Vulnerabilities > CVE-2013-6671 - Code Injection vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
mozilla
canonical
redhat
opensuse
suse
fedoraproject
CWE-94
critical
nessus

Summary

The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.

Vulnerable Configurations

Part Description Count
Application
Mozilla
732
Application
Suse
1
OS
Canonical
4
OS
Redhat
10
OS
Opensuse
3
OS
Suse
3
OS
Fedoraproject
3

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Manipulating User-Controlled Variables
    This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1823.NASL
    descriptionAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-5613) A flaw was found in the way Thunderbird rendered web content with missing character encoding information. An attacker could use this flaw to possibly bypass same-origin inheritance and perform cross site-scripting (XSS) attacks. (CVE-2013-5612) It was found that certain malicious web content could bypass restrictions applied by sandboxed iframes. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-5614) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler, Masato Kinugawa, Daniel Veditz, Jesse Schwartzentruber, Nils, Tyson Smith, and Atte Kettunen as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.2.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.2.0 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2013-12-12
    plugin id71370
    published2013-12-12
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71370
    titleRHEL 5 / 6 : thunderbird (RHSA-2013:1823)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2013:1823. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71370);
      script_version("1.17");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29");
    
      script_cve_id("CVE-2013-0772", "CVE-2013-5609", "CVE-2013-5612", "CVE-2013-5613", "CVE-2013-5614", "CVE-2013-5616", "CVE-2013-5618", "CVE-2013-6671", "CVE-2013-6674");
      script_xref(name:"RHSA", value:"2013:1823");
    
      script_name(english:"RHEL 5 / 6 : thunderbird (RHSA-2013:1823)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "An updated thunderbird package that fixes several security issues is
    now available for Red Hat Enterprise Linux 5 and 6.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    Mozilla Thunderbird is a standalone mail and newsgroup client.
    
    Several flaws were found in the processing of malformed content.
    Malicious content could cause Thunderbird to crash or, potentially,
    execute arbitrary code with the privileges of the user running
    Thunderbird. (CVE-2013-5609, CVE-2013-5616, CVE-2013-5618,
    CVE-2013-6671, CVE-2013-5613)
    
    A flaw was found in the way Thunderbird rendered web content with
    missing character encoding information. An attacker could use this
    flaw to possibly bypass same-origin inheritance and perform cross
    site-scripting (XSS) attacks. (CVE-2013-5612)
    
    It was found that certain malicious web content could bypass
    restrictions applied by sandboxed iframes. An attacker could combine
    this flaw with other vulnerabilities to execute arbitrary code with
    the privileges of the user running Thunderbird. (CVE-2013-5614)
    
    Note: All of the above issues cannot be exploited by a specially
    crafted HTML mail message as JavaScript is disabled by default for
    mail messages. They could be exploited another way in Thunderbird, for
    example, when viewing the full remote content of an RSS feed.
    
    Red Hat would like to thank the Mozilla project for reporting these
    issues. Upstream acknowledges Ben Turner, Bobby Holley, Jesse
    Ruderman, Christian Holler, Masato Kinugawa, Daniel Veditz, Jesse
    Schwartzentruber, Nils, Tyson Smith, and Atte Kettunen as the original
    reporters of these issues.
    
    For technical details regarding these flaws, refer to the Mozilla
    security advisories for Thunderbird 24.2.0 ESR. You can find a link to
    the Mozilla advisories in the References section of this erratum.
    
    All Thunderbird users should upgrade to this updated package, which
    contains Thunderbird version 24.2.0 ESR, which corrects these issues.
    After installing the update, Thunderbird must be restarted for the
    changes to take effect."
      );
      # http://www.mozilla.org/security/known-vulnerabilities/thunderbirdESR.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0a148a6e"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2013:1823"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-5609"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-6671"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-5613"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-5612"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-5616"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-5614"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-5618"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-0772"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-6674"
      );
      script_set_attribute(
        attribute:"solution",
        value:
    "Update the affected thunderbird and / or thunderbird-debuginfo
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/12/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2013:1823";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"thunderbird-24.2.0-2.el5_10", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"thunderbird-24.2.0-2.el5_10", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"thunderbird-debuginfo-24.2.0-2.el5_10", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"thunderbird-debuginfo-24.2.0-2.el5_10", allowmaj:TRUE)) flag++;
    
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"thunderbird-24.2.0-1.el6_5", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"thunderbird-24.2.0-1.el6_5", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"thunderbird-24.2.0-1.el6_5", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"thunderbird-debuginfo-24.2.0-1.el6_5", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"thunderbird-debuginfo-24.2.0-1.el6_5", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"thunderbird-debuginfo-24.2.0-1.el6_5", allowmaj:TRUE)) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird / thunderbird-debuginfo");
      }
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-1812.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-5613) A flaw was found in the way Firefox rendered web content with missing character encoding information. An attacker could use this flaw to possibly bypass same-origin inheritance and perform cross-site scripting (XSS) attacks. (CVE-2013-5612) It was found that certain malicious web content could bypass restrictions applied by sandboxed iframes. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-5614) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler, Masato Kinugawa, Daniel Veditz, Jesse Schwartzentruber, Nils, Tyson Smith, and Atte Kettunen as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.2.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 24.2.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id71354
    published2013-12-12
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71354
    titleCentOS 5 / 6 : firefox (CESA-2013:1812)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201504-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201504-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround : There are no known workarounds at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id82632
    published2015-04-08
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82632
    titleGLSA-201504-01 : Mozilla Products: Multiple vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-1823.NASL
    descriptionFrom Red Hat Security Advisory 2013:1823 : An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-5613) A flaw was found in the way Thunderbird rendered web content with missing character encoding information. An attacker could use this flaw to possibly bypass same-origin inheritance and perform cross site-scripting (XSS) attacks. (CVE-2013-5612) It was found that certain malicious web content could bypass restrictions applied by sandboxed iframes. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-5614) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler, Masato Kinugawa, Daniel Veditz, Jesse Schwartzentruber, Nils, Tyson Smith, and Atte Kettunen as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.2.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.2.0 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2013-12-12
    plugin id71368
    published2013-12-12
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71368
    titleOracle Linux 6 : thunderbird (ELSA-2013-1823)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-1812.NASL
    descriptionFrom Red Hat Security Advisory 2013:1812 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-5613) A flaw was found in the way Firefox rendered web content with missing character encoding information. An attacker could use this flaw to possibly bypass same-origin inheritance and perform cross-site scripting (XSS) attacks. (CVE-2013-5612) It was found that certain malicious web content could bypass restrictions applied by sandboxed iframes. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-5614) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler, Masato Kinugawa, Daniel Veditz, Jesse Schwartzentruber, Nils, Tyson Smith, and Atte Kettunen as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.2.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 24.2.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2013-12-12
    plugin id71366
    published2013-12-12
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71366
    titleOracle Linux 5 / 6 : firefox (ELSA-2013-1812)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1812.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-5613) A flaw was found in the way Firefox rendered web content with missing character encoding information. An attacker could use this flaw to possibly bypass same-origin inheritance and perform cross-site scripting (XSS) attacks. (CVE-2013-5612) It was found that certain malicious web content could bypass restrictions applied by sandboxed iframes. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-5614) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler, Masato Kinugawa, Daniel Veditz, Jesse Schwartzentruber, Nils, Tyson Smith, and Atte Kettunen as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.2.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 24.2.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2013-12-11
    plugin id71335
    published2013-12-11
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71335
    titleRHEL 5 / 6 : firefox (RHSA-2013:1812)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-2.NASL
    descriptionThis update fixes the following security issues with SeaMonkey : - update to SeaMonkey 2.23 (bnc#854370)) - requires NSPR 4.10.2 and NSS 3.15.3.1 - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application Installation doorhanger persists on navigation - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character encoding cross-origin XSS attack - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox restrictions not applied to nested object elements - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential overflow in JavaScript binary search algorithms - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard information disclosure though selection paste - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - rebased patches : - mozilla-nongnome-proxies.patch - mozilla-shared-nss-db.patch
    last seen2020-06-05
    modified2014-06-13
    plugin id75327
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75327
    titleopenSUSE Security Update : seamonkey (openSUSE-SU-2014:0008-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-1022.NASL
    description - update to Thunderbird 24.2.0 (bnc#854370) - requires NSS 3.15.3.1 or higher - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - update to Thunderbird 24.1.1 - requires NSPR 4.10.2 and NSS 3.15.3 for security reasons - fix binary compatibility issues for patch level updates (bmo#927073)
    last seen2020-06-05
    modified2014-06-13
    plugin id74866
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74866
    titleopenSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:1958-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-23127.NASL
    descriptionUpdate to Firefox 26. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-12-12
    plugin id71365
    published2013-12-12
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71365
    titleFedora 19 : firefox-26.0-2.fc19 / xulrunner-26.0-1.fc19 (2013-23127)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-995.NASL
    description - update to Firefox 26.0 (bnc#854367, bnc#854370) - rebased patches - requires NSPR 4.10.2 and NSS 3.15.3.1 - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application Installation doorhanger persists on navigation - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character encoding cross-origin XSS attack - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox restrictions not applied to nested object elements - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential overflow in JavaScript binary search algorithms - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard information disclosure though selection paste - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - removed gecko.js preference file as GStreamer is enabled by default now
    last seen2020-06-05
    modified2014-06-13
    plugin id75241
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75241
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1918-1)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_24_2.NASL
    descriptionThe installed version of Thunderbird is earlier than 24.2 and is, therefore, potentially affected the following vulnerabilities: - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5609, CVE-2013-5610) - Two use-after-free vulnerabilities exist in the functions for synthetic mouse movement handling. (CVE-2013-5613) - An issue exists in which
    last seen2020-06-01
    modified2020-06-02
    plugin id71348
    published2013-12-11
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71348
    titleMozilla Thunderbird < 24.2 Multiple Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-23291.NASL
    descriptionUpdate to latest upstream - 24.2.0 See release notes here: http://www.mozilla.org/en-US/firefox/17.0.9/releasenotes/ See http://www.mozilla.org/en/thunderbird/24.0/releasenotes/ for full list of changes. See http://www.mozilla.org/en/thunderbird/24.0/releasenotes/ for full list of changes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-01-03
    plugin id71785
    published2014-01-03
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71785
    titleFedora 18 : thunderbird-24.2.0-2.fc18 (2013-23291)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_24_2_ESR.NASL
    descriptionThe installed version of Firefox ESR 24.x is earlier than 24.2 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5609, CVE-2013-5610) - Two use-after-free vulnerabilities exist in the functions for synthetic mouse movement handling. (CVE-2013-5613) - An issue exists in which
    last seen2020-06-01
    modified2020-06-02
    plugin id71343
    published2013-12-11
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71343
    titleFirefox ESR 24.x < 24.2 Multiple Vulnerabilities (Mac OS X)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_FIREFOX24-201312-131216.NASL
    descriptionMozilla Firefox has been updated to the 24.2.0 ESR security release. This is a major upgrade from the 17 ESR release branch. Security issues fixed : - Application Installation doorhanger persists on navigation. (MFSA 2013-105). (CVE-2013-5611) - Miscellaneous memory safety hazards (rv:24.2). (MFSA 2013-104). (CVE-2013-5609) - Miscellaneous memory safety hazards (rv:26.0). (MFSA 2013-104). (CVE-2013-5610) - Character encoding cross-origin XSS attack. (MFSA 2013-106). (CVE-2013-5612) - Sandbox restrictions not applied to nested object elements. (MFSA 2013-107). (CVE-2013-5614) - Use-after-free in event listeners. (MFSA 2013-108). (CVE-2013-5616) - Potential overflow in JavaScript binary search algorithms. (MFSA 2013-110). (CVE-2013-5619) - Segmentation violation when replacing ordered list elements. (MFSA 2013-111). (CVE-2013-6671) - Trust settings for built-in roots ignored during EV certificate validation. (MFSA 2013-113). (CVE-2013-6673) - Use-after-free in synthetic mouse movement. (MFSA 2013-114). (CVE-2013-5613) - GetElementIC typed array stubs can be generated outside observed typesets. (MFSA 2013-115). (CVE-2013-5615) - Linux clipboard information disclosure though selection paste. (MFSA 2013-112). (CVE-2013-6672) - Use-after-free during Table Editing (MFSA 2013-109). (CVE-2013-5618)
    last seen2020-06-05
    modified2013-12-20
    plugin id71560
    published2013-12-20
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71560
    titleSuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8657)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-1823.NASL
    descriptionAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-5613) A flaw was found in the way Thunderbird rendered web content with missing character encoding information. An attacker could use this flaw to possibly bypass same-origin inheritance and perform cross site-scripting (XSS) attacks. (CVE-2013-5612) It was found that certain malicious web content could bypass restrictions applied by sandboxed iframes. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-5614) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler, Masato Kinugawa, Daniel Veditz, Jesse Schwartzentruber, Nils, Tyson Smith, and Atte Kettunen as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.2.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.2.0 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2013-12-12
    plugin id71357
    published2013-12-12
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71357
    titleCentOS 5 / 6 : thunderbird (CESA-2013:1823)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-994.NASL
    description - update to Firefox 26.0 (bnc#854367, bnc#854370) - rebased patches - requires NSPR 4.10.2 and NSS 3.15.3.1 - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application Installation doorhanger persists on navigation - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character encoding cross-origin XSS attack - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox restrictions not applied to nested object elements - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential overflow in JavaScript binary search algorithms - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard information disclosure though selection paste - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - removed gecko.js preference file as GStreamer is enabled by default now
    last seen2020-06-05
    modified2014-06-13
    plugin id75240
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75240
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1917-1)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_26.NASL
    descriptionThe installed version of Firefox is earlier than 26.0 and is, therefore, potentially affected by multiple vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5609, CVE-2013-5610) - An issue exists where the notification for a Web App installation could persist from one website to another website. This could be used by a malicious website to trick a user into installing an application from one website while making it appear to come from another website. (CVE-2013-5611) - Cross-site scripting filtering evasion may be possible due to character encodings being inherited from a previously visited website when character set encoding is missing from the current website. (CVE-2013-5612) - Two use-after-free vulnerabilities exist in the functions for synthetic mouse movement handling. (CVE-2013-5613) - Sandbox restrictions may be bypassed because
    last seen2020-06-01
    modified2020-06-02
    plugin id71344
    published2013-12-11
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71344
    titleFirefox < 26.0 Multiple Vulnerabilities (Mac OS X)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2053-1.NASL
    descriptionBen Turner, Bobby Holley, Jesse Ruderman and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5609) Tyson Smith and Jesse Schwartzentruber discovered a use-after-free in event listeners. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5616) A use-after-free was discovered in the table editing interface. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5618) Tyson Smith and Jesse Schwartzentruber discovered a crash when inserting an ordered list in to a document using script. If a user had enabled scripting, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-6671) Sijie Xia discovered that trust settings for built-in EV root certificates were ignored under certain circumstances, removing the ability for a user to manually untrust certificates from specific authorities. (CVE-2013-6673) Tyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a use-after-free in functions for synthetic mouse movement handling. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5613) Eric Faust discovered that GetElementIC typed array stubs can be generated outside observed typesets. If a user had enabled scripting, an attacker could possibly exploit this to cause undefined behaviour with a potential security impact. (CVE-2013-5615) Michal Zalewski discovered several issues with JPEG image handling. An attacker could potentially exploit these to obtain sensitive information. (CVE-2013-6629, CVE-2013-6630). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id71375
    published2013-12-12
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71375
    titleUbuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : thunderbird vulnerabilities (USN-2053-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-993.NASL
    description - update to Firefox 26.0 (bnc#854367, bnc#854370) - rebased patches - requires NSPR 4.10.2 and NSS 3.15.3.1 - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application Installation doorhanger persists on navigation - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character encoding cross-origin XSS attack - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox restrictions not applied to nested object elements - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential overflow in JavaScript binary search algorithms - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard information disclosure though selection paste - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - removed gecko.js preference file as GStreamer is enabled by default now
    last seen2020-06-05
    modified2014-06-13
    plugin id75239
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75239
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1916-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2052-1.NASL
    descriptionBen Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christoph Diehl discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5609, CVE-2013-5610) Myk Melez discovered that the doorhanger notification for web app installation could persist between page navigations. An attacker could potentially exploit this to conduct clickjacking attacks. (CVE-2013-5611) Masato Kinugawa discovered that pages with missing character set encoding information can inherit character encodings across navigations from another domain. An attacker could potentially exploit this to conduct cross-site scripting attacks. (CVE-2013-5612) Daniel Veditz discovered that a sandboxed iframe could use an object element to bypass its own restrictions. (CVE-2013-5614) Tyson Smith and Jesse Schwartzentruber discovered a use-after-free in event listeners. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5616) A use-after-free was discovered in the table editing interface. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5618) Dan Gohman discovered that binary search algorithms in Spidermonkey used arithmetic prone to overflow in several places. However, this is issue not believed to be exploitable. (CVE-2013-5619) Tyson Smith and Jesse Schwartzentruber discovered a crash when inserting an ordered list in to a document using script. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-6671) Vincent Lefevre discovered that web content could access clipboard data under certain circumstances, resulting in information disclosure. (CVE-2013-6672) Sijie Xia discovered that trust settings for built-in EV root certificates were ignored under certain circumstances, removing the ability for a user to manually untrust certificates from specific authorities. (CVE-2013-6673) Tyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a use-after-free in functions for synthetic mouse movement handling. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5613) Eric Faust discovered that GetElementIC typed array stubs can be generated outside observed typesets. An attacker could possibly exploit this to cause undefined behaviour with a potential security impact. (CVE-2013-5615) Michal Zalewski discovered several issues with JPEG image handling. An attacker could potentially exploit these to obtain sensitive information. (CVE-2013-6629, CVE-2013-6630). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id71374
    published2013-12-12
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71374
    titleUbuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2052-1)
  • NASL familyWindows
    NASL idSEAMONKEY_223.NASL
    descriptionThe installed version of SeaMonkey is earlier than 2.23 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5609, CVE-2013-5610) - Cross-site scripting filtering evasion may be possible due to character encodings being inherited from a previously visited website when character set encoding is missing from the current website. (CVE-2013-5612) - Two use-after-free vulnerabilities exist in the functions for synthetic mouse movement handling. (CVE-2013-5613) - Sandbox restrictions may be bypassed because
    last seen2020-06-01
    modified2020-06-02
    plugin id71349
    published2013-12-11
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71349
    titleSeaMonkey < 2.23 Multiple Vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20131211_FIREFOX_ON_SL5_X.NASL
    descriptionSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-5613) A flaw was found in the way Firefox rendered web content with missing character encoding information. An attacker could use this flaw to possibly bypass same-origin inheritance and perform cross-site scripting (XSS) attacks. (CVE-2013-5612) It was found that certain malicious web content could bypass restrictions applied by sandboxed iframes. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-5614) After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-03-18
    modified2013-12-12
    plugin id71371
    published2013-12-12
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71371
    titleScientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20131211)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20131211_THUNDERBIRD_ON_SL5_X.NASL
    descriptionSeveral flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-5613) A flaw was found in the way Thunderbird rendered web content with missing character encoding information. An attacker could use this flaw to possibly bypass same-origin inheritance and perform cross site-scripting (XSS) attacks. (CVE-2013-5612) It was found that certain malicious web content could bypass restrictions applied by sandboxed iframes. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-5614) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-03-18
    modified2013-12-13
    plugin id71391
    published2013-12-13
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71391
    titleScientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20131211)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_26.NASL
    descriptionThe installed version of Firefox is earlier than 26.0 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5609, CVE-2013-5610) - An issue exists where the notification for a Web App installation could persist from one website to another website. This could be used by a malicious website to trick a user into installing an application from one website while making it appear to come from another website. (CVE-2013-5611) - Cross-site scripting filtering evasion may be possible due to character encodings being inherited from a previously visited website when character set encoding is missing from the current website. (CVE-2013-5612) - Two use-after-free vulnerabilities exist in the functions for synthetic mouse movement handling. (CVE-2013-5613) - Sandbox restrictions may be bypassed because
    last seen2020-06-01
    modified2020-06-02
    plugin id71347
    published2013-12-11
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71347
    titleFirefox < 26.0 Multiple Vulnerabilities
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_24_2_ESR.NASL
    descriptionThe installed version of Firefox ESR 24.x is earlier than 24.2, and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5609, CVE-2013-5610) - Two use-after-free vulnerabilities exist in the functions for synthetic mouse movement handling. (CVE-2013-5613) - An issue exists in which
    last seen2020-06-01
    modified2020-06-02
    plugin id71346
    published2013-12-11
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71346
    titleFirefox ESR 24.x < 24.2 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_24_2.NASL
    descriptionThe installed version of Thunderbird is earlier than 24.2 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5609, CVE-2013-5610) - Two use-after-free vulnerabilities exist in the functions for synthetic mouse movement handling. (CVE-2013-5613) - An issue exists in which
    last seen2020-06-01
    modified2020-06-02
    plugin id71345
    published2013-12-11
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71345
    titleThunderbird < 24.2 Multiple Vulnerabilities (Mac OS X)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_DD116B1964B311E3868F0025905A4771.NASL
    descriptionThe Mozilla Project reports : MFSA 2013-116 JPEG information leak MFSA 2013-105 Application Installation doorhanger persists on navigation MFSA 2013-106 Character encoding cross-origin XSS attack MFSA 2013-107 Sandbox restrictions not applied to nested object elements MFSA 2013-108 Use-after-free in event listeners MFSA 2013-109 Use-after-free during Table Editing MFSA 2013-110 Potential overflow in JavaScript binary search algorithms MFSA 2013-111 Segmentation violation when replacing ordered list elements MFSA 2013-112 Linux clipboard information disclosure though selection paste MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation MFSA 2013-114 Use-after-free in synthetic mouse movement MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets MFSA 2013-116 JPEG information leak MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
    last seen2020-06-01
    modified2020-06-02
    plugin id71452
    published2013-12-16
    reporterThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71452
    titleFreeBSD : mozilla -- multiple vulnerabilities (dd116b19-64b3-11e3-868f-0025905a4771)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-23519.NASL
    descriptionNew upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-12-18
    plugin id71505
    published2013-12-18
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71505
    titleFedora 20 : firefox-26.0-3.fc20 / thunderbird-24.2.0-3.fc20 / xulrunner-26.0-2.fc20 (2013-23519)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-23295.NASL
    descriptionUpdate to latest upstream - 24.2.0 See release notes here: http://www.mozilla.org/en-US/firefox/17.0.9/releasenotes/ See http://www.mozilla.org/en/thunderbird/24.0/releasenotes/ for full list of changes. See http://www.mozilla.org/en/thunderbird/24.0/releasenotes/ for full list of changes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-12-16
    plugin id71448
    published2013-12-16
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71448
    titleFedora 19 : thunderbird-24.2.0-2.fc19 (2013-23295)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_FIREFOX24-201312-131215.NASL
    descriptionMozilla Firefox has been updated to the 24.2.0 ESR security release. This is a major upgrade from the 17 ESR release branch. Security issues fixed : - Application Installation doorhanger persists on navigation. (MFSA 2013-105). (CVE-2013-5611) - Miscellaneous memory safety hazards (rv:24.2). (MFSA 2013-104). (CVE-2013-5609) - Miscellaneous memory safety hazards (rv:26.0). (MFSA 2013-104). (CVE-2013-5610) - Character encoding cross-origin XSS attack. (MFSA 2013-106). (CVE-2013-5612) - Sandbox restrictions not applied to nested object elements. (MFSA 2013-107). (CVE-2013-5614) - Use-after-free in event listeners. (MFSA 2013-108). (CVE-2013-5616) - Potential overflow in JavaScript binary search algorithms. (MFSA 2013-110). (CVE-2013-5619) - Segmentation violation when replacing ordered list elements. (MFSA 2013-111). (CVE-2013-6671) - Trust settings for built-in roots ignored during EV certificate validation. (MFSA 2013-113). (CVE-2013-6673) - Use-after-free in synthetic mouse movement. (MFSA 2013-114). (CVE-2013-5613) - GetElementIC typed array stubs can be generated outside observed typesets. (MFSA 2013-115). (CVE-2013-5615) - Linux clipboard information disclosure though selection paste. (MFSA 2013-112). (CVE-2013-6672) - Use-after-free during Table Editing (MFSA 2013-109). (CVE-2013-5618)
    last seen2020-06-05
    modified2013-12-20
    plugin id71559
    published2013-12-20
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71559
    titleSuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8657)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-1023.NASL
    description - update to Thunderbird 24.2.0 (bnc#854370) - requires NSS 3.15.3.1 or higher - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - update to Thunderbird 24.1.1 - requires NSPR 4.10.2 and NSS 3.15.3 for security reasons - fix binary compatibility issues for patch level updates (bmo#927073)
    last seen2020-06-05
    modified2014-06-13
    plugin id74867
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74867
    titleopenSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:1959-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-1024.NASL
    description - update to Thunderbird 24.2.0 (bnc#854370) - requires NSS 3.15.3.1 or higher - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - update to Thunderbird 24.1.1 - requires NSPR 4.10.2 and NSS 3.15.3 for security reasons - fix binary compatibility issues for patch level updates (bmo#927073)
    last seen2020-06-05
    modified2014-06-13
    plugin id74868
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74868
    titleopenSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:1957-1)

Redhat

advisories
bugzilla
id1039429
titleCVE-2013-5613 Mozilla: Use-after-free in synthetic mouse movement (MFSA 2013-114)
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • commentfirefox is earlier than 0:24.2.0-1.el5_10
      ovaloval:com.redhat.rhsa:tst:20131812001
    • commentfirefox is signed with Red Hat redhatrelease key
      ovaloval:com.redhat.rhsa:tst:20070097008
  • AND
    • commentRed Hat Enterprise Linux 6 is installed
      ovaloval:com.redhat.rhba:tst:20111656003
    • commentfirefox is earlier than 0:24.2.0-1.el6_5
      ovaloval:com.redhat.rhsa:tst:20131812004
    • commentfirefox is signed with Red Hat redhatrelease2 key
      ovaloval:com.redhat.rhsa:tst:20100861006
rhsa
idRHSA-2013:1812
released2013-12-11
severityCritical
titleRHSA-2013:1812: firefox security update (Critical)
rpms
  • firefox-0:24.2.0-1.el5_10
  • firefox-0:24.2.0-1.el6_5
  • firefox-debuginfo-0:24.2.0-1.el5_10
  • firefox-debuginfo-0:24.2.0-1.el6_5
  • thunderbird-0:24.2.0-1.el6_5
  • thunderbird-0:24.2.0-2.el5_10
  • thunderbird-debuginfo-0:24.2.0-1.el6_5
  • thunderbird-debuginfo-0:24.2.0-2.el5_10

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 64212 CVE(CAN) ID: CVE-2013-6671 Mozilla Firefox/SeaMonkey/Thunderbird是Mozilla所发布的WEB浏览器/新闻组客户端/邮件客户端。 Firefox 26、Firefox ESR 24.2、Thunderbird 24.2、Seamonkey 2.23之前版本在libxul.so!nsGfxScrollFrameInner::IsLTR() 的实现上存在段错误,成功利用后可使攻击者造成受影响应用崩溃。 0 Mozilla Firefox &lt; 26 Mozilla Thunderbird &lt; 24.2 Mozilla SeaMonkey &lt; 2.23 Mozilla Firefox ESR &lt; 24.2 厂商补丁: Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.mozilla.org/security/ http://www.mozilla.org/security/announce/2013/mfsa2013-111.html
idSSV:61090
last seen2017-11-19
modified2013-12-12
published2013-12-12
reporterRoot
titleMozilla Firefox/Thunderbird/SeaMonkey代码注入漏洞

References