Vulnerabilities > CVE-2014-1551 - Use After Free Memory Corruption vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a DirectWrite font-face object. <a href="http://cwe.mitre.org/data/definitions/416.html" target="_blank">CWE-416: Use After Free</a>
Vulnerable Configurations
Nessus
NASL family Windows NASL id MOZILLA_THUNDERBIRD_31_0.NASL description The version of Thunderbird installed on the remote host is a version prior to 31.0. It is, therefore, affected by the following vulnerabilities : - When a pair of NSSCertificate structures are added to a trust domain and then one of them is removed during use, a use-after-free error occurs which may cause the application to crash. This crash is potentially exploitable. (CVE-2014-1544) - There are multiple memory safety hazards within the browser engine. These hazards may lead to memory corruption vulnerabilities, which may allow attackers to execute arbitrary code. (CVE-2014-1547, CVE-2014-1548) - A buffer overflow exists when interacting with the Web Audio buffer during playback due to an error with the allocation of memory for the buffer. This may lead to a potentially exploitable crash. (CVE-2014-1549) - A use-after-free exists in Web Audio due to the way control messages are handled. This may lead to a potentially exploitable crash. (CVE-2014-1550) - There is a potential use-after-free issue in DirectWrite font handling. This may allow an attacker to potentially execute arbitrary code within the context of the user running the application. (CVE-2014-1551) - There is an issue with the IFRAME sandbox same-origin access policy which allows sandboxed content to access other content from the same origin without approval. This may lead to a same-origin-bypass vulnerability. (CVE-2014-1552) - Triggering the FireOnStateChange event has the potential to crash the application. This may lead to a use-after-free and an exploitable crash. (CVE-2014-1555) - When using the Cesium JavaScript library to generate WebGL content, the application may crash. This crash is potentially exploitable. (CVE-2014-1556) - There is a flaw in the Skia library when scaling images of high quality. If the image data is discarded while being processed, the library may crash. This crash is potentially exploitable. (CVE-2014-1557) - There are multiple issues with using invalid characters in various certificates. These invalid characters may cause certificates to be parsed incorrectly which may lead to the inability to use valid SSL certificates. (CVE-2014-1558, CVE-2014-1559, CVE-2014-1560) last seen 2020-06-01 modified 2020-06-02 plugin id 76765 published 2014-07-24 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76765 title Mozilla Thunderbird < 31.0 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(76765); script_version("1.6"); script_cvs_date("Date: 2019/11/26"); script_cve_id( "CVE-2014-1544", "CVE-2014-1547", "CVE-2014-1548", "CVE-2014-1549", "CVE-2014-1550", "CVE-2014-1551", "CVE-2014-1552", "CVE-2014-1555", "CVE-2014-1557", "CVE-2014-1558", "CVE-2014-1559", "CVE-2014-1560" ); script_bugtraq_id( 68810, 68811, 68812, 68813, 68814, 68815, 68816, 68817, 68818, 68820, 68821, 68824 ); script_name(english:"Mozilla Thunderbird < 31.0 Multiple Vulnerabilities"); script_summary(english:"Checks the version of Thunderbird."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a mail client that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Thunderbird installed on the remote host is a version prior to 31.0. It is, therefore, affected by the following vulnerabilities : - When a pair of NSSCertificate structures are added to a trust domain and then one of them is removed during use, a use-after-free error occurs which may cause the application to crash. This crash is potentially exploitable. (CVE-2014-1544) - There are multiple memory safety hazards within the browser engine. These hazards may lead to memory corruption vulnerabilities, which may allow attackers to execute arbitrary code. (CVE-2014-1547, CVE-2014-1548) - A buffer overflow exists when interacting with the Web Audio buffer during playback due to an error with the allocation of memory for the buffer. This may lead to a potentially exploitable crash. (CVE-2014-1549) - A use-after-free exists in Web Audio due to the way control messages are handled. This may lead to a potentially exploitable crash. (CVE-2014-1550) - There is a potential use-after-free issue in DirectWrite font handling. This may allow an attacker to potentially execute arbitrary code within the context of the user running the application. (CVE-2014-1551) - There is an issue with the IFRAME sandbox same-origin access policy which allows sandboxed content to access other content from the same origin without approval. This may lead to a same-origin-bypass vulnerability. (CVE-2014-1552) - Triggering the FireOnStateChange event has the potential to crash the application. This may lead to a use-after-free and an exploitable crash. (CVE-2014-1555) - When using the Cesium JavaScript library to generate WebGL content, the application may crash. This crash is potentially exploitable. (CVE-2014-1556) - There is a flaw in the Skia library when scaling images of high quality. If the image data is discarded while being processed, the library may crash. This crash is potentially exploitable. (CVE-2014-1557) - There are multiple issues with using invalid characters in various certificates. These invalid characters may cause certificates to be parsed incorrectly which may lead to the inability to use valid SSL certificates. (CVE-2014-1558, CVE-2014-1559, CVE-2014-1560)"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-56.html"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-57.html"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-58.html"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-59.html"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-61.html"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-62.html"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-63.html"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-64.html"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-65.html"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-66.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Thunderbird 31.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-1551"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/22"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Thunderbird/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item("SMB/transport"); if (!port) port = 445; installs = get_kb_list("SMB/Mozilla/Thunderbird/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Thunderbird"); mozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'31.0', min:'25.0', severity:SECURITY_HOLE, xss:FALSE);NASL family SuSE Local Security Checks NASL id SUSE_11_FIREFOX-201407-140729.NASL description Mozilla Firefox has been updated to the 24.7ESR security release. Security issues fixed in this release : - https://www.mozilla.org/security/announce/2014/mfsa2014- 63.html. (CVE-2014-1544) - https://www.mozilla.org/security/announce/2014/mfsa2014- 56.html. (CVE-2014-1548) - https://www.mozilla.org/security/announce/2014/mfsa2014- 57.html. (CVE-2014-1549) - https://www.mozilla.org/security/announce/2014/mfsa2014- 58.html. (CVE-2014-1550) - https://www.mozilla.org/security/announce/2014/mfsa2014- 59.html. (CVE-2014-1551) - https://www.mozilla.org/security/announce/2014/mfsa2014- 66.html. (CVE-2014-1552) - https://www.mozilla.org/security/announce/2014/mfsa2014- 61.html. (CVE-2014-1555) - https://www.mozilla.org/security/announce/2014/mfsa2014- 62.html. (CVE-2014-1556) - https://www.mozilla.org/security/announce/2014/mfsa2014- 64.html. (CVE-2014-1557) - https://www.mozilla.org/security/announce/2014/mfsa2014- 65.html. (CVE-2014-1558 / CVE-2014-1559 / CVE-2014-1560) - https://www.mozilla.org/security/announce/2014/mfsa2014- 60.html. (CVE-2014-1561) last seen 2020-06-05 modified 2014-08-04 plugin id 76989 published 2014-08-04 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76989 title SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 9569) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(76989); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-1544", "CVE-2014-1547", "CVE-2014-1548", "CVE-2014-1549", "CVE-2014-1550", "CVE-2014-1551", "CVE-2014-1552", "CVE-2014-1555", "CVE-2014-1556", "CVE-2014-1557", "CVE-2014-1558", "CVE-2014-1559", "CVE-2014-1560", "CVE-2014-1561"); script_name(english:"SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 9569)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Mozilla Firefox has been updated to the 24.7ESR security release. Security issues fixed in this release : - https://www.mozilla.org/security/announce/2014/mfsa2014- 63.html. (CVE-2014-1544) - https://www.mozilla.org/security/announce/2014/mfsa2014- 56.html. (CVE-2014-1548) - https://www.mozilla.org/security/announce/2014/mfsa2014- 57.html. (CVE-2014-1549) - https://www.mozilla.org/security/announce/2014/mfsa2014- 58.html. (CVE-2014-1550) - https://www.mozilla.org/security/announce/2014/mfsa2014- 59.html. (CVE-2014-1551) - https://www.mozilla.org/security/announce/2014/mfsa2014- 66.html. (CVE-2014-1552) - https://www.mozilla.org/security/announce/2014/mfsa2014- 61.html. (CVE-2014-1555) - https://www.mozilla.org/security/announce/2014/mfsa2014- 62.html. (CVE-2014-1556) - https://www.mozilla.org/security/announce/2014/mfsa2014- 64.html. (CVE-2014-1557) - https://www.mozilla.org/security/announce/2014/mfsa2014- 65.html. (CVE-2014-1558 / CVE-2014-1559 / CVE-2014-1560) - https://www.mozilla.org/security/announce/2014/mfsa2014- 60.html. (CVE-2014-1561)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=887746" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1544.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1547.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1548.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1549.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1550.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1551.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1552.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1555.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1556.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1557.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1558.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1559.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1560.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1561.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 9569."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libfreebl3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libsoftokn3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libsoftokn3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nss-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3"); flag = 0; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"MozillaFirefox-24.7.0esr-0.8.2")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"MozillaFirefox-translations-24.7.0esr-0.8.2")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libfreebl3-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libsoftokn3-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mozilla-nss-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mozilla-nss-tools-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"MozillaFirefox-24.7.0esr-0.8.2")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"MozillaFirefox-translations-24.7.0esr-0.8.2")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libfreebl3-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libfreebl3-32bit-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libsoftokn3-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libsoftokn3-32bit-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mozilla-nss-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mozilla-nss-32bit-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mozilla-nss-tools-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"MozillaFirefox-24.7.0esr-0.8.2")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"MozillaFirefox-translations-24.7.0esr-0.8.2")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"libfreebl3-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"libsoftokn3-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"mozilla-nss-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"mozilla-nss-tools-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"MozillaFirefox-24.7.0esr-0.8.2")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"MozillaFirefox-translations-24.7.0esr-0.8.2")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libfreebl3-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libfreebl3-32bit-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libsoftokn3-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libsoftokn3-32bit-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"mozilla-nss-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"mozilla-nss-32bit-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"mozilla-nss-tools-3.16.2-0.8.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201504-01.NASL description The remote host is affected by the vulnerability described in GLSA-201504-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround : There are no known workarounds at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 82632 published 2015-04-08 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82632 title GLSA-201504-01 : Mozilla Products: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201504-01. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(82632); script_version("1.7"); script_cvs_date("Date: 2019/08/12 17:35:38"); script_cve_id("CVE-2013-1741", "CVE-2013-2566", "CVE-2013-5590", "CVE-2013-5591", "CVE-2013-5592", "CVE-2013-5593", "CVE-2013-5595", "CVE-2013-5596", "CVE-2013-5597", "CVE-2013-5598", "CVE-2013-5599", "CVE-2013-5600", "CVE-2013-5601", "CVE-2013-5602", "CVE-2013-5603", "CVE-2013-5604", "CVE-2013-5605", "CVE-2013-5606", "CVE-2013-5607", "CVE-2013-5609", "CVE-2013-5610", "CVE-2013-5612", "CVE-2013-5613", "CVE-2013-5614", "CVE-2013-5615", "CVE-2013-5616", "CVE-2013-5618", "CVE-2013-5619", "CVE-2013-6671", "CVE-2013-6672", "CVE-2013-6673", "CVE-2014-1477", "CVE-2014-1478", "CVE-2014-1479", "CVE-2014-1480", "CVE-2014-1481", "CVE-2014-1482", "CVE-2014-1483", "CVE-2014-1485", "CVE-2014-1486", "CVE-2014-1487", "CVE-2014-1488", "CVE-2014-1489", "CVE-2014-1490", "CVE-2014-1491", "CVE-2014-1492", "CVE-2014-1493", "CVE-2014-1494", "CVE-2014-1496", "CVE-2014-1497", "CVE-2014-1498", "CVE-2014-1499", "CVE-2014-1500", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1505", "CVE-2014-1508", "CVE-2014-1509", "CVE-2014-1510", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1513", "CVE-2014-1514", "CVE-2014-1518", "CVE-2014-1519", "CVE-2014-1520", "CVE-2014-1522", "CVE-2014-1523", "CVE-2014-1524", "CVE-2014-1525", "CVE-2014-1526", "CVE-2014-1529", "CVE-2014-1530", "CVE-2014-1531", "CVE-2014-1532", "CVE-2014-1533", "CVE-2014-1534", "CVE-2014-1536", "CVE-2014-1537", "CVE-2014-1538", "CVE-2014-1539", "CVE-2014-1540", "CVE-2014-1541", "CVE-2014-1542", "CVE-2014-1543", "CVE-2014-1544", "CVE-2014-1545", "CVE-2014-1547", "CVE-2014-1548", "CVE-2014-1549", "CVE-2014-1550", "CVE-2014-1551", "CVE-2014-1552", "CVE-2014-1553", "CVE-2014-1554", "CVE-2014-1555", "CVE-2014-1556", "CVE-2014-1557", "CVE-2014-1558", "CVE-2014-1559", "CVE-2014-1560", "CVE-2014-1561", "CVE-2014-1562", "CVE-2014-1563", "CVE-2014-1564", "CVE-2014-1565", "CVE-2014-1566", "CVE-2014-1567", "CVE-2014-1568", "CVE-2014-1574", "CVE-2014-1575", "CVE-2014-1576", "CVE-2014-1577", "CVE-2014-1578", "CVE-2014-1580", "CVE-2014-1581", "CVE-2014-1582", "CVE-2014-1583", "CVE-2014-1584", "CVE-2014-1585", "CVE-2014-1586", "CVE-2014-1587", "CVE-2014-1588", "CVE-2014-1589", "CVE-2014-1590", "CVE-2014-1591", "CVE-2014-1592", "CVE-2014-1593", "CVE-2014-1594", "CVE-2014-5369", "CVE-2014-8631", "CVE-2014-8632", "CVE-2014-8634", "CVE-2014-8635", "CVE-2014-8636", "CVE-2014-8637", "CVE-2014-8638", "CVE-2014-8639", "CVE-2014-8640", "CVE-2014-8641", "CVE-2014-8642", "CVE-2015-0817", "CVE-2015-0818", "CVE-2015-0819", "CVE-2015-0820", "CVE-2015-0821", "CVE-2015-0822", "CVE-2015-0823", "CVE-2015-0824", "CVE-2015-0825", "CVE-2015-0826", "CVE-2015-0827", "CVE-2015-0828", "CVE-2015-0829", "CVE-2015-0830", "CVE-2015-0831", "CVE-2015-0832", "CVE-2015-0833", "CVE-2015-0834", "CVE-2015-0835", "CVE-2015-0836"); script_xref(name:"GLSA", value:"201504-01"); script_name(english:"GLSA-201504-01 : Mozilla Products: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201504-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround : There are no known workarounds at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201504-01" ); script_set_attribute( attribute:"solution", value: "All firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/firefox-31.5.3' All firefox-bin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-31.5.3' All thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-31.5.0' All thunderbird-bin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-bin-31.5.0' All seamonkey users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/seamonkey-2.33.1' All seamonkey-bin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-2.33.1' All nspr users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-libs/nspr-4.10.6'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox Proxy Prototype Privileged Javascript Injection'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firefox-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:thunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:thunderbird-bin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/15"); script_set_attribute(attribute:"patch_publication_date", value:"2015/04/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-libs/nspr", unaffected:make_list("ge 4.10.6"), vulnerable:make_list("lt 4.10.6"))) flag++; if (qpkg_check(package:"www-client/firefox-bin", unaffected:make_list("ge 31.5.3"), vulnerable:make_list("lt 31.5.3"))) flag++; if (qpkg_check(package:"www-client/seamonkey", unaffected:make_list("ge 2.33.1"), vulnerable:make_list("lt 2.33.1"))) flag++; if (qpkg_check(package:"www-client/seamonkey-bin", unaffected:make_list("ge 2.33.1"), vulnerable:make_list("lt 2.33.1"))) flag++; if (qpkg_check(package:"mail-client/thunderbird-bin", unaffected:make_list("ge 31.5.0"), vulnerable:make_list("lt 31.5.0"))) flag++; if (qpkg_check(package:"www-client/firefox", unaffected:make_list("ge 31.5.3"), vulnerable:make_list("lt 31.5.3"))) flag++; if (qpkg_check(package:"mail-client/thunderbird", unaffected:make_list("ge 31.5.0"), vulnerable:make_list("lt 31.5.0"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla Products"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_978B0F76122D11E4AFE3BC5FF4FB5E7B.NASL description The Mozilla Project reports : MFSA 2014-66 IFRAME sandbox same-origin access through redirect MFSA 2014-65 Certificate parsing broken by non-standard character encoding MFSA 2014-64 Crash in Skia library when scaling high quality images MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library MFSA 2014-61 Use-after-free with FireOnStateChange event MFSA 2014-60 Toolbar dialog customization event spoofing MFSA 2014-59 Use-after-free in DirectWrite font handling MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering MFSA 2014-57 Buffer overflow during Web Audio buffering for playback MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7) last seen 2020-06-01 modified 2020-06-02 plugin id 76720 published 2014-07-24 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76720 title FreeBSD : mozilla -- multiple vulnerabilities (978b0f76-122d-11e4-afe3-bc5ff4fb5e7b) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(76720); script_version("1.5"); script_cvs_date("Date: 2018/11/21 10:46:31"); script_cve_id("CVE-2014-1544", "CVE-2014-1547", "CVE-2014-1548", "CVE-2014-1549", "CVE-2014-1550", "CVE-2014-1551", "CVE-2014-1552", "CVE-2014-1555", "CVE-2014-1556", "CVE-2014-1557", "CVE-2014-1558", "CVE-2014-1559", "CVE-2014-1560", "CVE-2014-1561"); script_name(english:"FreeBSD : mozilla -- multiple vulnerabilities (978b0f76-122d-11e4-afe3-bc5ff4fb5e7b)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "The Mozilla Project reports : MFSA 2014-66 IFRAME sandbox same-origin access through redirect MFSA 2014-65 Certificate parsing broken by non-standard character encoding MFSA 2014-64 Crash in Skia library when scaling high quality images MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library MFSA 2014-61 Use-after-free with FireOnStateChange event MFSA 2014-60 Toolbar dialog customization event spoofing MFSA 2014-59 Use-after-free in DirectWrite font handling MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering MFSA 2014-57 Buffer overflow during Web Audio buffering for playback MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)" ); # https://www.mozilla.org/security/announce/2014/mfsa2014-56.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2014-56/" ); # https://www.mozilla.org/security/announce/2014/mfsa2014-57.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2014-57/" ); # https://www.mozilla.org/security/announce/2014/mfsa2014-58.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2014-58/" ); # https://www.mozilla.org/security/announce/2014/mfsa2014-59.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2014-59/" ); # https://www.mozilla.org/security/announce/2014/mfsa2014-60.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2014-60/" ); # https://www.mozilla.org/security/announce/2014/mfsa2014-61.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2014-61/" ); # https://www.mozilla.org/security/announce/2014/mfsa2014-62.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2014-62/" ); # https://www.mozilla.org/security/announce/2014/mfsa2014-63.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2014-63/" ); # https://www.mozilla.org/security/announce/2014/mfsa2014-64.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2014-64/" ); # https://www.mozilla.org/security/announce/2014/mfsa2014-65.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2014-65/" ); # https://www.mozilla.org/security/announce/2014/mfsa2014-66.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2014-66/" ); # https://www.mozilla.org/security/announce/ script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/" ); # https://vuxml.freebsd.org/freebsd/978b0f76-122d-11e4-afe3-bc5ff4fb5e7b.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?30b8d994" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:firefox-esr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-thunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:thunderbird"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/22"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"firefox<31.0,1")) flag++; if (pkg_test(save_report:TRUE, pkg:"firefox-esr<24.7.0,1")) flag++; if (pkg_test(save_report:TRUE, pkg:"linux-firefox<31.0,1")) flag++; if (pkg_test(save_report:TRUE, pkg:"linux-thunderbird<24.7.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"thunderbird<24.7.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"nss<3.16.1_2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Windows NASL id MOZILLA_THUNDERBIRD_24_7.NASL description The version of Thunderbird 24.x installed on the remote host is a version prior to 24.7. It is, therefore, affected by the following vulnerabilities : - When a pair of NSSCertificate structures are added to a trust domain and then one of them is removed during use, a use-after-free error occurs which may cause the application to crash. This crash is potentially exploitable. (CVE-2014-1544) - There are multiple memory safety hazards within the browser engine. These hazards may lead to memory corruption vulnerabilities, which may allow attackers to execute arbitrary code. (CVE-2014-1547, CVE-2014-1548) - There is a potential use-after-free issue in DirectWrite font handling. This may allow an attacker to potentially execute arbitrary code within the context of the user running the application. (CVE-2014-1551) - Triggering the FireOnStateChange event has the potential to crash the application. This may lead to a use-after-free and an exploitable crash. (CVE-2014-1555) - When using the Cesium JavaScript library to generate WebGL content, the application may crash. This crash is potentially exploitable. (CVE-2014-1556) last seen 2020-06-01 modified 2020-06-02 plugin id 76764 published 2014-07-24 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76764 title Mozilla Thunderbird 24.x < 24.7 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(76764); script_version("1.6"); script_cvs_date("Date: 2019/11/26"); script_cve_id( "CVE-2014-1544", "CVE-2014-1547", "CVE-2014-1548", "CVE-2014-1551", "CVE-2014-1555", "CVE-2014-1557" ); script_bugtraq_id( 68811, 68814, 68816, 68817, 68818, 68822, 68824 ); script_name(english:"Mozilla Thunderbird 24.x < 24.7 Multiple Vulnerabilities"); script_summary(english:"Checks the version of Thunderbird."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a mail client that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Thunderbird 24.x installed on the remote host is a version prior to 24.7. It is, therefore, affected by the following vulnerabilities : - When a pair of NSSCertificate structures are added to a trust domain and then one of them is removed during use, a use-after-free error occurs which may cause the application to crash. This crash is potentially exploitable. (CVE-2014-1544) - There are multiple memory safety hazards within the browser engine. These hazards may lead to memory corruption vulnerabilities, which may allow attackers to execute arbitrary code. (CVE-2014-1547, CVE-2014-1548) - There is a potential use-after-free issue in DirectWrite font handling. This may allow an attacker to potentially execute arbitrary code within the context of the user running the application. (CVE-2014-1551) - Triggering the FireOnStateChange event has the potential to crash the application. This may lead to a use-after-free and an exploitable crash. (CVE-2014-1555) - When using the Cesium JavaScript library to generate WebGL content, the application may crash. This crash is potentially exploitable. (CVE-2014-1556)"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-56.html"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-59.html"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-61.html"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-62.html"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-63.html"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-64.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Thunderbird 24.7 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-1551"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/22"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Thunderbird/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item("SMB/transport"); if (!port) port = 445; installs = get_kb_list("SMB/Mozilla/Thunderbird/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Thunderbird"); mozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'24.7', min:'24.0', severity:SECURITY_HOLE, xss:FALSE);NASL family SuSE Local Security Checks NASL id SUSE_11_FIREFOX-201407-140730.NASL description Mozilla Firefox has been updated to the 24.7ESR security release. Security issues fixed in this release : - https://www.mozilla.org/security/announce/2014/mfsa2014- 63.html. (CVE-2014-1544) - https://www.mozilla.org/security/announce/2014/mfsa2014- 56.html. (CVE-2014-1548) - https://www.mozilla.org/security/announce/2014/mfsa2014- 57.html. (CVE-2014-1549) - https://www.mozilla.org/security/announce/2014/mfsa2014- 58.html. (CVE-2014-1550) - https://www.mozilla.org/security/announce/2014/mfsa2014- 59.html. (CVE-2014-1551) - https://www.mozilla.org/security/announce/2014/mfsa2014- 66.html. (CVE-2014-1552) - https://www.mozilla.org/security/announce/2014/mfsa2014- 61.html. (CVE-2014-1555) - https://www.mozilla.org/security/announce/2014/mfsa2014- 62.html. (CVE-2014-1556) - https://www.mozilla.org/security/announce/2014/mfsa2014- 64.html. (CVE-2014-1557) - https://www.mozilla.org/security/announce/2014/mfsa2014- 65.html. (CVE-2014-1558 / CVE-2014-1559 / CVE-2014-1560) - https://www.mozilla.org/security/announce/2014/mfsa2014- 60.html. (CVE-2014-1561) last seen 2020-06-05 modified 2014-08-04 plugin id 76990 published 2014-08-04 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76990 title SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 9569) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(76990); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-1544", "CVE-2014-1547", "CVE-2014-1548", "CVE-2014-1549", "CVE-2014-1550", "CVE-2014-1551", "CVE-2014-1552", "CVE-2014-1555", "CVE-2014-1556", "CVE-2014-1557", "CVE-2014-1558", "CVE-2014-1559", "CVE-2014-1560", "CVE-2014-1561"); script_name(english:"SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 9569)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Mozilla Firefox has been updated to the 24.7ESR security release. Security issues fixed in this release : - https://www.mozilla.org/security/announce/2014/mfsa2014- 63.html. (CVE-2014-1544) - https://www.mozilla.org/security/announce/2014/mfsa2014- 56.html. (CVE-2014-1548) - https://www.mozilla.org/security/announce/2014/mfsa2014- 57.html. (CVE-2014-1549) - https://www.mozilla.org/security/announce/2014/mfsa2014- 58.html. (CVE-2014-1550) - https://www.mozilla.org/security/announce/2014/mfsa2014- 59.html. (CVE-2014-1551) - https://www.mozilla.org/security/announce/2014/mfsa2014- 66.html. (CVE-2014-1552) - https://www.mozilla.org/security/announce/2014/mfsa2014- 61.html. (CVE-2014-1555) - https://www.mozilla.org/security/announce/2014/mfsa2014- 62.html. (CVE-2014-1556) - https://www.mozilla.org/security/announce/2014/mfsa2014- 64.html. (CVE-2014-1557) - https://www.mozilla.org/security/announce/2014/mfsa2014- 65.html. (CVE-2014-1558 / CVE-2014-1559 / CVE-2014-1560) - https://www.mozilla.org/security/announce/2014/mfsa2014- 60.html. (CVE-2014-1561)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=887746" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1544.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1547.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1548.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1549.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1550.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1551.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1552.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1555.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1556.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1557.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1558.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1559.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1560.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1561.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 9569."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libfreebl3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libsoftokn3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libsoftokn3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nss-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3"); flag = 0; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"MozillaFirefox-24.7.0esr-0.8.2")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"MozillaFirefox-translations-24.7.0esr-0.8.2")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libfreebl3-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libfreebl3-32bit-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libsoftokn3-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libsoftokn3-32bit-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"mozilla-nss-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"mozilla-nss-32bit-3.16.2-0.8.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"mozilla-nss-tools-3.16.2-0.8.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Windows NASL id MOZILLA_FIREFOX_24_7_ESR.NASL description The version of Firefox ESR 24.x installed on the remote host is prior to 24.7. It is, therefore, affected by the following vulnerabilities : - When a pair of NSSCertificate structures are added to a trust domain and then one of them is removed during use, a use-after-free error occurs which may cause the application to crash. This crash is potentially exploitable. (CVE-2014-1544) - There are multiple memory safety hazards within the browser engine. These hazards may lead to memory corruption vulnerabilities, which may allow attackers to execute arbitrary code. (CVE-2014-1547, CVE-2014-1548) - There is a potential use-after-free issue in DirectWrite font handling. This may allow an attacker to potentially execute arbitrary code within the context of the user running the application. (CVE-2014-1551) - Triggering the FireOnStateChange event has the potential to crash the application. This may lead to a use-after-free and an exploitable crash. (CVE-2014-1555) - When using the Cesium JavaScript library to generate WebGL content, the application may crash. This crash is potentially exploitable. (CVE-2014-1556) - There is a flaw in the Skia library when scaling images of high quality. If the image data is discarded while being processed, the library may crash. This crash is potentially exploitable. (CVE-2014-1557) last seen 2020-06-01 modified 2020-06-02 plugin id 76762 published 2014-07-24 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76762 title Firefox ESR 24.x < 24.7 Multiple Vulnerabilities NASL family Windows NASL id MOZILLA_FIREFOX_31.NASL description The version of Firefox installed on the remote host is a version prior to 31.0. It is, therefore, affected by the following vulnerabilities : - When a pair of NSSCertificate structures are added to a trust domain and then one of them is removed during use, a use-after-free error occurs which may cause the application to crash. This crash is potentially exploitable. (CVE-2014-1544) - There are multiple memory safety hazards within the browser engine. These hazards may lead to memory corruption vulnerabilities, which may allow attackers to execute arbitrary code. (CVE-2014-1547, CVE-2014-1548) - A buffer overflow exists when interacting with the Web Audio buffer during playback due to an error with the allocation of memory for the buffer. This may lead to a potentially exploitable crash. (CVE-2014-1549) - A use-after-free exists in Web Audio due to the way control messages are handled. This may lead to a potentially exploitable crash. (CVE-2014-1550) - There is a potential use-after-free issue in DirectWrite font handling. This may allow an attacker to potentially execute arbitrary code within the context of the user running the application. (CVE-2014-1551) - There is an issue with the IFRAME sandbox same-origin access policy which allows sandboxed content to access other content from the same origin without approval. This may lead to a same-origin-bypass vulnerability. (CVE-2014-1552) - Triggering the FireOnStateChange event has the potential to crash the application. This may lead to a use-after-free and an exploitable crash. (CVE-2014-1555) - When using the Cesium JavaScript library to generate WebGL content, the application may crash. This crash is potentially exploitable. (CVE-2014-1556) - There is a flaw in the Skia library when scaling images of high quality. If the image data is discarded while being processed, the library may crash. This crash is potentially exploitable. (CVE-2014-1557) - There are multiple issues with using invalid characters in various certificates. These invalid characters may cause certificates to be parsed incorrectly which may lead to the inability to use valid SSL certificates. (CVE-2014-1558, CVE-2014-1559, CVE-2014-1560) - It may be possible to spoof drag and drop events in web content. This may allow limited ability to interact with the UI. (CVE-2014-1561) last seen 2020-06-01 modified 2020-06-02 plugin id 76763 published 2014-07-24 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76763 title Firefox < 31.0 Multiple Vulnerabilities NASL family Solaris Local Security Checks NASL id SOLARIS11_FIREFOX_20141216.NASL description The remote Solaris system is missing necessary patches to address security updates. last seen 2020-06-01 modified 2020-06-02 plugin id 80610 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80610 title Oracle Solaris Third-Party Patch Update : firefox (multiple_vulnerabilities_fixed_in_firefox1)
References
- http://secunia.com/advisories/59760
- http://www.mozilla.org/security/announce/2014/mfsa2014-59.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securitytracker.com/id/1030619
- http://www.securitytracker.com/id/1030620
- https://bugzilla.mozilla.org/show_bug.cgi?id=1018234
- https://security.gentoo.org/glsa/201504-01