Vulnerabilities > CVE-2014-1487 - Origin Validation Error vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE

Summary

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.

Vulnerable Configurations

Part Description Count
Application
Mozilla
737
Application
Suse
1
OS
Fedoraproject
2
OS
Opensuse
3
OS
Suse
3
OS
Canonical
3
OS
Debian
1
OS
Redhat
10

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • JSON Hijacking (aka JavaScript Hijacking)
    An attacker targets a system that uses JavaScript Object Notation (JSON) as a transport mechanism between the client and the server (common in Web 2.0 systems using AJAX) to steal possibly confidential information transmitted from the server back to the client inside the JSON object by taking advantage of the loophole in the browser's Same Origin Policy that does not prohibit JavaScript from one website to be included and executed in the context of another website. An attacker gets the victim to visit his or her malicious page that contains a script tag whose source points to the vulnerable system with a URL that requests a response from the server containing a JSON object with possibly confidential information. The malicious page also contains malicious code to capture the JSON object returned by the server before any other processing on it can take place, typically by overriding the JavaScript function used to create new objects. This hook allows the malicious code to get access to the creation of each object and transmit the possibly sensitive contents of the captured JSON object to the attackers' server. There is nothing in the browser's security model to prevent the attackers' malicious JavaScript code (originating from attacker's domain) to set up an environment (as described above) to intercept a JSON object response (coming from the vulnerable target system's domain), read its contents and transmit to the attackers' controlled site. The same origin policy protects the domain object model (DOM), but not the JSON.
  • Cache Poisoning
    An attacker exploits the functionality of cache technologies to cause specific data to be cached that aids the attackers' objectives. This describes any attack whereby an attacker places incorrect or harmful material in cache. The targeted cache can be an application's cache (e.g. a web browser cache) or a public cache (e.g. a DNS or ARP cache). Until the cache is refreshed, most applications or clients will treat the corrupted cache value as valid. This can lead to a wide range of exploits including redirecting web browsers towards sites that install malware and repeatedly incorrect calculations based on the incorrect value.
  • DNS Cache Poisoning
    A domain name server translates a domain name (such as www.example.com) into an IP address that Internet hosts use to contact Internet resources. An attacker modifies a public DNS cache to cause certain names to resolve to incorrect addresses that the attacker specifies. The result is that client applications that rely upon the targeted cache for domain name resolution will be directed not to the actual address of the specified domain name but to some other address. Attackers can use this to herd clients to sites that install malware on the victim's computer or to masquerade as part of a Pharming attack.
  • Exploitation of Session Variables, Resource IDs and other Trusted Credentials
    Attacks on session IDs and resource IDs take advantage of the fact that some software accepts user input without verifying its authenticity. For example, a message queuing system that allows service requesters to post messages to its queue through an open channel (such as anonymous FTP), authorization is done through checking group or role membership contained in the posted message. However, there is no proof that the message itself, the information in the message (such group or role membership), or indeed the process that wrote the message to the queue are authentic and authorized to do so. Many server side processes are vulnerable to these attacks because the server to server communications have not been analyzed from a security perspective or the processes "trust" other systems because they are behind a firewall. In a similar way servers that use easy to guess or spoofable schemes for representing digital identity can also be vulnerable. Such systems frequently use schemes without cryptography and digital signatures (or with broken cryptography). Session IDs may be guessed due to insufficient randomness, poor protection (passed in the clear), lack of integrity (unsigned), or improperly correlation with access control policy enforcement points. Exposed configuration and properties files that contain system passwords, database connection strings, and such may also give an attacker an edge to identify these identifiers. The net result is that spoofing and impersonation is possible leading to an attacker's ability to break authentication, authorization, and audit controls on the system.
  • Application API Message Manipulation via Man-in-the-Middle
    An attacker manipulates either egress or ingress data from a client within an application framework in order to change the content of messages. Performing this attack can allow the attacker to gain unauthorized privileges within the application, or conduct attacks such as phishing, deceptive strategies to spread malware, or traditional web-application attacks. The techniques require use of specialized software that allow the attacker to man-in-the-middle communications between the web browser and the remote system. Despite the use of MITM software, the attack is actually directed at the server, as the client is one node in a series of content brokers that pass information along to the application framework. Additionally, it is not true "Man-in-the-Middle" attack at the network layer, but an application-layer attack the root cause of which is the master applications trust in the integrity of code supplied by the client.

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0133.NASL
    descriptionAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1477, CVE-2014-1482, CVE-2014-1486) A flaw was found in the way Thunderbird handled error messages related to web workers. An attacker could use this flaw to bypass the same-origin policy, which could lead to cross-site scripting (XSS) attacks, or could potentially be used to gather authentication tokens and other data from third-party websites. (CVE-2014-1487) A flaw was found in the implementation of System Only Wrappers (SOW). An attacker could use this flaw to crash Thunderbird. When combined with other vulnerabilities, this flaw could have additional security implications. (CVE-2014-1479) It was found that the Thunderbird JavaScript engine incorrectly handled window objects. A remote attacker could use this flaw to bypass certain security checks and possibly execute arbitrary code. (CVE-2014-1481) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Sotaro Ikeda, Cody Crews, Fredrik
    last seen2020-05-31
    modified2014-02-05
    plugin id72318
    published2014-02-05
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72318
    titleRHEL 5 / 6 : thunderbird (RHSA-2014:0133)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:0133. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(72318);
      script_version("1.23");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29");
    
      script_cve_id("CVE-2014-1477", "CVE-2014-1479", "CVE-2014-1481", "CVE-2014-1482", "CVE-2014-1486", "CVE-2014-1487");
      script_xref(name:"RHSA", value:"2014:0133");
    
      script_name(english:"RHEL 5 / 6 : thunderbird (RHSA-2014:0133)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "An updated thunderbird package that fixes several security issues is
    now available for Red Hat Enterprise Linux 5 and 6.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    Mozilla Thunderbird is a standalone mail and newsgroup client.
    
    Several flaws were found in the processing of malformed content.
    Malicious content could cause Thunderbird to crash or, potentially,
    execute arbitrary code with the privileges of the user running
    Thunderbird. (CVE-2014-1477, CVE-2014-1482, CVE-2014-1486)
    
    A flaw was found in the way Thunderbird handled error messages related
    to web workers. An attacker could use this flaw to bypass the
    same-origin policy, which could lead to cross-site scripting (XSS)
    attacks, or could potentially be used to gather authentication tokens
    and other data from third-party websites. (CVE-2014-1487)
    
    A flaw was found in the implementation of System Only Wrappers (SOW).
    An attacker could use this flaw to crash Thunderbird. When combined
    with other vulnerabilities, this flaw could have additional security
    implications. (CVE-2014-1479)
    
    It was found that the Thunderbird JavaScript engine incorrectly
    handled window objects. A remote attacker could use this flaw to
    bypass certain security checks and possibly execute arbitrary code.
    (CVE-2014-1481)
    
    Red Hat would like to thank the Mozilla project for reporting these
    issues. Upstream acknowledges Christian Holler, Terrence Cole, Jesse
    Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan
    VanderMeulen, Sotaro Ikeda, Cody Crews, Fredrik 'Flonka' Lonnqvist,
    Arthur Gerkis, Masato Kinugawa, and Boris Zbarsky as the original
    reporters of these issues.
    
    Note: All of the above issues cannot be exploited by a specially
    crafted HTML mail message as JavaScript is disabled by default for
    mail messages. They could be exploited another way in Thunderbird, for
    example, when viewing the full remote content of an RSS feed.
    
    For technical details regarding these flaws, refer to the Mozilla
    security advisories for Thunderbird 24.3.0. You can find a link to the
    Mozilla advisories in the References section of this erratum.
    
    All Thunderbird users should upgrade to this updated package, which
    contains Thunderbird version 24.3.0, which corrects these issues.
    After installing the update, Thunderbird must be restarted for the
    changes to take effect."
      );
      # https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8190f023"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2014:0133"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-1479"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-1482"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-1481"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-1487"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-1477"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-1486"
      );
      script_set_attribute(
        attribute:"solution",
        value:
    "Update the affected thunderbird and / or thunderbird-debuginfo
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/02/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2014:0133";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"thunderbird-24.3.0-2.el5_10", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"thunderbird-24.3.0-2.el5_10", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"thunderbird-debuginfo-24.3.0-2.el5_10", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"thunderbird-debuginfo-24.3.0-2.el5_10", allowmaj:TRUE)) flag++;
    
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"thunderbird-24.3.0-2.el6_5", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"thunderbird-24.3.0-2.el6_5", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"thunderbird-24.3.0-2.el6_5", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"thunderbird-debuginfo-24.3.0-2.el6_5", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"thunderbird-debuginfo-24.3.0-2.el6_5", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"thunderbird-debuginfo-24.3.0-2.el6_5", allowmaj:TRUE)) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird / thunderbird-debuginfo");
      }
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201504-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201504-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround : There are no known workarounds at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id82632
    published2015-04-08
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82632
    titleGLSA-201504-01 : Mozilla Products: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201504-01.
    #
    # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82632);
      script_version("1.7");
      script_cvs_date("Date: 2019/08/12 17:35:38");
    
      script_cve_id("CVE-2013-1741", "CVE-2013-2566", "CVE-2013-5590", "CVE-2013-5591", "CVE-2013-5592", "CVE-2013-5593", "CVE-2013-5595", "CVE-2013-5596", "CVE-2013-5597", "CVE-2013-5598", "CVE-2013-5599", "CVE-2013-5600", "CVE-2013-5601", "CVE-2013-5602", "CVE-2013-5603", "CVE-2013-5604", "CVE-2013-5605", "CVE-2013-5606", "CVE-2013-5607", "CVE-2013-5609", "CVE-2013-5610", "CVE-2013-5612", "CVE-2013-5613", "CVE-2013-5614", "CVE-2013-5615", "CVE-2013-5616", "CVE-2013-5618", "CVE-2013-5619", "CVE-2013-6671", "CVE-2013-6672", "CVE-2013-6673", "CVE-2014-1477", "CVE-2014-1478", "CVE-2014-1479", "CVE-2014-1480", "CVE-2014-1481", "CVE-2014-1482", "CVE-2014-1483", "CVE-2014-1485", "CVE-2014-1486", "CVE-2014-1487", "CVE-2014-1488", "CVE-2014-1489", "CVE-2014-1490", "CVE-2014-1491", "CVE-2014-1492", "CVE-2014-1493", "CVE-2014-1494", "CVE-2014-1496", "CVE-2014-1497", "CVE-2014-1498", "CVE-2014-1499", "CVE-2014-1500", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1505", "CVE-2014-1508", "CVE-2014-1509", "CVE-2014-1510", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1513", "CVE-2014-1514", "CVE-2014-1518", "CVE-2014-1519", "CVE-2014-1520", "CVE-2014-1522", "CVE-2014-1523", "CVE-2014-1524", "CVE-2014-1525", "CVE-2014-1526", "CVE-2014-1529", "CVE-2014-1530", "CVE-2014-1531", "CVE-2014-1532", "CVE-2014-1533", "CVE-2014-1534", "CVE-2014-1536", "CVE-2014-1537", "CVE-2014-1538", "CVE-2014-1539", "CVE-2014-1540", "CVE-2014-1541", "CVE-2014-1542", "CVE-2014-1543", "CVE-2014-1544", "CVE-2014-1545", "CVE-2014-1547", "CVE-2014-1548", "CVE-2014-1549", "CVE-2014-1550", "CVE-2014-1551", "CVE-2014-1552", "CVE-2014-1553", "CVE-2014-1554", "CVE-2014-1555", "CVE-2014-1556", "CVE-2014-1557", "CVE-2014-1558", "CVE-2014-1559", "CVE-2014-1560", "CVE-2014-1561", "CVE-2014-1562", "CVE-2014-1563", "CVE-2014-1564", "CVE-2014-1565", "CVE-2014-1566", "CVE-2014-1567", "CVE-2014-1568", "CVE-2014-1574", "CVE-2014-1575", "CVE-2014-1576", "CVE-2014-1577", "CVE-2014-1578", "CVE-2014-1580", "CVE-2014-1581", "CVE-2014-1582", "CVE-2014-1583", "CVE-2014-1584", "CVE-2014-1585", "CVE-2014-1586", "CVE-2014-1587", "CVE-2014-1588", "CVE-2014-1589", "CVE-2014-1590", "CVE-2014-1591", "CVE-2014-1592", "CVE-2014-1593", "CVE-2014-1594", "CVE-2014-5369", "CVE-2014-8631", "CVE-2014-8632", "CVE-2014-8634", "CVE-2014-8635", "CVE-2014-8636", "CVE-2014-8637", "CVE-2014-8638", "CVE-2014-8639", "CVE-2014-8640", "CVE-2014-8641", "CVE-2014-8642", "CVE-2015-0817", "CVE-2015-0818", "CVE-2015-0819", "CVE-2015-0820", "CVE-2015-0821", "CVE-2015-0822", "CVE-2015-0823", "CVE-2015-0824", "CVE-2015-0825", "CVE-2015-0826", "CVE-2015-0827", "CVE-2015-0828", "CVE-2015-0829", "CVE-2015-0830", "CVE-2015-0831", "CVE-2015-0832", "CVE-2015-0833", "CVE-2015-0834", "CVE-2015-0835", "CVE-2015-0836");
      script_xref(name:"GLSA", value:"201504-01");
    
      script_name(english:"GLSA-201504-01 : Mozilla Products: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201504-01
    (Mozilla Products: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Firefox, Thunderbird,
          and SeaMonkey. Please review the CVE identifiers referenced below for
          details.
      
    Impact :
    
        A remote attacker could entice a user to view a specially crafted web
          page or email, possibly resulting in execution of arbitrary code or a
          Denial of Service condition. Furthermore, a remote attacker may be able
          to perform Man-in-the-Middle attacks, obtain sensitive information, spoof
          the address bar, conduct clickjacking attacks, bypass security
          restrictions and protection mechanisms,  or have other unspecified
          impact.
      
    Workaround :
    
        There are no known workarounds at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201504-01"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All firefox users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-client/firefox-31.5.3'
        All firefox-bin users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-31.5.3'
        All thunderbird users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-31.5.0'
        All thunderbird-bin users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=mail-client/thunderbird-bin-31.5.0'
        All seamonkey users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-client/seamonkey-2.33.1'
        All seamonkey-bin users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-2.33.1'
        All nspr users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-libs/nspr-4.10.6'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox Proxy Prototype Privileged Javascript Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firefox-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:nspr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:thunderbird-bin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"dev-libs/nspr", unaffected:make_list("ge 4.10.6"), vulnerable:make_list("lt 4.10.6"))) flag++;
    if (qpkg_check(package:"www-client/firefox-bin", unaffected:make_list("ge 31.5.3"), vulnerable:make_list("lt 31.5.3"))) flag++;
    if (qpkg_check(package:"www-client/seamonkey", unaffected:make_list("ge 2.33.1"), vulnerable:make_list("lt 2.33.1"))) flag++;
    if (qpkg_check(package:"www-client/seamonkey-bin", unaffected:make_list("ge 2.33.1"), vulnerable:make_list("lt 2.33.1"))) flag++;
    if (qpkg_check(package:"mail-client/thunderbird-bin", unaffected:make_list("ge 31.5.0"), vulnerable:make_list("lt 31.5.0"))) flag++;
    if (qpkg_check(package:"www-client/firefox", unaffected:make_list("ge 31.5.3"), vulnerable:make_list("lt 31.5.3"))) flag++;
    if (qpkg_check(package:"mail-client/thunderbird", unaffected:make_list("ge 31.5.0"), vulnerable:make_list("lt 31.5.0"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla Products");
    }
    
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_27.NASL
    descriptionThe installed version of Firefox is earlier than 27.0 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2014-1477, CVE-2014-1478) - An error exists related to System Only Wrappers (SOW) and the XML Binding Language (XBL) that could allow XUL content to be disclosed. (CVE-2014-1479) - An error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id72331
    published2014-02-05
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72331
    titleFirefox < 27.0 Multiple Vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0133.NASL
    descriptionFrom Red Hat Security Advisory 2014:0133 : An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1477, CVE-2014-1482, CVE-2014-1486) A flaw was found in the way Thunderbird handled error messages related to web workers. An attacker could use this flaw to bypass the same-origin policy, which could lead to cross-site scripting (XSS) attacks, or could potentially be used to gather authentication tokens and other data from third-party websites. (CVE-2014-1487) A flaw was found in the implementation of System Only Wrappers (SOW). An attacker could use this flaw to crash Thunderbird. When combined with other vulnerabilities, this flaw could have additional security implications. (CVE-2014-1479) It was found that the Thunderbird JavaScript engine incorrectly handled window objects. A remote attacker could use this flaw to bypass certain security checks and possibly execute arbitrary code. (CVE-2014-1481) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Sotaro Ikeda, Cody Crews, Fredrik
    last seen2020-05-31
    modified2014-02-05
    plugin id72316
    published2014-02-05
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72316
    titleOracle Linux 6 : thunderbird (ELSA-2014-0133)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0132.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1477, CVE-2014-1482, CVE-2014-1486) A flaw was found in the way Firefox handled error messages related to web workers. An attacker could use this flaw to bypass the same-origin policy, which could lead to cross-site scripting (XSS) attacks, or could potentially be used to gather authentication tokens and other data from third-party websites. (CVE-2014-1487) A flaw was found in the implementation of System Only Wrappers (SOW). An attacker could use this flaw to crash Firefox. When combined with other vulnerabilities, this flaw could have additional security implications. (CVE-2014-1479) It was found that the Firefox JavaScript engine incorrectly handled window objects. A remote attacker could use this flaw to bypass certain security checks and possibly execute arbitrary code. (CVE-2014-1481) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Sotaro Ikeda, Cody Crews, Fredrik
    last seen2020-06-01
    modified2020-06-02
    plugin id72350
    published2014-02-06
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72350
    titleCentOS 5 / 6 : firefox (CESA-2014:0132)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2102-2.NASL
    descriptionUSN-2102-1 fixed vulnerabilities in Firefox. The update introduced a regression which could make Firefox crash under some circumstances. This update fixes the problem. We apologize for the inconvenience. Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Carsten Book, Andrew Sutherland, Byron Campen, Nicholas Nethercote, Paul Adenot, David Baron, Julian Seward and Sotaro Ikeda discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1477, CVE-2014-1478) Cody Crews discovered a method to bypass System Only Wrappers. An attacker could potentially exploit this to steal confidential data or execute code with the privileges of the user invoking Firefox. (CVE-2014-1479) Jordi Chancel discovered that the downloads dialog did not implement a security timeout before button presses are processed. An attacker could potentially exploit this to conduct clickjacking attacks. (CVE-2014-1480) Fredrik Lonnqvist discovered a use-after-free in Firefox. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1482) Jordan Milne discovered a timing flaw when using document.elementFromPoint and document.caretPositionFromPoint on cross-origin iframes. An attacker could potentially exploit this to steal confidential imformation. (CVE-2014-1483) Frederik Braun discovered that the CSP implementation in Firefox did not handle XSLT stylesheets in accordance with the specification, potentially resulting in unexpected script execution in some circumstances (CVE-2014-1485) Arthur Gerkis discovered a use-after-free in Firefox. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1486) Masato Kinugawa discovered a cross-origin information leak in web worker error messages. An attacker could potentially exploit this to steal confidential information. (CVE-2014-1487) Yazan Tommalieh discovered that web pages could activate buttons on the default Firefox startpage (about:home) in some circumstances. An attacker could potentially exploit this to cause data loss by triggering a session restore. (CVE-2014-1489) Soeren Balko discovered a crash in Firefox when terminating web workers running asm.js code in some circumstances. An attacker could potentially exploit this to execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1488) Several issues were discovered with ticket handling in NSS. An attacker could potentially exploit these to cause a denial of service or bypass cryptographic protection mechanisms. (CVE-2014-1490, CVE-2014-1491) Boris Zbarsky discovered that security restrictions on window objects could be bypassed under certain circumstances. (CVE-2014-1481). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2014-02-20
    plugin id72598
    published2014-02-20
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72598
    titleUbuntu 12.04 LTS / 12.10 / 13.10 : firefox regression (USN-2102-2)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0133.NASL
    descriptionAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1477, CVE-2014-1482, CVE-2014-1486) A flaw was found in the way Thunderbird handled error messages related to web workers. An attacker could use this flaw to bypass the same-origin policy, which could lead to cross-site scripting (XSS) attacks, or could potentially be used to gather authentication tokens and other data from third-party websites. (CVE-2014-1487) A flaw was found in the implementation of System Only Wrappers (SOW). An attacker could use this flaw to crash Thunderbird. When combined with other vulnerabilities, this flaw could have additional security implications. (CVE-2014-1479) It was found that the Thunderbird JavaScript engine incorrectly handled window objects. A remote attacker could use this flaw to bypass certain security checks and possibly execute arbitrary code. (CVE-2014-1481) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Sotaro Ikeda, Cody Crews, Fredrik
    last seen2020-05-31
    modified2014-02-06
    plugin id72351
    published2014-02-06
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72351
    titleCentOS 5 / 6 : thunderbird (CESA-2014:0133)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_FIREFOX-201402-140207.NASL
    descriptionThis updates the Mozilla Firefox browser to the 24.3.0ESR security release. The Mozilla NSS libraries are now on version 3.15.4. The following security issues have been fixed : - Memory safety bugs fixed in Firefox ESR 24.3 and Firefox 27.0 (CVE-2014-1477)(bnc#862345). (MFSA 2014-01) - Using XBL scopes its possible to steal(clone) native anonymous content (CVE-2014-1479)(bnc#862348). (MFSA 2014-02) - Download
    last seen2020-06-05
    modified2014-02-18
    plugin id72554
    published2014-02-18
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72554
    titleSuSE 11.3 Security Update : MozillaFirefox (SAT Patch Number 8879)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2119-1.NASL
    descriptionChristian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen and Sotaro Ikeda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1477) Cody Crews discovered a method to bypass System Only Wrappers. If a user had enabled scripting, an attacker could potentially exploit this to steal confidential data or execute code with the privileges of the user invoking Thunderbird. (CVE-2014-1479) Fredrik Lonnqvist discovered a use-after-free in Thunderbird. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the priviliges of the user invoking Thunderbird. (CVE-2014-1482) Arthur Gerkis discovered a use-after-free in Thunderbird. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the priviliges of the user invoking Thunderbird. (CVE-2014-1486) Masato Kinugawa discovered a cross-origin information leak in web worker error messages. If a user had enabled scripting, an attacker could potentially exploit this to steal confidential information. (CVE-2014-1487) Several issues were discovered with ticket handling in NSS. An attacker could potentially exploit these to cause a denial of service or bypass cryptographic protection mechanisms. (CVE-2014-1490, CVE-2014-1491) Boris Zbarsky discovered that security restrictions on window objects could be bypassed under certain circumstances. (CVE-2014-1481) Fabian Cuchietti and Ateeq ur Rehman Khan discovered that it was possible to bypass JavaScript execution restrictions when replying to or forwarding mail messages in certain circumstances. An attacker could potentially exploit this to steal confidential information or modify message content. (CVE-2013-6674). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2014-02-20
    plugin id72599
    published2014-02-20
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72599
    titleUbuntu 12.04 LTS / 12.10 / 13.10 : thunderbird vulnerabilities (USN-2119-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2858.NASL
    descriptionMultiple security issues have been found in Iceweasel, Debian
    last seen2020-03-17
    modified2014-02-12
    plugin id72438
    published2014-02-12
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72438
    titleDebian DSA-2858-1 : iceweasel - several vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2102-1.NASL
    descriptionChristian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Carsten Book, Andrew Sutherland, Byron Campen, Nicholas Nethercote, Paul Adenot, David Baron, Julian Seward and Sotaro Ikeda discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1477, CVE-2014-1478) Cody Crews discovered a method to bypass System Only Wrappers. An attacker could potentially exploit this to steal confidential data or execute code with the privileges of the user invoking Firefox. (CVE-2014-1479) Jordi Chancel discovered that the downloads dialog did not implement a security timeout before button presses are processed. An attacker could potentially exploit this to conduct clickjacking attacks. (CVE-2014-1480) Fredrik Lonnqvist discovered a use-after-free in Firefox. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1482) Jordan Milne discovered a timing flaw when using document.elementFromPoint and document.caretPositionFromPoint on cross-origin iframes. An attacker could potentially exploit this to steal confidential imformation. (CVE-2014-1483) Frederik Braun discovered that the CSP implementation in Firefox did not handle XSLT stylesheets in accordance with the specification, potentially resulting in unexpected script execution in some circumstances (CVE-2014-1485) Arthur Gerkis discovered a use-after-free in Firefox. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1486) Masato Kinugawa discovered a cross-origin information leak in web worker error messages. An attacker could potentially exploit this to steal confidential information. (CVE-2014-1487) Yazan Tommalieh discovered that web pages could activate buttons on the default Firefox startpage (about:home) in some circumstances. An attacker could potentially exploit this to cause data loss by triggering a session restore. (CVE-2014-1489) Soeren Balko discovered a crash in Firefox when terminating web workers running asm.js code in some circumstances. An attacker could potentially exploit this to execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1488) Several issues were discovered with ticket handling in NSS. An attacker could potentially exploit these to cause a denial of service or bypass cryptographic protection mechanisms. (CVE-2014-1490, CVE-2014-1491) Boris Zbarsky discovered that security restrictions on window objects could be bypassed under certain circumstances. (CVE-2014-1481). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2014-02-11
    plugin id72425
    published2014-02-11
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72425
    titleUbuntu 12.04 LTS / 12.10 / 13.10 : firefox vulnerabilities (USN-2102-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0132.NASL
    descriptionFrom Red Hat Security Advisory 2014:0132 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1477, CVE-2014-1482, CVE-2014-1486) A flaw was found in the way Firefox handled error messages related to web workers. An attacker could use this flaw to bypass the same-origin policy, which could lead to cross-site scripting (XSS) attacks, or could potentially be used to gather authentication tokens and other data from third-party websites. (CVE-2014-1487) A flaw was found in the implementation of System Only Wrappers (SOW). An attacker could use this flaw to crash Firefox. When combined with other vulnerabilities, this flaw could have additional security implications. (CVE-2014-1479) It was found that the Firefox JavaScript engine incorrectly handled window objects. A remote attacker could use this flaw to bypass certain security checks and possibly execute arbitrary code. (CVE-2014-1481) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Sotaro Ikeda, Cody Crews, Fredrik
    last seen2020-05-31
    modified2014-02-05
    plugin id72315
    published2014-02-05
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72315
    titleOracle Linux 5 / 6 : firefox (ELSA-2014-0132)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_24_3_ESR.NASL
    descriptionThe installed version of Firefox ESR 24.x is earlier than 24.3, and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2014-1477) - An error exists related to System Only Wrappers (SOW) and the XML Binding Language (XBL) that could allow XUL content to be disclosed. (CVE-2014-1479) - An error exists related to the JavaScript engine and
    last seen2020-06-01
    modified2020-06-02
    plugin id72330
    published2014-02-05
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72330
    titleFirefox ESR 24.x < 24.3 Multiple Vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20140204_FIREFOX_ON_SL5_X.NASL
    descriptionSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1477, CVE-2014-1482, CVE-2014-1486) A flaw was found in the way Firefox handled error messages related to web workers. An attacker could use this flaw to bypass the same-origin policy, which could lead to cross-site scripting (XSS) attacks, or could potentially be used to gather authentication tokens and other data from third-party websites. (CVE-2014-1487) A flaw was found in the implementation of System Only Wrappers (SOW). An attacker could use this flaw to crash Firefox. When combined with other vulnerabilities, this flaw could have additional security implications. (CVE-2014-1479) It was found that the Firefox JavaScript engine incorrectly handled window objects. A remote attacker could use this flaw to bypass certain security checks and possibly execute arbitrary code. (CVE-2014-1481) After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-03-18
    modified2014-02-05
    plugin id72322
    published2014-02-05
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72322
    titleScientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20140204)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-2041.NASL
    descriptionSee http://www.mozilla.org/en-US/thunderbird/24.3.0/releasenotes/ for changelog. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-02-07
    plugin id72380
    published2014-02-07
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72380
    titleFedora 20 : thunderbird-24.3.0-1.fc20 (2014-2041)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-2083.NASL
    descriptionSee http://www.mozilla.org/en-US/thunderbird/24.3.0/releasenotes/ for changelog. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-03-02
    plugin id72752
    published2014-03-02
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72752
    titleFedora 19 : thunderbird-24.3.0-1.fc19 (2014-2083)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0132.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1477, CVE-2014-1482, CVE-2014-1486) A flaw was found in the way Firefox handled error messages related to web workers. An attacker could use this flaw to bypass the same-origin policy, which could lead to cross-site scripting (XSS) attacks, or could potentially be used to gather authentication tokens and other data from third-party websites. (CVE-2014-1487) A flaw was found in the implementation of System Only Wrappers (SOW). An attacker could use this flaw to crash Firefox. When combined with other vulnerabilities, this flaw could have additional security implications. (CVE-2014-1479) It was found that the Firefox JavaScript engine incorrectly handled window objects. A remote attacker could use this flaw to bypass certain security checks and possibly execute arbitrary code. (CVE-2014-1481) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Sotaro Ikeda, Cody Crews, Fredrik
    last seen2020-05-31
    modified2014-02-05
    plugin id72317
    published2014-02-05
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72317
    titleRHEL 5 / 6 : firefox (RHSA-2014:0132)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_1753F0FF8DD511E39B45B4B52FCE4CE8.NASL
    descriptionThe Mozilla Project reports : MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3) MFSA 2014-02 Clone protected content with XBL scopes MFSA 2014-03 UI selection timeout missing on download prompts MFSA 2014-04 Incorrect use of discarded images by RasterImage MFSA 2014-05 Information disclosure with *FromPoint on iframes MFSA 2014-06 Profile path leaks to Android system log MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing MFSA 2014-09 Cross-origin information leak through web workers MFSA 2014-10 Firefox default start page UI content invokable by script MFSA 2014-11 Crash when using web workers with asm.js MFSA 2014-12 NSS ticket handling issues MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
    last seen2020-06-01
    modified2020-06-02
    plugin id72312
    published2014-02-05
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72312
    titleFreeBSD : mozilla -- multiple vulnerabilities (1753f0ff-8dd5-11e3-9b45-b4b52fce4ce8)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_27.NASL
    descriptionThe installed version of Firefox is earlier than 27.0 and is, therefore, potentially affected by multiple vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2014-1477, CVE-2014-1478) - An error exists related to System Only Wrappers (SOW) and the XML Binding Language (XBL) that could allow XUL content to be disclosed. (CVE-2014-1479) - An error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id72328
    published2014-02-05
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72328
    titleFirefox < 27.0 Multiple Vulnerabilities (Mac OS X)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-119.NASL
    descriptionMozilla Firefox was updated to version 27. Mozilla SeaMonkey was updated to 2.24, fixing similar issues as Firefox 27. Mozilla Thunderbird was updated to 24.3.0, fixing similar issues as Firefox 27. The Firefox 27 release brings TLS 1.2 support as a major security feature. It also fixes following security issues : - MFSA 2014-01/CVE-2014-1477/CVE-2014-1478 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3) - MFSA 2014-02/CVE-2014-1479 (bmo#911864) Clone protected content with XBL scopes - MFSA 2014-03/CVE-2014-1480 (bmo#916726) UI selection timeout missing on download prompts - MFSA 2014-04/CVE-2014-1482 (bmo#943803) Incorrect use of discarded images by RasterImage - MFSA 2014-05/CVE-2014-1483 (bmo#950427) Information disclosure with *FromPoint on iframes - MFSA 2014-06/CVE-2014-1484 (bmo#953993) Profile path leaks to Android system log - MFSA 2014-07/CVE-2014-1485 (bmo#910139) XSLT stylesheets treated as styles in Content Security Policy - MFSA 2014-08/CVE-2014-1486 (bmo#942164) Use-after-free with imgRequestProxy and image proccessing - MFSA 2014-09/CVE-2014-1487 (bmo#947592) Cross-origin information leak through web workers - MFSA 2014-10/CVE-2014-1489 (bmo#959531) Firefox default start page UI content invokable by script - MFSA 2014-11/CVE-2014-1488 (bmo#950604) Crash when using web workers with asm.js - MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 (bmo#934545, bmo#930874, bmo#930857) NSS ticket handling issues - MFSA 2014-13/CVE-2014-1481(bmo#936056) Inconsistent JavaScript handling of access to Window objects Mozilla NSS was updated to 3.15.4 : - required for Firefox 27 - regular CA root store update (1.96) - Reordered the cipher suites offered in SSL/TLS client hello messages to match modern best practices. - Improved SSL/TLS false start. In addition to enabling the SSL_ENABLE_FALSE_START option, an application must now register a callback using the SSL_SetCanFalseStartCallback function. - When false start is enabled, libssl will sometimes return unencrypted, unauthenticated data from PR_Recv (CVE-2013-1740, bmo#919877) - MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 NSS ticket handling issues New functionality - Implemented OCSP querying using the HTTP GET method, which is the new default, and will fall back to the HTTP POST method. - Implemented OCSP server functionality for testing purposes (httpserv utility). - Support SHA-1 signatures with TLS 1.2 client authentication. - Added the --empty-password command-line option to certutil, to be used with -N: use an empty password when creating a new database. - Added the -w command-line option to pp: don
    last seen2020-06-05
    modified2014-06-13
    plugin id75253
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75253
    titleopenSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2014:0212-1)
  • NASL familyWindows
    NASL idSEAMONKEY_2_24.NASL
    descriptionThe installed version of SeaMonkey is earlier than 2.24 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2014-1477, CVE-2014-1478) - An error exists related to System Only Wrappers (SOW) and the XML Binding Language (XBL) that could allow XUL content to be disclosed. (CVE-2014-1479) - An error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id72333
    published2014-02-05
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72333
    titleSeaMonkey < 2.24 Multiple Vulnerabilities
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_24_3.NASL
    descriptionThe installed version of Thunderbird is earlier than 24.3 and is, therefore, potentially affected the following vulnerabilities: - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2014-1477) - An error exists related to System Only Wrappers (SOW) and the XML Binding Language (XBL) that could allow XUL content to be disclosed. (CVE-2014-1479) - An error exists related to the JavaScript engine and
    last seen2020-06-01
    modified2020-06-02
    plugin id72332
    published2014-02-05
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72332
    titleMozilla Thunderbird < 24.3 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_24_3.NASL
    descriptionThe installed version of Thunderbird is earlier than 24.3 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2014-1477) - An error exists related to System Only Wrappers (SOW) and the XML Binding Language (XBL) that could allow XUL content to be disclosed. (CVE-2014-1479) - An error exists related to the JavaScript engine and
    last seen2020-06-01
    modified2020-06-02
    plugin id72329
    published2014-02-05
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72329
    titleThunderbird < 24.3 Multiple Vulnerabilities (Mac OS X)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20140204_THUNDERBIRD_ON_SL5_X.NASL
    descriptionSeveral flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1477, CVE-2014-1482, CVE-2014-1486) A flaw was found in the way Thunderbird handled error messages related to web workers. An attacker could use this flaw to bypass the same-origin policy, which could lead to cross-site scripting (XSS) attacks, or could potentially be used to gather authentication tokens and other data from third-party websites. (CVE-2014-1487) A flaw was found in the implementation of System Only Wrappers (SOW). An attacker could use this flaw to crash Thunderbird. When combined with other vulnerabilities, this flaw could have additional security implications. (CVE-2014-1479) It was found that the Thunderbird JavaScript engine incorrectly handled window objects. A remote attacker could use this flaw to bypass certain security checks and possibly execute arbitrary code. (CVE-2014-1481) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-03-18
    modified2014-02-05
    plugin id72323
    published2014-02-05
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72323
    titleScientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20140204)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_24_3_ESR.NASL
    descriptionThe installed version of Firefox ESR 24.x is earlier than 24.3 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2014-1477) - An error exists related to System Only Wrappers (SOW) and the XML Binding Language (XBL) that could allow XUL content to be disclosed. (CVE-2014-1479) - An error exists related to the JavaScript engine and
    last seen2020-06-01
    modified2020-06-02
    plugin id72327
    published2014-02-05
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72327
    titleFirefox ESR 24.x < 24.3 Multiple Vulnerabilities (Mac OS X)

Redhat

advisories
  • bugzilla
    id1060952
    titleCVE-2014-1481 Mozilla: Inconsistent JavaScript handling of access to Window objects (MFSA 2014-13)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • commentfirefox is earlier than 0:24.3.0-2.el5_10
        ovaloval:com.redhat.rhsa:tst:20140132001
      • commentfirefox is signed with Red Hat redhatrelease key
        ovaloval:com.redhat.rhsa:tst:20070097008
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • commentfirefox is earlier than 0:24.3.0-2.el6_5
        ovaloval:com.redhat.rhsa:tst:20140132004
      • commentfirefox is signed with Red Hat redhatrelease2 key
        ovaloval:com.redhat.rhsa:tst:20100861006
    rhsa
    idRHSA-2014:0132
    released2014-02-04
    severityCritical
    titleRHSA-2014:0132: firefox security update (Critical)
  • bugzilla
    id1060952
    titleCVE-2014-1481 Mozilla: Inconsistent JavaScript handling of access to Window objects (MFSA 2014-13)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • commentthunderbird is earlier than 0:24.3.0-2.el5_10
        ovaloval:com.redhat.rhsa:tst:20140133001
      • commentthunderbird is signed with Red Hat redhatrelease key
        ovaloval:com.redhat.rhsa:tst:20070108002
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • commentthunderbird is earlier than 0:24.3.0-2.el6_5
        ovaloval:com.redhat.rhsa:tst:20140133004
      • commentthunderbird is signed with Red Hat redhatrelease2 key
        ovaloval:com.redhat.rhsa:tst:20100896002
    rhsa
    idRHSA-2014:0133
    released2014-02-04
    severityImportant
    titleRHSA-2014:0133: thunderbird security update (Important)
rpms
  • firefox-0:24.3.0-2.el5_10
  • firefox-0:24.3.0-2.el6_5
  • firefox-debuginfo-0:24.3.0-2.el5_10
  • firefox-debuginfo-0:24.3.0-2.el6_5
  • thunderbird-0:24.3.0-2.el5_10
  • thunderbird-0:24.3.0-2.el6_5
  • thunderbird-debuginfo-0:24.3.0-2.el5_10
  • thunderbird-debuginfo-0:24.3.0-2.el6_5

References