Vulnerabilities > CVE-2014-1584 - Cryptographic Issues vulnerability in Mozilla Firefox

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
mozilla
CWE-310
nessus

Summary

The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site via a crafted certificate that leads to presentation of the Untrusted Connection dialog to the user.

Vulnerable Configurations

Part Description Count
Application
Mozilla
251

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_33.NASL
    descriptionThe version of Firefox installed on the remote Mac OS X host is a version prior to 33.0. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1574, CVE-2014-1575) - A buffer overflow vulnerability exists when capitalization style changes occur during CSS parsing. (CVE-2014-1576) - An out-of-bounds read error exists in the Web Audio component when invalid values are used in custom waveforms that leads to a denial of service or information disclosure. (CVE-2014-1577) - An out-of-bounds write error exists when processing invalid tile sizes in
    last seen2020-06-01
    modified2020-06-02
    plugin id78470
    published2014-10-15
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78470
    titleFirefox < 33.0 Multiple Vulnerabilities (Mac OS X)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78470);
      script_version("1.9");
      script_cvs_date("Date: 2019/11/25");
    
      script_cve_id(
        "CVE-2014-1574",
        "CVE-2014-1575",
        "CVE-2014-1576",
        "CVE-2014-1577",
        "CVE-2014-1578",
        "CVE-2014-1580",
        "CVE-2014-1581",
        "CVE-2014-1582",
        "CVE-2014-1583",
        "CVE-2014-1584",
        "CVE-2014-1585",
        "CVE-2014-1586"
      );
      script_bugtraq_id(
        70424,
        70425,
        70426,
        70427,
        70428,
        70430,
        70431,
        70432,
        70434,
        70436,
        70439,
        70440
      );
    
      script_name(english:"Firefox < 33.0 Multiple Vulnerabilities (Mac OS X)");
      script_summary(english:"Checks the version of Firefox.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Mac OS X host contains a web browser that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Firefox installed on the remote Mac OS X host is a
    version prior to 33.0. It is, therefore, affected by the following
    vulnerabilities :
    
      - Multiple memory safety flaws exist within the browser
        engine. Exploiting these, an attacker can cause a denial
        of service or execute arbitrary code. (CVE-2014-1574,
        CVE-2014-1575)
    
      - A buffer overflow vulnerability exists when
        capitalization style changes occur during CSS parsing.
        (CVE-2014-1576)
    
      - An out-of-bounds read error exists in the Web Audio
        component when invalid values are used in custom
        waveforms that leads to a denial of service or
        information disclosure. (CVE-2014-1577)
    
      - An out-of-bounds write error exists when processing
        invalid tile sizes in 'WebM' format videos that result
        in arbitrary code execution. (CVE-2014-1578)
    
      - Memory is not properly initialized during GIF rendering
        within a '<canvas>' element. Using a specially crafted
        web script, a remote attacker can exploit this to
        acquire sensitive information from the process memory.
        (CVE-2014-1580)
    
      - A use-after-free error exists in the
        'DirectionalityUtils' component when text direction is
        used in the text layout that results in arbitrary
        code execution. (CVE-2014-1581)
    
      - Multiple security bypass vulnerabilities exist related
        to key pinning, a method to prevent man-in-the-middle
        attacks by verifying certificates. An attacker can use
        SPDY or HTTP/2 connection coalescing to bypass key
        pinning on websites that use a domain name that resolve
        to the same IP address. Another issue exists in which
        key pinning verification is not performed due to an
        issue verifying the issuer of an SSL certificate. These
        issues could result in man-in-the-middle attacks. Note
        that key pinning was introduced in Firefox 32.
        (CVE-2014-1582, CVE-2014-1584)
    
      - An error exists that could allow a malicious app to use
        'AlarmAPI' to read cross-origin references and possibly
        allow for the same-origin policy to be bypassed.
        (CVE-2014-1583)
    
      - Multiple issues exist in WebRTC when the session is
        running within an 'iframe' element that will allow the
        session to be accessible even when sharing is stopped
        and when returning to the website. This could lead to
        video inadvertently being shared. (CVE-2014-1585,
        CVE-2014-1586)");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-74.html");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-75.html");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-76.html");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-77.html");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-78.html");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-79.html");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-80.html");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-81.html");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-82.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Firefox 33.0 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-1581");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/10/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_firefox_installed.nasl");
      script_require_keys("MacOSX/Firefox/Installed");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    
    kb_base = "MacOSX/Firefox";
    get_kb_item_or_exit(kb_base+"/Installed");
    
    version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
    path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);
    
    if (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');
    
    mozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'33.0', severity:SECURITY_HOLE, xss:FALSE);
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201504-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201504-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround : There are no known workarounds at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id82632
    published2015-04-08
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82632
    titleGLSA-201504-01 : Mozilla Products: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201504-01.
    #
    # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82632);
      script_version("1.7");
      script_cvs_date("Date: 2019/08/12 17:35:38");
    
      script_cve_id("CVE-2013-1741", "CVE-2013-2566", "CVE-2013-5590", "CVE-2013-5591", "CVE-2013-5592", "CVE-2013-5593", "CVE-2013-5595", "CVE-2013-5596", "CVE-2013-5597", "CVE-2013-5598", "CVE-2013-5599", "CVE-2013-5600", "CVE-2013-5601", "CVE-2013-5602", "CVE-2013-5603", "CVE-2013-5604", "CVE-2013-5605", "CVE-2013-5606", "CVE-2013-5607", "CVE-2013-5609", "CVE-2013-5610", "CVE-2013-5612", "CVE-2013-5613", "CVE-2013-5614", "CVE-2013-5615", "CVE-2013-5616", "CVE-2013-5618", "CVE-2013-5619", "CVE-2013-6671", "CVE-2013-6672", "CVE-2013-6673", "CVE-2014-1477", "CVE-2014-1478", "CVE-2014-1479", "CVE-2014-1480", "CVE-2014-1481", "CVE-2014-1482", "CVE-2014-1483", "CVE-2014-1485", "CVE-2014-1486", "CVE-2014-1487", "CVE-2014-1488", "CVE-2014-1489", "CVE-2014-1490", "CVE-2014-1491", "CVE-2014-1492", "CVE-2014-1493", "CVE-2014-1494", "CVE-2014-1496", "CVE-2014-1497", "CVE-2014-1498", "CVE-2014-1499", "CVE-2014-1500", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1505", "CVE-2014-1508", "CVE-2014-1509", "CVE-2014-1510", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1513", "CVE-2014-1514", "CVE-2014-1518", "CVE-2014-1519", "CVE-2014-1520", "CVE-2014-1522", "CVE-2014-1523", "CVE-2014-1524", "CVE-2014-1525", "CVE-2014-1526", "CVE-2014-1529", "CVE-2014-1530", "CVE-2014-1531", "CVE-2014-1532", "CVE-2014-1533", "CVE-2014-1534", "CVE-2014-1536", "CVE-2014-1537", "CVE-2014-1538", "CVE-2014-1539", "CVE-2014-1540", "CVE-2014-1541", "CVE-2014-1542", "CVE-2014-1543", "CVE-2014-1544", "CVE-2014-1545", "CVE-2014-1547", "CVE-2014-1548", "CVE-2014-1549", "CVE-2014-1550", "CVE-2014-1551", "CVE-2014-1552", "CVE-2014-1553", "CVE-2014-1554", "CVE-2014-1555", "CVE-2014-1556", "CVE-2014-1557", "CVE-2014-1558", "CVE-2014-1559", "CVE-2014-1560", "CVE-2014-1561", "CVE-2014-1562", "CVE-2014-1563", "CVE-2014-1564", "CVE-2014-1565", "CVE-2014-1566", "CVE-2014-1567", "CVE-2014-1568", "CVE-2014-1574", "CVE-2014-1575", "CVE-2014-1576", "CVE-2014-1577", "CVE-2014-1578", "CVE-2014-1580", "CVE-2014-1581", "CVE-2014-1582", "CVE-2014-1583", "CVE-2014-1584", "CVE-2014-1585", "CVE-2014-1586", "CVE-2014-1587", "CVE-2014-1588", "CVE-2014-1589", "CVE-2014-1590", "CVE-2014-1591", "CVE-2014-1592", "CVE-2014-1593", "CVE-2014-1594", "CVE-2014-5369", "CVE-2014-8631", "CVE-2014-8632", "CVE-2014-8634", "CVE-2014-8635", "CVE-2014-8636", "CVE-2014-8637", "CVE-2014-8638", "CVE-2014-8639", "CVE-2014-8640", "CVE-2014-8641", "CVE-2014-8642", "CVE-2015-0817", "CVE-2015-0818", "CVE-2015-0819", "CVE-2015-0820", "CVE-2015-0821", "CVE-2015-0822", "CVE-2015-0823", "CVE-2015-0824", "CVE-2015-0825", "CVE-2015-0826", "CVE-2015-0827", "CVE-2015-0828", "CVE-2015-0829", "CVE-2015-0830", "CVE-2015-0831", "CVE-2015-0832", "CVE-2015-0833", "CVE-2015-0834", "CVE-2015-0835", "CVE-2015-0836");
      script_xref(name:"GLSA", value:"201504-01");
    
      script_name(english:"GLSA-201504-01 : Mozilla Products: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201504-01
    (Mozilla Products: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Firefox, Thunderbird,
          and SeaMonkey. Please review the CVE identifiers referenced below for
          details.
      
    Impact :
    
        A remote attacker could entice a user to view a specially crafted web
          page or email, possibly resulting in execution of arbitrary code or a
          Denial of Service condition. Furthermore, a remote attacker may be able
          to perform Man-in-the-Middle attacks, obtain sensitive information, spoof
          the address bar, conduct clickjacking attacks, bypass security
          restrictions and protection mechanisms,  or have other unspecified
          impact.
      
    Workaround :
    
        There are no known workarounds at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201504-01"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All firefox users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-client/firefox-31.5.3'
        All firefox-bin users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-31.5.3'
        All thunderbird users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-31.5.0'
        All thunderbird-bin users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=mail-client/thunderbird-bin-31.5.0'
        All seamonkey users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-client/seamonkey-2.33.1'
        All seamonkey-bin users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-2.33.1'
        All nspr users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-libs/nspr-4.10.6'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox Proxy Prototype Privileged Javascript Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firefox-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:nspr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:thunderbird-bin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"dev-libs/nspr", unaffected:make_list("ge 4.10.6"), vulnerable:make_list("lt 4.10.6"))) flag++;
    if (qpkg_check(package:"www-client/firefox-bin", unaffected:make_list("ge 31.5.3"), vulnerable:make_list("lt 31.5.3"))) flag++;
    if (qpkg_check(package:"www-client/seamonkey", unaffected:make_list("ge 2.33.1"), vulnerable:make_list("lt 2.33.1"))) flag++;
    if (qpkg_check(package:"www-client/seamonkey-bin", unaffected:make_list("ge 2.33.1"), vulnerable:make_list("lt 2.33.1"))) flag++;
    if (qpkg_check(package:"mail-client/thunderbird-bin", unaffected:make_list("ge 31.5.0"), vulnerable:make_list("lt 31.5.0"))) flag++;
    if (qpkg_check(package:"www-client/firefox", unaffected:make_list("ge 31.5.3"), vulnerable:make_list("lt 31.5.3"))) flag++;
    if (qpkg_check(package:"mail-client/thunderbird", unaffected:make_list("ge 31.5.0"), vulnerable:make_list("lt 31.5.0"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla Products");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-784.NASL
    descriptionseamonkey was updated to version 2.31 to fix 20 security issues. These security issues were fixed : - Miscellaneous memory safety hazards (CVE-2014-1587, CVE-2014-1588). - XBL bindings accessible via improper CSS declarations (CVE-2014-1589). - XMLHttpRequest crashes with some input streams (CVE-2014-1590). - CSP leaks redirect data via violation reports (CVE-2014-1591). - Use-after-free during HTML5 parsing (CVE-2014-1592). - Buffer overflow while parsing media content (CVE-2014-1593). - Bad casting from the BasicThebesLayer to BasicContainerLayer (CVE-2014-1594). - Miscellaneous memory safety hazards (CVE-2014-1574, CVE-2014-1575). - Buffer overflow during CSS manipulation (CVE-2014-1576). - Web Audio memory corruption issues with custom waveforms (CVE-2014-1577). - Out-of-bounds write with WebM video (CVE-2014-1578). - Further uninitialized memory use during GIF rendering (CVE-2014-1580). - Use-after-free interacting with text directionality (CVE-2014-1581). - Key pinning bypasses (CVE-2014-1582, CVE-2014-1584). - Inconsistent video sharing within iframe (CVE-2014-1585, CVE-2014-1586). - Accessing cross-origin objects via the Alarms API (only relevant for installed web apps) (CVE-2014-1583). This non-security issue was fixed : - define /usr/share/myspell as additional dictionary location and remove add-plugins.sh finally (bnc#900639).
    last seen2020-06-05
    modified2014-12-18
    plugin id80093
    published2014-12-18
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80093
    titleopenSUSE Security Update : seamonkey (openSUSE-SU-2014:1655-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2014-784.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(80093);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2014-1574", "CVE-2014-1575", "CVE-2014-1576", "CVE-2014-1577", "CVE-2014-1578", "CVE-2014-1580", "CVE-2014-1581", "CVE-2014-1582", "CVE-2014-1583", "CVE-2014-1584", "CVE-2014-1585", "CVE-2014-1586", "CVE-2014-1587", "CVE-2014-1588", "CVE-2014-1589", "CVE-2014-1590", "CVE-2014-1591", "CVE-2014-1592", "CVE-2014-1593", "CVE-2014-1594");
    
      script_name(english:"openSUSE Security Update : seamonkey (openSUSE-SU-2014:1655-1)");
      script_summary(english:"Check for the openSUSE-2014-784 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "seamonkey was updated to version 2.31 to fix 20 security issues.
    
    These security issues were fixed :
    
      - Miscellaneous memory safety hazards (CVE-2014-1587,
        CVE-2014-1588).
    
      - XBL bindings accessible via improper CSS declarations
        (CVE-2014-1589).
    
      - XMLHttpRequest crashes with some input streams
        (CVE-2014-1590).
    
      - CSP leaks redirect data via violation reports
        (CVE-2014-1591).
    
      - Use-after-free during HTML5 parsing (CVE-2014-1592).
    
      - Buffer overflow while parsing media content
        (CVE-2014-1593).
    
      - Bad casting from the BasicThebesLayer to
        BasicContainerLayer (CVE-2014-1594).
    
      - Miscellaneous memory safety hazards (CVE-2014-1574,
        CVE-2014-1575).
    
      - Buffer overflow during CSS manipulation (CVE-2014-1576).
    
      - Web Audio memory corruption issues with custom waveforms
        (CVE-2014-1577).
    
      - Out-of-bounds write with WebM video (CVE-2014-1578).
    
      - Further uninitialized memory use during GIF rendering
        (CVE-2014-1580).
    
      - Use-after-free interacting with text directionality
        (CVE-2014-1581).
    
      - Key pinning bypasses (CVE-2014-1582, CVE-2014-1584).
    
      - Inconsistent video sharing within iframe (CVE-2014-1585,
        CVE-2014-1586).
    
      - Accessing cross-origin objects via the Alarms API (only
        relevant for installed web apps) (CVE-2014-1583).
    
    This non-security issue was fixed :
    
      - define /usr/share/myspell as additional dictionary
        location and remove add-plugins.sh finally (bnc#900639)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=894370"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=900639"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=900941"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=908009"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2014-12/msg00068.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected seamonkey packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-irc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-other");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/12/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-2.31-4.2") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-debuginfo-2.31-4.2") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-debugsource-2.31-4.2") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-dom-inspector-2.31-4.2") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-irc-2.31-4.2") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-translations-common-2.31-4.2") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-translations-other-2.31-4.2") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey / seamonkey-debuginfo / seamonkey-debugsource / etc");
    }
    
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_33.NASL
    descriptionThe version of Firefox installed on the remote Windows host is a version prior to 33.0. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1574, CVE-2014-1575) - A buffer overflow vulnerability exists when capitalization style changes occur during CSS parsing. (CVE-2014-1576) - An out-of-bounds read error exists in the Web Audio component when invalid values are used in custom waveforms that leads to a denial of service or information disclosure. (CVE-2014-1577) - An out-of-bounds write error exists when processing invalid tile sizes in
    last seen2020-06-01
    modified2020-06-02
    plugin id78473
    published2014-10-15
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78473
    titleFirefox < 33.0 Multiple Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-14084.NASL
    descriptionNew upstream version - Firefox 33. Update to the latest upstream 32.0.2. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-11-03
    plugin id78813
    published2014-11-03
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78813
    titleFedora 21 : firefox-33.0-1.fc21 (2014-14084)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-612.NASL
    description - update to Firefox 33.0 (bnc#900941) New features : - OpenH264 support (sandboxed) - Enhanced Tiles - Improved search experience through the location bar - Slimmer and faster JavaScript strings - New CSP (Content Security Policy) backend - Support for connecting to HTTP proxy over HTTPS - Improved reliability of the session restoration - Proprietary window.crypto properties/functions removed Security : - MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 Miscellaneous memory safety hazards - MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation - MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms - MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video - MFSA 2014-78/CVE-2014-1580 (bmo#1063733) Further uninitialized memory use during GIF rendering - MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality - MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190) Key pinning bypasses - MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe - MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API (only relevant for installed web apps) - requires NSPR 4.10.7 - requires NSS 3.17.1 - removed obsolete patches : - mozilla-ppc.patch - mozilla-libproxy-compat.patch - added basic appdata information - update to SeaMonkey 2.30 (bnc#900941) - venkman debugger removed from application and therefore obsolete package seamonkey-venkman - MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 Miscellaneous memory safety hazards - MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation - MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms - MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video - MFSA 2014-78/CVE-2014-1580 (bmo#1063733) Further uninitialized memory use during GIF rendering - MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality - MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190) Key pinning bypasses - MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe - MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API (only relevant for installed web apps) - requires NSPR 4.10.7 - requires NSS 3.17.1 - removed obsolete patches : - mozilla-ppc.patch - mozilla-libproxy-compat.patch Changes in mozilla-nss : - update to 3.17.1 (bnc#897890) - Change library
    last seen2020-06-05
    modified2014-11-03
    plugin id78818
    published2014-11-03
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78818
    titleopenSUSE Security Update : firefox / mozilla-nspr / mozilla-nss (openSUSE-SU-2014:1344-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-13042.NASL
    descriptionNew upstream version - Firefox 33. Update to the latest upstream 32.0.2. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-10-20
    plugin id78573
    published2014-10-20
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78573
    titleFedora 20 : firefox-33.0-1.fc20 (2014-13042)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_9C1495AC8D8C4789A0F38CA6B476619C.NASL
    descriptionThe Mozilla Project reports : MFSA 2014-74 Miscellaneous memory safety hazards (rv:33.0 / rv:31.2) MFSA 2014-75 Buffer overflow during CSS manipulation MFSA 2014-76 Web Audio memory corruption issues with custom waveforms MFSA 2014-78 Further uninitialized memory use during GIF MFSA 2014-79 Use-after-free interacting with text directionality MFSA 2014-80 Key pinning bypasses MFSA 2014-81 Inconsistent video sharing within iframe MFSA 2014-82 Accessing cross-origin objects via the Alarms API
    last seen2020-06-01
    modified2020-06-02
    plugin id78496
    published2014-10-16
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78496
    titleFreeBSD : mozilla -- multiple vulnerabilities (9c1495ac-8d8c-4789-a0f3-8ca6b476619c)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2372-1.NASL
    descriptionBobby Holley, Christian Holler, David Bolter, Byron Campen, Jon Coppeard, Carsten Book, Martijn Wargers, Shih-Chiang Chien, Terrence Cole and Jeff Walden discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1574, CVE-2014-1575) Atte Kettunen discovered a buffer overflow during CSS manipulation. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1576) Holger Fuhrmannek discovered an out-of-bounds read with Web Audio. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal sensitive information. (CVE-2014-1577) Abhishek Arya discovered an out-of-bounds write when buffering WebM video in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1578) Michal Zalewski discovered that memory may not be correctly initialized when rendering a malformed GIF in to a canvas in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal sensitive information. (CVE-2014-1580) A use-after-free was discovered during text layout in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1581) Patrick McManus and David Keeler discovered 2 issues that could result in certificate pinning being bypassed in some circumstances. An attacker with a fraudulent certificate could potentially exploit this conduct a man in the middle attack. (CVE-2014-1582, CVE-2014-1584) Eric Shepherd and Jan-Ivar Bruaroey discovered issues with video sharing via WebRTC in iframes, where video continues to be shared after being stopped and navigating to a new site doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id78466
    published2014-10-15
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78466
    titleUbuntu 12.04 LTS / 14.04 LTS : firefox vulnerabilities (USN-2372-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-611.NASL
    description - update to Firefox 33.0 (bnc#900941) New features : - OpenH264 support (sandboxed) - Enhanced Tiles - Improved search experience through the location bar - Slimmer and faster JavaScript strings - New CSP (Content Security Policy) backend - Support for connecting to HTTP proxy over HTTPS - Improved reliability of the session restoration - Proprietary window.crypto properties/functions removed Security : - MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 Miscellaneous memory safety hazards - MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation - MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms - MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video - MFSA 2014-78/CVE-2014-1580 (bmo#1063733) Further uninitialized memory use during GIF rendering - MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality - MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190) Key pinning bypasses - MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe - MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API (only relevant for installed web apps) - requires NSPR 4.10.7 - requires NSS 3.17.1 - removed obsolete patches : - mozilla-ppc.patch - mozilla-libproxy-compat.patch - added basic appdata information - update to SeaMonkey 2.30 (bnc#900941) - venkman debugger removed from application and therefore obsolete package seamonkey-venkman - MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 Miscellaneous memory safety hazards - MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation - MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms - MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video - MFSA 2014-78/CVE-2014-1580 (bmo#1063733) Further uninitialized memory use during GIF rendering - MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality - MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190) Key pinning bypasses - MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe - MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API (only relevant for installed web apps) - requires NSPR 4.10.7 - requires NSS 3.17.1 - removed obsolete patches : - mozilla-ppc.patch - mozilla-libproxy-compat.patch Changes in mozilla-nspr : - update to version 4.10.7 - bmo#836658: VC11+ defaults to SSE2 builds by default. - bmo#979278: TSan: data race nsprpub/pr/src/threads/prtpd.c:103 PR_NewThreadPrivateIndex. - bmo#1026129: Replace some manual declarations of MSVC intrinsics with #include <intrin.h>. - bmo#1026469: Use AC_CHECK_LIB instead of MOZ_CHECK_PTHREADS. Skip compiler checks when using MSVC, even when $CC is not literally
    last seen2020-06-05
    modified2014-11-03
    plugin id78817
    published2014-11-03
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78817
    titleopenSUSE Security Update : firefox / mozilla-nspr / mozilla-nss and seamonkey (openSUSE-SU-2014:1345-1)