Vulnerabilities > CVE-2013-1704 - Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
mozilla
CWE-399
critical
nessus

Summary

Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the time of a SetBody mutation event.

Vulnerable Configurations

Part Description Count
Application
Mozilla
362

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_17_0_8.NASL
    descriptionThe installed version of Thunderbird is earlier than 17.0.8 and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. (CVE-2013-1701, CVE-2013-1702) - Use-after-free errors exist related to DOM modification when using
    last seen2020-06-01
    modified2020-06-02
    plugin id69266
    published2013-08-08
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69266
    titleThunderbird < 17.0.8 Multiple Vulnerabilities (Mac OS X)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69266);
      script_version("1.16");
      script_cvs_date("Date: 2019/11/27");
    
      script_cve_id(
        "CVE-2013-1701",
        "CVE-2013-1702",
        "CVE-2013-1704",
        "CVE-2013-1705",
        "CVE-2013-1708",
        "CVE-2013-1709",
        "CVE-2013-1710",
        "CVE-2013-1711",
        "CVE-2013-1713",
        "CVE-2013-1714",
        "CVE-2013-1717"
      );
      script_bugtraq_id(
        61864,
        61867,
        61871,
        61872,
        61874,
        61875,
        61876,
        61877,
        61882,
        61896,
        61900
      );
    
      script_name(english:"Thunderbird < 17.0.8 Multiple Vulnerabilities (Mac OS X)");
      script_summary(english:"Checks version of Thunderbird");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Mac OS X host contains a mail client that is potentially
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Thunderbird is earlier than 17.0.8 and is,
    therefore, potentially affected by the following vulnerabilities :
    
      - Various errors exist that could allow memory corruption
        conditions. (CVE-2013-1701, CVE-2013-1702)
    
      - Use-after-free errors exist related to DOM modification
        when using 'SetBody' and generating a 'Certificate
        Request Message'. (CVE-2013-1704, CVE-2013-1705)
    
      - An error exists in the function 'nsCString::CharAt'
        that could allow application crashes when decoding
        specially crafted WAV audio files. (CVE-2013-1708)
    
      - Unspecified errors exist related to HTML frames and
        history handling, 'XrayWrappers', JavaScript URI
        handling and web workers using 'XMLHttpRequest' that
        could allow cross-site scripting attacks.
        (CVE-2013-1709, CVE-2013-1711, CVE-2013-1713,
        CVE-2013-1714)
    
      - An unspecified error exists related to generating
        'Certificate Request Message Format' (CRMF) requests
        that could allow cross-site scripting attacks.
        (CVE-2013-1710)
    
      - An error exists related to Java applets and 'file:///'
        URIs that could allow read-only access to arbitrary
        files. (CVE-2013-1717)");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-63/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-64/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-65/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-67/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-68/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-69/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-70/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-72/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-73/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-75/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Thunderbird 17.0.8 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1710");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/08");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_thunderbird_installed.nasl");
      script_require_keys("MacOSX/Thunderbird/Installed");
    
      exit(0);
    }
    
    
    include("mozilla_version.inc");
    
    kb_base = "MacOSX/Thunderbird";
    get_kb_item_or_exit(kb_base+"/Installed");
    
    version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
    path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);
    
    if (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Thunderbird install is in the ESR branch.');
    
    mozilla_check_version(product:'thunderbird', version:version, path:path, esr:FALSE, fix:'17.0.8', severity:SECURITY_HOLE, xss:TRUE);
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_0998E79D005511E3905B0025905A4771.NASL
    descriptionThe Mozilla Project reports : MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8) MFSA 2013-64 Use after free mutating DOM during SetBody MFSA 2013-65 Buffer underflow when generating CRMF requests MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater MFSA 2013-67 Crash during WAV audio file decoding MFSA 2013-68 Document URI misrepresentation and masquerading MFSA 2013-69 CRMF requests allow for code execution and XSS attacks MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes MFSA 2013-71 Further Privilege escalation through Mozilla Updater MFSA 2013-72 Wrong principal used for validating URI for some JavaScript components MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest MFSA 2013-74 Firefox full and stub installer DLL hijacking MFSA 2013-75 Local Java applets may read contents of local file system
    last seen2020-06-01
    modified2020-06-02
    plugin id69278
    published2013-08-09
    reporterThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69278
    titleFreeBSD : mozilla -- multiple vulnerabilities (0998e79d-0055-11e3-905b-0025905a4771)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69278);
      script_version("1.10");
      script_cvs_date("Date: 2018/11/21 10:46:30");
    
      script_cve_id("CVE-2013-1701", "CVE-2013-1702", "CVE-2013-1704", "CVE-2013-1705", "CVE-2013-1706", "CVE-2013-1707", "CVE-2013-1708", "CVE-2013-1709", "CVE-2013-1710", "CVE-2013-1711", "CVE-2013-1712", "CVE-2013-1713", "CVE-2013-1714", "CVE-2013-1715", "CVE-2013-1717");
    
      script_name(english:"FreeBSD : mozilla -- multiple vulnerabilities (0998e79d-0055-11e3-905b-0025905a4771)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Mozilla Project reports :
    
    MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
    
    MFSA 2013-64 Use after free mutating DOM during SetBody
    
    MFSA 2013-65 Buffer underflow when generating CRMF requests
    
    MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and
    Mozilla Updater
    
    MFSA 2013-67 Crash during WAV audio file decoding
    
    MFSA 2013-68 Document URI misrepresentation and masquerading
    
    MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
    
    MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes
    
    MFSA 2013-71 Further Privilege escalation through Mozilla Updater
    
    MFSA 2013-72 Wrong principal used for validating URI for some
    JavaScript components
    
    MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
    
    MFSA 2013-74 Firefox full and stub installer DLL hijacking
    
    MFSA 2013-75 Local Java applets may read contents of local file system"
      );
      # https://www.mozilla.org/security/announce/2013/mfsa2013-63.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-63/"
      );
      # https://www.mozilla.org/security/announce/2013/mfsa2013-64.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-64/"
      );
      # https://www.mozilla.org/security/announce/2013/mfsa2013-65.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-65/"
      );
      # https://www.mozilla.org/security/announce/2013/mfsa2013-66.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-66/"
      );
      # https://www.mozilla.org/security/announce/2013/mfsa2013-67.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-67/"
      );
      # https://www.mozilla.org/security/announce/2013/mfsa2013-68.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-68/"
      );
      # https://www.mozilla.org/security/announce/2013/mfsa2013-69.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-69/"
      );
      # https://www.mozilla.org/security/announce/2013/mfsa2013-70.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-70/"
      );
      # https://www.mozilla.org/security/announce/2013/mfsa2013-71.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-71/"
      );
      # https://www.mozilla.org/security/announce/2013/mfsa2013-72.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-72/"
      );
      # http://www.mozilla.org/security/known-vulnerabilities/
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/known-vulnerabilities/"
      );
      # https://vuxml.freebsd.org/freebsd/0998e79d-0055-11e3-905b-0025905a4771.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5ed72e18"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox toString console.time Privileged Javascript Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:thunderbird");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"firefox>18.0,1<23.0,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"firefox<17.0.8,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-firefox<17.0.8,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-seamonkey<2.20")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-thunderbird<17.0.8")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"seamonkey<2.20")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"thunderbird>11.0<17.0.8")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_23.NASL
    descriptionThe installed version of Firefox is earlier than 23.0 and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. (CVE-2013-1701, CVE-2013-1702) - Use-after-free errors exist related to DOM modification when using
    last seen2020-06-01
    modified2020-06-02
    plugin id69269
    published2013-08-08
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69269
    titleFirefox < 23.0 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69269);
      script_version("1.16");
      script_cvs_date("Date: 2019/11/27");
    
      script_cve_id(
        "CVE-2013-1701",
        "CVE-2013-1702",
        "CVE-2013-1704",
        "CVE-2013-1705",
        "CVE-2013-1706",
        "CVE-2013-1707",
        "CVE-2013-1708",
        "CVE-2013-1709",
        "CVE-2013-1710",
        "CVE-2013-1711",
        "CVE-2013-1712",
        "CVE-2013-1713",
        "CVE-2013-1714",
        "CVE-2013-1715",
        "CVE-2013-1717"
      );
      script_bugtraq_id(
        61864,
        61867,
        61869,
        61871,
        61872,
        61873,
        61874,
        61875,
        61876,
        61877,
        61878,
        61882,
        61883,
        61896,
        61900
      );
    
      script_name(english:"Firefox < 23.0 Multiple Vulnerabilities");
      script_summary(english:"Checks version of Firefox");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a web browser that is potentially
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Firefox is earlier than 23.0 and is,
    therefore, potentially affected by the following vulnerabilities :
    
      - Various errors exist that could allow memory corruption
        conditions. (CVE-2013-1701, CVE-2013-1702)
    
      - Use-after-free errors exist related to DOM modification
        when using 'SetBody' and generating a 'Certificate
        Request Message'. (CVE-2013-1704, CVE-2013-1705)
    
      - Errors exist related to the update service and
        'maintenanceservice.exe' that could allow buffer
        overflows when handling unexpectedly long path values.
        (CVE-2013-1706, CVE-2013-1707)
    
      - An error exists in the function 'nsCString::CharAt'
        that could allow application crashes when decoding
        specially crafted WAV audio files. (CVE-2013-1708)
    
      - Unspecified errors exist related to HTML frames and
        history handling, 'XrayWrappers', JavaScript URI
        handling and web workers using 'XMLHttpRequest' that
        could allow cross-site scripting attacks.
        (CVE-2013-1709, CVE-2013-1711, CVE-2013-1713,
        CVE-2013-1714)
    
      - An unspecified error exists related to generating
        'Certificate Request Message Format' (CRMF) requests
        that could allow cross-site scripting attacks.
        (CVE-2013-1710)
    
      - DLL path loading errors exist related to the update
        service, full installer and the stub installer that
        could allow execution of arbitrary code.
        (CVE-2013-1712, CVE-2013-1715)
    
      - An error exists related to Java applets and 'file:///'
        URIs that could allow read-only access to arbitrary
        files. (CVE-2013-1717)");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-63/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-64/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-65/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-66/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-67/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-68/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-69/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-70/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-71/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-72/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-73/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-74/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-75/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Firefox 23.0 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1710");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/08");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Firefox/Version");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    
    port = get_kb_item_or_exit("SMB/transport");
    
    installs = get_kb_list("SMB/Mozilla/Firefox/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");
    
    mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'23.0', severity:SECURITY_HOLE, xss:TRUE);
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-652.NASL
    descriptionChanges in seamonkey : - update to SeaMonkey 2.20 (bnc#833389) - MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards - MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody - MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests - MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks - MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - removed obsolete seamonkey-shared-nss-db.patch Changes in seamonkey : - update to SeaMonkey 2.20 (bnc#833389) - MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards - MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody - MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests - MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks - MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - removed obsolete seamonkey-shared-nss-db.patch Changes in xulrunner : - update to 17.0.8esr (bnc#833389) - MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system Changes in xulrunner : - update to 17.0.8esr (bnc#833389) - MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system Changes in MozillaThunderbird : - update to Thunderbird 17.0.8 (bnc#833389) - MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - update Enigmail to 1.5.2 - bugfix release Changes in MozillaThunderbird : - update to Thunderbird 17.0.8 (bnc#833389) - MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - update Enigmail to 1.5.2 - bugfix release Changes in mozilla-nss : - fix 32bit requirement, it
    last seen2020-06-05
    modified2014-06-13
    plugin id75122
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75122
    titleopenSUSE Security Update : MozillaFirefox / MozillaThunderbird / mozilla-nspr / etc (openSUSE-SU-2013:1348-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2013-652.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75122);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-1701", "CVE-2013-1702", "CVE-2013-1704", "CVE-2013-1705", "CVE-2013-1708", "CVE-2013-1709", "CVE-2013-1710", "CVE-2013-1711", "CVE-2013-1713", "CVE-2013-1714", "CVE-2013-1717");
    
      script_name(english:"openSUSE Security Update : MozillaFirefox / MozillaThunderbird / mozilla-nspr / etc (openSUSE-SU-2013:1348-1)");
      script_summary(english:"Check for the openSUSE-2013-652 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Changes in seamonkey :
    
      - update to SeaMonkey 2.20 (bnc#833389)
    
      - MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous
        memory safety hazards
    
      - MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free
        mutating DOM during SetBody
    
      - MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow
        when generating CRMF requests
    
      - MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV
        audio file decoding
    
      - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI
        misrepresentation and masquerading
    
      - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests
        allow for code execution and XSS attacks
    
      - MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of
        XrayWrappers using XBL Scopes
    
      - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal
        used for validating URI for some JavaScript components
    
      - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin
        bypass with web workers and XMLHttpRequest
    
      - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
        Local Java applets may read contents of local file
        system
    
      - requires NSPR 4.10 and NSS 3.15
    
      - removed obsolete seamonkey-shared-nss-db.patch
    
    Changes in seamonkey :
    
      - update to SeaMonkey 2.20 (bnc#833389)
    
      - MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous
        memory safety hazards
    
      - MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free
        mutating DOM during SetBody
    
      - MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow
        when generating CRMF requests
    
      - MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV
        audio file decoding
    
      - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI
        misrepresentation and masquerading
    
      - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests
        allow for code execution and XSS attacks
    
      - MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of
        XrayWrappers using XBL Scopes
    
      - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal
        used for validating URI for some JavaScript components
    
      - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin
        bypass with web workers and XMLHttpRequest
    
      - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
        Local Java applets may read contents of local file
        system
    
      - requires NSPR 4.10 and NSS 3.15
    
      - removed obsolete seamonkey-shared-nss-db.patch
    
    Changes in xulrunner :
    
      - update to 17.0.8esr (bnc#833389)
    
      - MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety
        hazards
    
      - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI
        misrepresentation and masquerading
    
      - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests
        allow for code execution and XSS attacks
    
      - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal
        used for validating URI for some JavaScript components
    
      - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin
        bypass with web workers and XMLHttpRequest
    
      - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
        Local Java applets may read contents of local file
        system
    
    Changes in xulrunner :
    
      - update to 17.0.8esr (bnc#833389)
    
      - MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety
        hazards
    
      - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI
        misrepresentation and masquerading
    
      - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests
        allow for code execution and XSS attacks
    
      - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal
        used for validating URI for some JavaScript components
    
      - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin
        bypass with web workers and XMLHttpRequest
    
      - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
        Local Java applets may read contents of local file
        system
    
    Changes in MozillaThunderbird :
    
      - update to Thunderbird 17.0.8 (bnc#833389)
    
      - MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety
        hazards
    
      - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI
        misrepresentation and masquerading
    
      - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests
        allow for code execution and XSS attacks
    
      - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal
        used for validating URI for some JavaScript components
    
      - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin
        bypass with web workers and XMLHttpRequest
    
      - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
        Local Java applets may read contents of local file
        system
    
      - update Enigmail to 1.5.2
    
      - bugfix release
    
    Changes in MozillaThunderbird :
    
      - update to Thunderbird 17.0.8 (bnc#833389)
    
      - MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety
        hazards
    
      - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI
        misrepresentation and masquerading
    
      - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests
        allow for code execution and XSS attacks
    
      - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal
        used for validating URI for some JavaScript components
    
      - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin
        bypass with web workers and XMLHttpRequest
    
      - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
        Local Java applets may read contents of local file
        system
    
      - update Enigmail to 1.5.2
    
      - bugfix release
    
    Changes in mozilla-nss :
    
      - fix 32bit requirement, it's without () actually
    
      - update to 3.15.1
    
      - TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher
        suites (RFC 5246 and RFC 5289) are supported, allowing
        TLS to be used without MD5 and SHA-1. Note the following
        limitations: The hash function used in the signature for
        TLS 1.2 client authentication must be the hash function
        of the TLS 1.2 PRF, which is always SHA-256 in NSS
        3.15.1. AES GCM cipher suites are not yet supported.
    
      - some bugfixes and improvements
    
      - require libnssckbi instead of mozilla-nss-certs so
        p11-kit can conflict with the latter (fate#314991)
    
      - update to 3.15
    
      - Packaging
    
      + removed obsolete patches
    
      - nss-disable-expired-testcerts.patch
    
      - bug-834091.patch
    
      - New Functionality
    
      + Support for OCSP Stapling (RFC 6066, Certificate Status
        Request) has been added for both client and server
        sockets. TLS client applications may enable this via a
        call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING,
        PR_TRUE);
    
      + Added function SECITEM_ReallocItemV2. It replaces
        function SECITEM_ReallocItem, which is now declared as
        obsolete.
    
      + Support for single-operation (eg: not multi-part)
        symmetric key encryption and decryption, via
        PK11_Encrypt and PK11_Decrypt.
    
      + certutil has been updated to support creating name
        constraints extensions.
    
      - New Functions in ssl.h SSL_PeerStapledOCSPResponse -
        Returns the server's stapled OCSP response, when used
        with a TLS client socket that negotiated the
        status_request extension. SSL_SetStapledOCSPResponses -
        Set's a stapled OCSP response for a TLS server socket to
        return when clients send the status_request extension.
        in ocsp.h CERT_PostOCSPRequest - Primarily intended for
        testing, permits the sending and receiving of raw OCSP
        request/responses. in secpkcs7.h
        SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a
        PKCS#7 signature at a specific time other than the
        present time. in xconst.h
        CERT_EncodeNameConstraintsExtension - Matching function
        for CERT_DecodeNameConstraintsExtension, added in NSS
        3.10. in secitem.h SECITEM_AllocArray SECITEM_DupArray
        SECITEM_FreeArray SECITEM_ZfreeArray - Utility functions
        to handle the allocation and deallocation of
        SECItemArrays SECITEM_ReallocItemV2 - Replaces
        SECITEM_ReallocItem, which is now obsolete.
        SECITEM_ReallocItemV2 better matches caller
        expectations, in that it updates item->len on
        allocation. For more details of the issues with
        SECITEM_ReallocItem, see Bug 298649 and Bug 298938. in
        pk11pub.h PK11_Decrypt - Performs decryption as a single
        PKCS#11 operation (eg: not multi-part). This is
        necessary for AES-GCM. PK11_Encrypt - Performs
        encryption as a single PKCS#11 operation (eg: not
        multi-part). This is necessary for AES-GCM.
    
      - New Types in secitem.h SECItemArray - Represents a
        variable-length array of SECItems.
    
      - New Macros in ssl.h SSL_ENABLE_OCSP_STAPLING - Used with
        SSL_OptionSet to configure TLS client sockets to request
        the certificate_status extension (eg: OCSP stapling)
        when set to PR_TRUE
    
      - Notable changes
    
      + SECITEM_ReallocItem is now deprecated. Please consider
        using SECITEM_ReallocItemV2 in all future code.
    
      + The list of root CA certificates in the nssckbi module
        has been updated.
    
      + The default implementation of SSL_AuthCertificate has
        been updated to add certificate status responses stapled
        by the TLS server to the OCSP cache.
    
      - a lot of bugfixes
    
      - Add Source URL, see https://en.opensuse.org/SourceUrls
    
    Changes in mozilla-nss :
    
      - fix 32bit requirement, it's without () actually
    
      - update to 3.15.1
    
      - TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher
        suites (RFC 5246 and RFC 5289) are supported, allowing
        TLS to be used without MD5 and SHA-1. Note the following
        limitations: The hash function used in the signature for
        TLS 1.2 client authentication must be the hash function
        of the TLS 1.2 PRF, which is always SHA-256 in NSS
        3.15.1. AES GCM cipher suites are not yet supported.
    
      - some bugfixes and improvements
    
      - require libnssckbi instead of mozilla-nss-certs so
        p11-kit can conflict with the latter (fate#314991)
    
      - update to 3.15
    
      - Packaging
    
      + removed obsolete patches
    
      - nss-disable-expired-testcerts.patch
    
      - bug-834091.patch
    
      - New Functionality
    
      + Support for OCSP Stapling (RFC 6066, Certificate Status
        Request) has been added for both client and server
        sockets. TLS client applications may enable this via a
        call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING,
        PR_TRUE);
    
      + Added function SECITEM_ReallocItemV2. It replaces
        function SECITEM_ReallocItem, which is now declared as
        obsolete.
    
      + Support for single-operation (eg: not multi-part)
        symmetric key encryption and decryption, via
        PK11_Encrypt and PK11_Decrypt.
    
      + certutil has been updated to support creating name
        constraints extensions.
    
      - New Functions in ssl.h SSL_PeerStapledOCSPResponse -
        Returns the server's stapled OCSP response, when used
        with a TLS client socket that negotiated the
        status_request extension. SSL_SetStapledOCSPResponses -
        Set's a stapled OCSP response for a TLS server socket to
        return when clients send the status_request extension.
        in ocsp.h CERT_PostOCSPRequest - Primarily intended for
        testing, permits the sending and receiving of raw OCSP
        request/responses. in secpkcs7.h
        SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a
        PKCS#7 signature at a specific time other than the
        present time. in xconst.h
        CERT_EncodeNameConstraintsExtension - Matching function
        for CERT_DecodeNameConstraintsExtension, added in NSS
        3.10. in secitem.h SECITEM_AllocArray SECITEM_DupArray
        SECITEM_FreeArray SECITEM_ZfreeArray - Utility functions
        to handle the allocation and deallocation of
        SECItemArrays SECITEM_ReallocItemV2 - Replaces
        SECITEM_ReallocItem, which is now obsolete.
        SECITEM_ReallocItemV2 better matches caller
        expectations, in that it updates item->len on
        allocation. For more details of the issues with
        SECITEM_ReallocItem, see Bug 298649 and Bug 298938. in
        pk11pub.h PK11_Decrypt - Performs decryption as a single
        PKCS#11 operation (eg: not multi-part). This is
        necessary for AES-GCM. PK11_Encrypt - Performs
        encryption as a single PKCS#11 operation (eg: not
        multi-part). This is necessary for AES-GCM.
    
      - New Types in secitem.h SECItemArray - Represents a
        variable-length array of SECItems.
    
      - New Macros in ssl.h SSL_ENABLE_OCSP_STAPLING - Used with
        SSL_OptionSet to configure TLS client sockets to request
        the certificate_status extension (eg: OCSP stapling)
        when set to PR_TRUE
    
      - Notable changes
    
      + SECITEM_ReallocItem is now deprecated. Please consider
        using SECITEM_ReallocItemV2 in all future code.
    
      + The list of root CA certificates in the nssckbi module
        has been updated.
    
      + The default implementation of SSL_AuthCertificate has
        been updated to add certificate status responses stapled
        by the TLS server to the OCSP cache.
    
      - a lot of bugfixes
    
      - Add Source URL, see https://en.opensuse.org/SourceUrls
    
    Changes in mozilla-nspr :
    
      - update to version 4.10
    
      - bmo#844513: Add AddressSanitizer (ASan) memory check
        annotations to PLArena.
    
      - bmo#849089: Simple changes to make NSPR's configure.in
        work with the current version of autoconf.
    
      - bmo#856196: Fix compiler warnings and clean up code in
        NSPR 4.10.
    
      - bmo#859066: Fix warning in
        nsprpub/pr/src/misc/prnetdb.c.
    
      - bmo#859830: Deprecate ANDROID_VERSION in favor of
        android/api-level.h.
    
      - bmo#861434: Make PR_SetThreadPriority() change
        priorities relatively to the main process instead of
        using absolute values on Linux.
    
      - bmo#871064L: _PR_InitThreads() should not call
        PR_SetThreadPriority.
    
    Changes in mozilla-nspr :
    
      - update to version 4.10
    
      - bmo#844513: Add AddressSanitizer (ASan) memory check
        annotations to PLArena.
    
      - bmo#849089: Simple changes to make NSPR's configure.in
        work with the current version of autoconf.
    
      - bmo#856196: Fix compiler warnings and clean up code in
        NSPR 4.10.
    
      - bmo#859066: Fix warning in
        nsprpub/pr/src/misc/prnetdb.c.
    
      - bmo#859830: Deprecate ANDROID_VERSION in favor of
        android/api-level.h.
    
      - bmo#861434: Make PR_SetThreadPriority() change
        priorities relatively to the main process instead of
        using absolute values on Linux.
    
      - bmo#871064L: _PR_InitThreads() should not call
        PR_SetThreadPriority.
    
    Changes in MozillaFirefox :
    
      - update to Firefox 23.0 (bnc#833389)
    
      - MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous
        memory safety hazards
    
      - MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free
        mutating DOM during SetBody
    
      - MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow
        when generating CRMF requests
    
      - MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV
        audio file decoding
    
      - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI
        misrepresentation and masquerading
    
      - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests
        allow for code execution and XSS attacks
    
      - MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of
        XrayWrappers using XBL Scopes
    
      - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal
        used for validating URI for some JavaScript components
    
      - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin
        bypass with web workers and XMLHttpRequest
    
      - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
        Local Java applets may read contents of local file
        system
    
      - requires NSPR 4.10 and NSS 3.15
    
      - fix build on ARM (/-g/ matches /-grecord-switches/)
    
    Changes in MozillaFirefox :
    
      - update to Firefox 23.0 (bnc#833389)
    
      - MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous
        memory safety hazards
    
      - MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free
        mutating DOM during SetBody
    
      - MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow
        when generating CRMF requests
    
      - MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV
        audio file decoding
    
      - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI
        misrepresentation and masquerading
    
      - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests
        allow for code execution and XSS attacks
    
      - MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of
        XrayWrappers using XBL Scopes
    
      - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal
        used for validating URI for some JavaScript components
    
      - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin
        bypass with web workers and XMLHttpRequest
    
      - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
        Local Java applets may read contents of local file
        system
    
      - requires NSPR 4.10 and NSS 3.15
    
      - fix build on ARM (/-g/ matches /-grecord-switches/)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=833389"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://en.opensuse.org/SourceUrls"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2013-08/msg00036.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected MozillaFirefox / MozillaThunderbird / mozilla-nspr / etc packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox toString console.time Privileged Javascript Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-irc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-other");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-venkman");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-buildsymbols");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.2|SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2 / 12.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-23.0-2.55.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-branding-upstream-23.0-2.55.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-buildsymbols-23.0-2.55.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-debuginfo-23.0-2.55.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-debugsource-23.0-2.55.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-devel-23.0-2.55.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-translations-common-23.0-2.55.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-translations-other-23.0-2.55.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-17.0.8-49.51.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-buildsymbols-17.0.8-49.51.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-debuginfo-17.0.8-49.51.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-debugsource-17.0.8-49.51.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-devel-17.0.8-49.51.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-devel-debuginfo-17.0.8-49.51.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-translations-common-17.0.8-49.51.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-translations-other-17.0.8-49.51.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"enigmail-1.5.2+17.0.8-49.51.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"enigmail-debuginfo-1.5.2+17.0.8-49.51.2") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"libfreebl3-3.15.1-2.23.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"libfreebl3-debuginfo-3.15.1-2.23.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"libsoftokn3-3.15.1-2.23.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"libsoftokn3-debuginfo-3.15.1-2.23.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-js-17.0.8-2.50.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-js-debuginfo-17.0.8-2.50.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nspr-4.10-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nspr-debuginfo-4.10-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nspr-debugsource-4.10-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nspr-devel-4.10-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-3.15.1-2.23.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-certs-3.15.1-2.23.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-certs-debuginfo-3.15.1-2.23.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-debuginfo-3.15.1-2.23.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-debugsource-3.15.1-2.23.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-devel-3.15.1-2.23.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-sysinit-3.15.1-2.23.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-sysinit-debuginfo-3.15.1-2.23.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-tools-3.15.1-2.23.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"mozilla-nss-tools-debuginfo-3.15.1-2.23.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-2.20-2.46.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-debuginfo-2.20-2.46.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-debugsource-2.20-2.46.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-dom-inspector-2.20-2.46.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-irc-2.20-2.46.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-translations-common-2.20-2.46.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-translations-other-2.20-2.46.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-venkman-2.20-2.46.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-17.0.8-2.50.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-buildsymbols-17.0.8-2.50.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-debuginfo-17.0.8-2.50.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-debugsource-17.0.8-2.50.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-devel-17.0.8-2.50.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-devel-debuginfo-17.0.8-2.50.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libfreebl3-32bit-3.15.1-2.23.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.15.1-2.23.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libsoftokn3-32bit-3.15.1-2.23.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.15.1-2.23.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-js-32bit-17.0.8-2.50.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-js-debuginfo-32bit-17.0.8-2.50.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nspr-32bit-4.10-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nspr-debuginfo-32bit-4.10-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-32bit-3.15.1-2.23.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.15.1-2.23.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.15.1-2.23.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.15.1-2.23.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.15.1-2.23.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.15.1-2.23.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xulrunner-32bit-17.0.8-2.50.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xulrunner-debuginfo-32bit-17.0.8-2.50.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-23.0-1.29.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-branding-upstream-23.0-1.29.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-buildsymbols-23.0-1.29.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-debuginfo-23.0-1.29.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-debugsource-23.0-1.29.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-devel-23.0-1.29.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-translations-common-23.0-1.29.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-translations-other-23.0-1.29.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-17.0.8-61.21.2") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-buildsymbols-17.0.8-61.21.2") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-debuginfo-17.0.8-61.21.2") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-debugsource-17.0.8-61.21.2") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-devel-17.0.8-61.21.2") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-devel-debuginfo-17.0.8-61.21.2") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-translations-common-17.0.8-61.21.2") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-translations-other-17.0.8-61.21.2") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"enigmail-1.5.2+17.0.8-61.21.2") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"enigmail-debuginfo-1.5.2+17.0.8-61.21.2") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"libfreebl3-3.15.1-1.12.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"libfreebl3-debuginfo-3.15.1-1.12.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"libsoftokn3-3.15.1-1.12.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"libsoftokn3-debuginfo-3.15.1-1.12.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"mozilla-js-17.0.8-1.24.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"mozilla-js-debuginfo-17.0.8-1.24.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nspr-4.10-1.14.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nspr-debuginfo-4.10-1.14.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nspr-debugsource-4.10-1.14.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nspr-devel-4.10-1.14.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-3.15.1-1.12.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-certs-3.15.1-1.12.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-certs-debuginfo-3.15.1-1.12.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-debuginfo-3.15.1-1.12.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-debugsource-3.15.1-1.12.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-devel-3.15.1-1.12.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-sysinit-3.15.1-1.12.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-sysinit-debuginfo-3.15.1-1.12.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-tools-3.15.1-1.12.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-tools-debuginfo-3.15.1-1.12.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-2.20-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-debuginfo-2.20-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-debugsource-2.20-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-dom-inspector-2.20-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-irc-2.20-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-translations-common-2.20-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-translations-other-2.20-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-venkman-2.20-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"xulrunner-17.0.8-1.24.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"xulrunner-buildsymbols-17.0.8-1.24.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"xulrunner-debuginfo-17.0.8-1.24.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"xulrunner-debugsource-17.0.8-1.24.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"xulrunner-devel-17.0.8-1.24.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"xulrunner-devel-debuginfo-17.0.8-1.24.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libfreebl3-32bit-3.15.1-1.12.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.15.1-1.12.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libsoftokn3-32bit-3.15.1-1.12.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.15.1-1.12.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-js-32bit-17.0.8-1.24.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-js-debuginfo-32bit-17.0.8-1.24.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nspr-32bit-4.10-1.14.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nspr-debuginfo-32bit-4.10-1.14.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-32bit-3.15.1-1.12.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.15.1-1.12.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.15.1-1.12.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.15.1-1.12.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.15.1-1.12.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.15.1-1.12.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"xulrunner-32bit-17.0.8-1.24.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"xulrunner-debuginfo-32bit-17.0.8-1.24.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-upstream / etc");
    }
    
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_1708.NASL
    descriptionThe installed version of Thunderbird is a version prior to 17.0.8 and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. (CVE-2013-1701, CVE-2013-1702) - Use-after-free errors exist related to DOM modification when using
    last seen2020-06-01
    modified2020-06-02
    plugin id69270
    published2013-08-08
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69270
    titleMozilla Thunderbird < 17.0.8 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69270);
      script_version("1.16");
      script_cvs_date("Date: 2019/11/27");
    
      script_cve_id(
        "CVE-2013-1701",
        "CVE-2013-1702",
        "CVE-2013-1704",
        "CVE-2013-1705",
        "CVE-2013-1706",
        "CVE-2013-1707",
        "CVE-2013-1708",
        "CVE-2013-1709",
        "CVE-2013-1710",
        "CVE-2013-1711",
        "CVE-2013-1712",
        "CVE-2013-1713",
        "CVE-2013-1714",
        "CVE-2013-1715",
        "CVE-2013-1717"
      );
      script_bugtraq_id(
        61864,
        61867,
        61869,
        61871,
        61872,
        61873,
        61874,
        61875,
        61876,
        61877,
        61878,
        61882,
        61883,
        61896,
        61900
      );
    
      script_name(english:"Mozilla Thunderbird < 17.0.8 Multiple Vulnerabilities");
      script_summary(english:"Checks version of Thunderbird");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a mail client that is potentially
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Thunderbird is a version prior to 17.0.8 and
    is, therefore, potentially affected by the following vulnerabilities :
    
      - Various errors exist that could allow memory corruption
        conditions. (CVE-2013-1701, CVE-2013-1702)
    
      - Use-after-free errors exist related to DOM modification
        when using 'SetBody' and generating a 'Certificate
        Request Message'. (CVE-2013-1704, CVE-2013-1705)
    
      - Errors exist related to the update service and
        'maintenanceservice.exe' that could allow buffer
        overflows when handling unexpectedly long path values.
        (CVE-2013-1706, CVE-2013-1707)
    
      - An error exists in the function 'nsCString::CharAt'
        that could allow application crashes when decoding
        specially crafted WAV audio files. (CVE-2013-1708)
    
      - Unspecified errors exist related to HTML frames and
        history handling, 'XrayWrappers', JavaScript URI
        handling and web workers using 'XMLHttpRequest' that
        could allow cross-site scripting attacks.
        (CVE-2013-1709, CVE-2013-1711, CVE-2013-1713,
        CVE-2013-1714)
    
      - An unspecified error exists related to generating
        'Certificate Request Message Format' (CRMF) requests
        that could allow cross-site scripting attacks.
        (CVE-2013-1710)
    
      - DLL path loading errors exist related to the update
        service, full installer and the stub installer that
        could allow execution of arbitrary code.
        (CVE-2013-1712, CVE-2013-1715)
    
      - An error exists related to Java applets and 'file:///'
        URIs that could allow read-only access to arbitrary
        files. (CVE-2013-1717)");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-63/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-64/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-65/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-66/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-67/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-68/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-69/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-70/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-71/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-72/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-73/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-74/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-75/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Thunderbird 17.0.8 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1710");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/08");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Thunderbird/Version");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    
    port = get_kb_item_or_exit("SMB/transport");
    
    installs = get_kb_list("SMB/Mozilla/Thunderbird/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Thunderbird");
    
    mozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'17.0.8', severity:SECURITY_HOLE, xss:TRUE);
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1924-2.NASL
    descriptionUSN-1924-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubufox and Unity Firefox Extension. Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered multiple memory safety issues in Firefox. If the user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1701, CVE-2013-1702) A use-after-free bug was discovered when the DOM is modified during a SetBody mutation event. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1704) A use-after-free bug was discovered when generating a CRMF request with certain parameters. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1705) Aki Helin discovered a crash when decoding a WAV file in some circumstances. An attacker could potentially exploit this to cause a denial of service. (CVE-2013-1708) It was discovered that a document
    last seen2020-06-01
    modified2020-06-02
    plugin id69235
    published2013-08-07
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69235
    titleUbuntu 12.04 LTS / 12.10 / 13.04 : ubufox, unity-firefox-extension update (USN-1924-2)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1924-2. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69235);
      script_version("1.19");
      script_cvs_date("Date: 2019/09/19 12:54:29");
    
      script_cve_id("CVE-2013-1701", "CVE-2013-1702", "CVE-2013-1704", "CVE-2013-1705", "CVE-2013-1708", "CVE-2013-1709", "CVE-2013-1710", "CVE-2013-1711", "CVE-2013-1713", "CVE-2013-1714", "CVE-2013-1717");
      script_bugtraq_id(61641);
      script_xref(name:"USN", value:"1924-2");
    
      script_name(english:"Ubuntu 12.04 LTS / 12.10 / 13.04 : ubufox, unity-firefox-extension update (USN-1924-2)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-1924-1 fixed vulnerabilities in Firefox. This update provides the
    corresponding updates for Ubufox and Unity Firefox Extension.
    
    Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew
    McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered
    multiple memory safety issues in Firefox. If the user were tricked in
    to opening a specially crafted page, an attacker could possibly
    exploit these to cause a denial of service via application crash, or
    potentially execute arbitrary code with the privileges of the user
    invoking Firefox. (CVE-2013-1701, CVE-2013-1702)
    
    A use-after-free bug was discovered when the DOM is modified
    during a SetBody mutation event. If the user were tricked in
    to opening a specially crafted page, an attacker could
    potentially exploit this to execute arbitrary code with the
    privileges of the user invoking Firefox. (CVE-2013-1704)
    
    A use-after-free bug was discovered when generating a CRMF
    request with certain parameters. If the user were tricked in
    to opening a specially crafted page, an attacker could
    potentially exploit this to execute arbitrary code with the
    privileges of the user invoking Firefox. (CVE-2013-1705)
    
    Aki Helin discovered a crash when decoding a WAV file in
    some circumstances. An attacker could potentially exploit
    this to cause a denial of service. (CVE-2013-1708)
    
    It was discovered that a document's URI could be set to the
    URI of a different document. An attacker could potentially
    exploit this to conduct cross-site scripting (XSS) attacks.
    (CVE-2013-1709)
    
    A flaw was discovered when generating a CRMF request in
    certain circumstances. An attacker could potentially exploit
    this to conduct cross-site scripting (XSS) attacks, or
    execute arbitrary code with the privileges of the user
    invoking Firefox. (CVE-2013-1710)
    
    Bobby Holley discovered that XBL scopes could be used to
    circumvent XrayWrappers in certain circumstances. An
    attacked could potentially exploit this to conduct
    cross-site scripting (XSS) attacks or cause undefined
    behaviour. (CVE-2013-1711)
    
    Cody Crews discovered that some JavaScript components
    performed security checks against the wrong URI, potentially
    bypassing same-origin policy restrictions. An attacker could
    exploit this to conduct cross-site scripting (XSS) attacks
    or install addons from a malicious site. (CVE-2013-1713)
    
    Federico Lanusse discovered that web workers could bypass
    cross-origin checks when using XMLHttpRequest. An attacker
    could potentially exploit this to conduct cross-site
    scripting (XSS) attacks. (CVE-2013-1714)
    
    Georgi Guninski and John Schoenick discovered that Java
    applets could access local files under certain
    circumstances. An attacker could potentially exploit this to
    steal confidential data. (CVE-2013-1717).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1924-2/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected xul-ext-ubufox and / or xul-ext-unity packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox toString console.time Privileged Javascript Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xul-ext-ubufox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xul-ext-unity");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:13.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04|12\.10|13\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 12.10 / 13.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"xul-ext-ubufox", pkgver:"2.7-0ubuntu0.12.04.1")) flag++;
    if (ubuntu_check(osver:"12.10", pkgname:"xul-ext-ubufox", pkgver:"2.7-0ubuntu0.12.10.1")) flag++;
    if (ubuntu_check(osver:"12.10", pkgname:"xul-ext-unity", pkgver:"2.4.7-0ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"13.04", pkgname:"xul-ext-ubufox", pkgver:"2.7-0ubuntu0.13.04.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xul-ext-ubufox / xul-ext-unity");
    }
    
  • NASL familyWindows
    NASL idSEAMONKEY_220.NASL
    descriptionThe installed version of SeaMonkey is a version prior to 2.20. It is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. (CVE-2013-1701, CVE-2013-1702) - Use-after-free errors exist related to DOM modification when using
    last seen2020-06-01
    modified2020-06-02
    plugin id69272
    published2013-08-08
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69272
    titleSeaMonkey < 2.20 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69272);
      script_version("1.24");
      script_cvs_date("Date: 2019/11/27");
    
      script_cve_id(
        "CVE-2013-1701",
        "CVE-2013-1702",
        "CVE-2013-1704",
        "CVE-2013-1705",
        "CVE-2013-1708",
        "CVE-2013-1709",
        "CVE-2013-1710",
        "CVE-2013-1711",
        "CVE-2013-1713",
        "CVE-2013-1714",
        "CVE-2013-1717",
        "CVE-2013-6674",
        "CVE-2014-2018"
      );
      script_bugtraq_id(
        61864,
        61867,
        61871,
        61872,
        61874,
        61875,
        61876,
        61877,
        61882,
        61896,
        61900,
        65158,
        65620
      );
      script_xref(name:"CERT", value:"863369");
      script_xref(name:"EDB-ID", value:"31223");
    
      script_name(english:"SeaMonkey < 2.20 Multiple Vulnerabilities");
      script_summary(english:"Checks version of SeaMonkey");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a web browser that is potentially
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of SeaMonkey is a version prior to 2.20. It is,
    therefore, potentially affected by the following vulnerabilities :
    
      - Various errors exist that could allow memory corruption
        conditions. (CVE-2013-1701, CVE-2013-1702)
    
      - Use-after-free errors exist related to DOM modification
        when using 'SetBody' and generating a 'Certificate
        Request Message'. (CVE-2013-1704, CVE-2013-1705)
    
      - An error exists in the function 'nsCString::CharAt'
        that could allow application crashes when decoding
        specially crafted WAV audio files. (CVE-2013-1708)
    
      - Unspecified errors exist related to HTML frames and
        history handling, 'XrayWrappers', JavaScript URI
        handling and web workers using 'XMLHttpRequest' that
        could allow cross-site scripting attacks.
        (CVE-2013-1709, CVE-2013-1711, CVE-2013-1713,
        CVE-2013-1714)
    
      - An unspecified error exists related to generating
        'Certificate Request Message Format' (CRMF) requests
        that could allow cross-site scripting attacks.
        (CVE-2013-1710)
    
      - An error exists related to Java applets and 'file:///'
        URIs that could allow read-only access to arbitrary
        files. (CVE-2013-1717)
    
      - An input validation error exists related to email
        messages containing HTML and iframes and the action of
        replying to or forwarding such messages that could
        allow cross-site scripting attacks. (CVE-2013-6674)
    
      - An input validation error exists related to email
        messages containing HTML and object or embed elements
        that could allow cross-site scripting attacks.
        (CVE-2014-2018)");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-63/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-64/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-65/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-67/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-68/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-69/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-70/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-72/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-73/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-75/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2014-14/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to SeaMonkey 2.20 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1710");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/08");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:seamonkey");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("SeaMonkey/Version");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    port = get_kb_item("SMB/transport");
    if (!port) port = 445;
    
    installs = get_kb_list("SMB/SeaMonkey/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "SeaMonkey");
    
    mozilla_check_version(installs:installs, product:'seamonkey', fix:'2.20', severity:SECURITY_HOLE, xss:TRUE);
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201309-23.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201309-23 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Further, a remote attacker could conduct XSS attacks, spoof URLs, bypass address space layout randomization, conduct clickjacking attacks, obtain potentially sensitive information, bypass access restrictions, modify the local filesystem, or conduct other unspecified attacks. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id70183
    published2013-09-28
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70183
    titleGLSA-201309-23 : Mozilla Products: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201309-23.
    #
    # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(70183);
      script_version("1.16");
      script_cvs_date("Date: 2019/08/12 17:35:38");
    
      script_cve_id("CVE-2013-0744", "CVE-2013-0745", "CVE-2013-0746", "CVE-2013-0747", "CVE-2013-0748", "CVE-2013-0749", "CVE-2013-0750", "CVE-2013-0751", "CVE-2013-0752", "CVE-2013-0753", "CVE-2013-0754", "CVE-2013-0755", "CVE-2013-0756", "CVE-2013-0757", "CVE-2013-0758", "CVE-2013-0759", "CVE-2013-0760", "CVE-2013-0761", "CVE-2013-0762", "CVE-2013-0763", "CVE-2013-0764", "CVE-2013-0765", "CVE-2013-0766", "CVE-2013-0767", "CVE-2013-0768", "CVE-2013-0769", "CVE-2013-0770", "CVE-2013-0771", "CVE-2013-0772", "CVE-2013-0773", "CVE-2013-0774", "CVE-2013-0775", "CVE-2013-0776", "CVE-2013-0777", "CVE-2013-0778", "CVE-2013-0779", "CVE-2013-0780", "CVE-2013-0781", "CVE-2013-0782", "CVE-2013-0783", "CVE-2013-0784", "CVE-2013-0787", "CVE-2013-0788", "CVE-2013-0789", "CVE-2013-0791", "CVE-2013-0792", "CVE-2013-0793", "CVE-2013-0794", "CVE-2013-0795", "CVE-2013-0796", "CVE-2013-0797", "CVE-2013-0799", "CVE-2013-0800", "CVE-2013-0801", "CVE-2013-1670", "CVE-2013-1671", "CVE-2013-1674", "CVE-2013-1675", "CVE-2013-1676", "CVE-2013-1677", "CVE-2013-1678", "CVE-2013-1679", "CVE-2013-1680", "CVE-2013-1681", "CVE-2013-1682", "CVE-2013-1684", "CVE-2013-1687", "CVE-2013-1690", "CVE-2013-1692", "CVE-2013-1693", "CVE-2013-1694", "CVE-2013-1697", "CVE-2013-1701", "CVE-2013-1702", "CVE-2013-1704", "CVE-2013-1705", "CVE-2013-1707", "CVE-2013-1708", "CVE-2013-1709", "CVE-2013-1710", "CVE-2013-1711", "CVE-2013-1712", "CVE-2013-1713", "CVE-2013-1714", "CVE-2013-1717", "CVE-2013-1718", "CVE-2013-1719", "CVE-2013-1720", "CVE-2013-1722", "CVE-2013-1723", "CVE-2013-1724", "CVE-2013-1725", "CVE-2013-1726", "CVE-2013-1728", "CVE-2013-1730", "CVE-2013-1732", "CVE-2013-1735", "CVE-2013-1736", "CVE-2013-1737", "CVE-2013-1738");
      script_bugtraq_id(57193, 57194, 57195, 57196, 57197, 57198, 57199, 57203, 57204, 57205, 57207, 57209, 57211, 57213, 57215, 57217, 57218, 57228, 57232, 57234, 57235, 57236, 57238, 57240, 57241, 57244, 57260, 58034, 58036, 58037, 58038, 58040, 58041, 58042, 58043, 58044, 58047, 58048, 58049, 58050, 58051, 58391, 58819, 58821, 58824, 58825, 58826, 58827, 58828, 58831, 58835, 58836, 58837, 59855, 59858, 59859, 59860, 59861, 59862, 59863, 59864, 59865, 59868, 59869, 60765, 60766, 60776, 60777, 60778, 60783, 60784, 60787, 61864, 61867, 61871, 61872, 61873, 61874, 61875, 61876, 61877, 61878, 61882, 61896, 61900, 62460, 62462, 62463, 62464, 62465, 62466, 62467, 62468, 62469, 62472, 62473, 62475, 62478, 62479, 62482);
      script_xref(name:"GLSA", value:"201309-23");
    
      script_name(english:"GLSA-201309-23 : Mozilla Products: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201309-23
    (Mozilla Products: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Mozilla Firefox,
          Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced
          below for details.
      
    Impact :
    
        A remote attacker could entice a user to view a specially crafted web
          page or email, possibly resulting in execution of arbitrary code or a
          Denial of Service condition. Further, a remote attacker could conduct XSS
          attacks, spoof URLs, bypass address space layout randomization, conduct
          clickjacking attacks, obtain potentially sensitive information, bypass
          access restrictions, modify the local filesystem, or conduct other
          unspecified attacks.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201309-23"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Mozilla Firefox users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-client/firefox-17.0.9'
        All users of the Mozilla Firefox binary package should upgrade to the
          latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-17.0.9'
        All Mozilla Thunderbird users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-17.0.9'
        All users of the Mozilla Thunderbird binary package should upgrade to
          the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=mail-client/thunderbird-bin-17.0.9'
        All SeaMonkey users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-client/seamonkey-2.21'
        All users of the Mozilla SeaMonkey binary package should upgrade to the
          latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-2.21'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox toString console.time Privileged Javascript Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firefox-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:thunderbird-bin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/09/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"mail-client/thunderbird-bin", unaffected:make_list("ge 17.0.9"), vulnerable:make_list("lt 17.0.9"))) flag++;
    if (qpkg_check(package:"www-client/firefox", unaffected:make_list("ge 17.0.9"), vulnerable:make_list("lt 17.0.9"))) flag++;
    if (qpkg_check(package:"mail-client/thunderbird", unaffected:make_list("ge 17.0.9"), vulnerable:make_list("lt 17.0.9"))) flag++;
    if (qpkg_check(package:"www-client/firefox-bin", unaffected:make_list("ge 17.0.9"), vulnerable:make_list("lt 17.0.9"))) flag++;
    if (qpkg_check(package:"www-client/seamonkey", unaffected:make_list("ge 2.21"), vulnerable:make_list("lt 2.21"))) flag++;
    if (qpkg_check(package:"www-client/seamonkey-bin", unaffected:make_list("ge 2.21"), vulnerable:make_list("lt 2.21"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla Products");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_23.NASL
    descriptionThe installed version of Firefox is earlier than 23.0 and is, therefore, potentially affected by multiple vulnerabilities : - Various errors exist that could allow memory corruption conditions. (CVE-2013-1701, CVE-2013-1702) - Use-after-free errors exist related to DOM modification when using
    last seen2020-06-01
    modified2020-06-02
    plugin id69265
    published2013-08-08
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69265
    titleFirefox < 23.0 Multiple Vulnerabilities (Mac OS X)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1924-1.NASL
    descriptionJeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered multiple memory safety issues in Firefox. If the user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1701, CVE-2013-1702) A use-after-free bug was discovered when the DOM is modified during a SetBody mutation event. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1704) A use-after-free bug was discovered when generating a CRMF request with certain parameters. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1705) Aki Helin discovered a crash when decoding a WAV file in some circumstances. An attacker could potentially exploit this to cause a denial of service. (CVE-2013-1708) It was discovered that a document
    last seen2020-06-01
    modified2020-06-02
    plugin id69234
    published2013-08-07
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69234
    titleUbuntu 12.04 LTS / 12.10 / 13.04 : firefox vulnerabilities (USN-1924-1)

Oval

accepted2014-10-06T04:02:44.896-04:00
classvulnerability
contributors
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
definition_extensions
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Seamonkey is installed
    ovaloval:org.mitre.oval:def:6372
descriptionUse-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the time of a SetBody mutation event.
familywindows
idoval:org.mitre.oval:def:18945
statusaccepted
submitted2013-08-30T10:26:26.748+04:00
titleUse after free mutating DOM during SetBody
version29