unity-firefox-extension update (USN-1924-2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1924-2. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(69235); script_version("1.19"); script_cvs_date("Date: 2019/09/19 12:54:29"); script_cve_id("CVE-2013-1701", "CVE-2013-1702", "CVE-2013-1704", "CVE-2013-1705", "CVE-2013-1708", "CVE-2013-1709", "CVE-2013-1710", "CVE-2013-1711", "CVE-2013-1713", "CVE-2013-1714", "CVE-2013-1717"); script_bugtraq_id(61641); script_xref(name:"USN", value:"1924-2"); script_name(english:"Ubuntu 12.04 LTS / 12.10 / 13.04 : ubufox, unity-firefox-extension update (USN-1924-2)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "USN-1924-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubufox and Unity Firefox Extension. Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered multiple memory safety issues in Firefox. If the user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1701, CVE-2013-1702) A use-after-free bug was discovered when the DOM is modified during a SetBody mutation event. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1704) A use-after-free bug was discovered when generating a CRMF request with certain parameters. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1705) Aki Helin discovered a crash when decoding a WAV file in some circumstances. An attacker could potentially exploit this to cause a denial of service. (CVE-2013-1708) It was discovered that a document's URI could be set to the URI of a different document. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2013-1709) A flaw was discovered when generating a CRMF request in certain circumstances. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1710) Bobby Holley discovered that XBL scopes could be used to circumvent XrayWrappers in certain circumstances. An attacked could potentially exploit this to conduct cross-site scripting (XSS) attacks or cause undefined behaviour. (CVE-2013-1711) Cody Crews discovered that some JavaScript components performed security checks against the wrong URI, potentially bypassing same-origin policy restrictions. An attacker could exploit this to conduct cross-site scripting (XSS) attacks or install addons from a malicious site. (CVE-2013-1713) Federico Lanusse discovered that web workers could bypass cross-origin checks when using XMLHttpRequest. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2013-1714) Georgi Guninski and John Schoenick discovered that Java applets could access local files under certain circumstances. An attacker could potentially exploit this to steal confidential data. (CVE-2013-1717). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1924-2/" ); script_set_attribute( attribute:"solution", value:"Update the affected xul-ext-ubufox and / or xul-ext-unity packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox toString console.time Privileged Javascript Injection'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xul-ext-ubufox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xul-ext-unity"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:13.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/06"); script_set_attribute(attribute:"patch_publication_date", value:"2013/08/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04|12\.10|13\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 12.10 / 13.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"xul-ext-ubufox", pkgver:"2.7-0ubuntu0.12.04.1")) flag++; if (ubuntu_check(osver:"12.10", pkgname:"xul-ext-ubufox", pkgver:"2.7-0ubuntu0.12.10.1")) flag++; if (ubuntu_check(osver:"12.10", pkgname:"xul-ext-unity", pkgver:"2.4.7-0ubuntu0.2")) flag++; if (ubuntu_check(osver:"13.04", pkgname:"xul-ext-ubufox", pkgver:"2.7-0ubuntu0.13.04.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xul-ext-ubufox / xul-ext-unity"); }
NASL family Windows NASL id SEAMONKEY_220.NASL description The installed version of SeaMonkey is a version prior to 2.20. It is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. (CVE-2013-1701, CVE-2013-1702) - Use-after-free errors exist related to DOM modification when using last seen 2020-06-01 modified 2020-06-02 plugin id 69272 published 2013-08-08 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69272 title SeaMonkey < 2.20 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(69272); script_version("1.24"); script_cvs_date("Date: 2019/11/27"); script_cve_id( "CVE-2013-1701", "CVE-2013-1702", "CVE-2013-1704", "CVE-2013-1705", "CVE-2013-1708", "CVE-2013-1709", "CVE-2013-1710", "CVE-2013-1711", "CVE-2013-1713", "CVE-2013-1714", "CVE-2013-1717", "CVE-2013-6674", "CVE-2014-2018" ); script_bugtraq_id( 61864, 61867, 61871, 61872, 61874, 61875, 61876, 61877, 61882, 61896, 61900, 65158, 65620 ); script_xref(name:"CERT", value:"863369"); script_xref(name:"EDB-ID", value:"31223"); script_name(english:"SeaMonkey < 2.20 Multiple Vulnerabilities"); script_summary(english:"Checks version of SeaMonkey"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a web browser that is potentially affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The installed version of SeaMonkey is a version prior to 2.20. It is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. (CVE-2013-1701, CVE-2013-1702) - Use-after-free errors exist related to DOM modification when using 'SetBody' and generating a 'Certificate Request Message'. (CVE-2013-1704, CVE-2013-1705) - An error exists in the function 'nsCString::CharAt' that could allow application crashes when decoding specially crafted WAV audio files. (CVE-2013-1708) - Unspecified errors exist related to HTML frames and history handling, 'XrayWrappers', JavaScript URI handling and web workers using 'XMLHttpRequest' that could allow cross-site scripting attacks. (CVE-2013-1709, CVE-2013-1711, CVE-2013-1713, CVE-2013-1714) - An unspecified error exists related to generating 'Certificate Request Message Format' (CRMF) requests that could allow cross-site scripting attacks. (CVE-2013-1710) - An error exists related to Java applets and 'file:///' URIs that could allow read-only access to arbitrary files. (CVE-2013-1717) - An input validation error exists related to email messages containing HTML and iframes and the action of replying to or forwarding such messages that could allow cross-site scripting attacks. (CVE-2013-6674) - An input validation error exists related to email messages containing HTML and object or embed elements that could allow cross-site scripting attacks. (CVE-2014-2018)"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-63/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-64/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-65/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-67/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-68/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-69/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-70/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-72/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-73/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-75/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2014-14/"); script_set_attribute(attribute:"solution", value: "Upgrade to SeaMonkey 2.20 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1710"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/06"); script_set_attribute(attribute:"patch_publication_date", value:"2013/08/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/08"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:seamonkey"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("SeaMonkey/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item("SMB/transport"); if (!port) port = 445; installs = get_kb_list("SMB/SeaMonkey/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "SeaMonkey"); mozilla_check_version(installs:installs, product:'seamonkey', fix:'2.20', severity:SECURITY_HOLE, xss:TRUE);
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201309-23.NASL description The remote host is affected by the vulnerability described in GLSA-201309-23 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Further, a remote attacker could conduct XSS attacks, spoof URLs, bypass address space layout randomization, conduct clickjacking attacks, obtain potentially sensitive information, bypass access restrictions, modify the local filesystem, or conduct other unspecified attacks. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70183 published 2013-09-28 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70183 title GLSA-201309-23 : Mozilla Products: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201309-23. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(70183); script_version("1.16"); script_cvs_date("Date: 2019/08/12 17:35:38"); script_cve_id("CVE-2013-0744", "CVE-2013-0745", "CVE-2013-0746", "CVE-2013-0747", "CVE-2013-0748", "CVE-2013-0749", "CVE-2013-0750", "CVE-2013-0751", "CVE-2013-0752", "CVE-2013-0753", "CVE-2013-0754", "CVE-2013-0755", "CVE-2013-0756", "CVE-2013-0757", "CVE-2013-0758", "CVE-2013-0759", "CVE-2013-0760", "CVE-2013-0761", "CVE-2013-0762", "CVE-2013-0763", "CVE-2013-0764", "CVE-2013-0765", "CVE-2013-0766", "CVE-2013-0767", "CVE-2013-0768", "CVE-2013-0769", "CVE-2013-0770", "CVE-2013-0771", "CVE-2013-0772", "CVE-2013-0773", "CVE-2013-0774", "CVE-2013-0775", "CVE-2013-0776", "CVE-2013-0777", "CVE-2013-0778", "CVE-2013-0779", "CVE-2013-0780", "CVE-2013-0781", "CVE-2013-0782", "CVE-2013-0783", "CVE-2013-0784", "CVE-2013-0787", "CVE-2013-0788", "CVE-2013-0789", "CVE-2013-0791", "CVE-2013-0792", "CVE-2013-0793", "CVE-2013-0794", "CVE-2013-0795", "CVE-2013-0796", "CVE-2013-0797", "CVE-2013-0799", "CVE-2013-0800", "CVE-2013-0801", "CVE-2013-1670", "CVE-2013-1671", "CVE-2013-1674", "CVE-2013-1675", "CVE-2013-1676", "CVE-2013-1677", "CVE-2013-1678", "CVE-2013-1679", "CVE-2013-1680", "CVE-2013-1681", "CVE-2013-1682", "CVE-2013-1684", "CVE-2013-1687", "CVE-2013-1690", "CVE-2013-1692", "CVE-2013-1693", "CVE-2013-1694", "CVE-2013-1697", "CVE-2013-1701", "CVE-2013-1702", "CVE-2013-1704", "CVE-2013-1705", "CVE-2013-1707", "CVE-2013-1708", "CVE-2013-1709", "CVE-2013-1710", "CVE-2013-1711", "CVE-2013-1712", "CVE-2013-1713", "CVE-2013-1714", "CVE-2013-1717", "CVE-2013-1718", "CVE-2013-1719", "CVE-2013-1720", "CVE-2013-1722", "CVE-2013-1723", "CVE-2013-1724", "CVE-2013-1725", "CVE-2013-1726", "CVE-2013-1728", "CVE-2013-1730", "CVE-2013-1732", "CVE-2013-1735", "CVE-2013-1736", "CVE-2013-1737", "CVE-2013-1738"); script_bugtraq_id(57193, 57194, 57195, 57196, 57197, 57198, 57199, 57203, 57204, 57205, 57207, 57209, 57211, 57213, 57215, 57217, 57218, 57228, 57232, 57234, 57235, 57236, 57238, 57240, 57241, 57244, 57260, 58034, 58036, 58037, 58038, 58040, 58041, 58042, 58043, 58044, 58047, 58048, 58049, 58050, 58051, 58391, 58819, 58821, 58824, 58825, 58826, 58827, 58828, 58831, 58835, 58836, 58837, 59855, 59858, 59859, 59860, 59861, 59862, 59863, 59864, 59865, 59868, 59869, 60765, 60766, 60776, 60777, 60778, 60783, 60784, 60787, 61864, 61867, 61871, 61872, 61873, 61874, 61875, 61876, 61877, 61878, 61882, 61896, 61900, 62460, 62462, 62463, 62464, 62465, 62466, 62467, 62468, 62469, 62472, 62473, 62475, 62478, 62479, 62482); script_xref(name:"GLSA", value:"201309-23"); script_name(english:"GLSA-201309-23 : Mozilla Products: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201309-23 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Further, a remote attacker could conduct XSS attacks, spoof URLs, bypass address space layout randomization, conduct clickjacking attacks, obtain potentially sensitive information, bypass access restrictions, modify the local filesystem, or conduct other unspecified attacks. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201309-23" ); script_set_attribute( attribute:"solution", value: "All Mozilla Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/firefox-17.0.9' All users of the Mozilla Firefox binary package should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-17.0.9' All Mozilla Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-17.0.9' All users of the Mozilla Thunderbird binary package should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-bin-17.0.9' All SeaMonkey users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/seamonkey-2.21' All users of the Mozilla SeaMonkey binary package should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-2.21'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox toString console.time Privileged Javascript Injection'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firefox-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:thunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:thunderbird-bin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/13"); script_set_attribute(attribute:"patch_publication_date", value:"2013/09/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"mail-client/thunderbird-bin", unaffected:make_list("ge 17.0.9"), vulnerable:make_list("lt 17.0.9"))) flag++; if (qpkg_check(package:"www-client/firefox", unaffected:make_list("ge 17.0.9"), vulnerable:make_list("lt 17.0.9"))) flag++; if (qpkg_check(package:"mail-client/thunderbird", unaffected:make_list("ge 17.0.9"), vulnerable:make_list("lt 17.0.9"))) flag++; if (qpkg_check(package:"www-client/firefox-bin", unaffected:make_list("ge 17.0.9"), vulnerable:make_list("lt 17.0.9"))) flag++; if (qpkg_check(package:"www-client/seamonkey", unaffected:make_list("ge 2.21"), vulnerable:make_list("lt 2.21"))) flag++; if (qpkg_check(package:"www-client/seamonkey-bin", unaffected:make_list("ge 2.21"), vulnerable:make_list("lt 2.21"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla Products"); }
NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_23.NASL description The installed version of Firefox is earlier than 23.0 and is, therefore, potentially affected by multiple vulnerabilities : - Various errors exist that could allow memory corruption conditions. (CVE-2013-1701, CVE-2013-1702) - Use-after-free errors exist related to DOM modification when using last seen 2020-06-01 modified 2020-06-02 plugin id 69265 published 2013-08-08 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69265 title Firefox < 23.0 Multiple Vulnerabilities (Mac OS X) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1924-1.NASL description Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered multiple memory safety issues in Firefox. If the user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1701, CVE-2013-1702) A use-after-free bug was discovered when the DOM is modified during a SetBody mutation event. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1704) A use-after-free bug was discovered when generating a CRMF request with certain parameters. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1705) Aki Helin discovered a crash when decoding a WAV file in some circumstances. An attacker could potentially exploit this to cause a denial of service. (CVE-2013-1708) It was discovered that a document last seen 2020-06-01 modified 2020-06-02 plugin id 69234 published 2013-08-07 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69234 title Ubuntu 12.04 LTS / 12.10 / 13.04 : firefox vulnerabilities (USN-1924-1)
Oval
accepted | 2014-10-06T04:02:44.896-04:00 | ||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||
description | Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the time of a SetBody mutation event. | ||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:18945 | ||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||
submitted | 2013-08-30T10:26:26.748+04:00 | ||||||||||||||||||||||||||||
title | Use after free mutating DOM during SetBody | ||||||||||||||||||||||||||||
version | 29 |