ID CVE-2004-0905 Type cve Reporter cve@mitre.org Modified 2017-10-11T01:29:00
Description
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
{"osvdb": [{"lastseen": "2017-04-28T13:20:05", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:107)\n[Secunia Advisory ID:12698](https://secuniaresearch.flexerasoftware.com/advisories/12698/)\n[Secunia Advisory ID:12742](https://secuniaresearch.flexerasoftware.com/advisories/12742/)\n[Secunia Advisory ID:12747](https://secuniaresearch.flexerasoftware.com/advisories/12747/)\nRedHat RHSA: RHSA-2004:486\nOther Advisory URL: http://www.suse.de/de/security/2004_36_mozilla.html\nOther Advisory URL: http://www.securiteam.com/securitynews/5EP0F20F5S.html\nISS X-Force ID: 17374\n[CVE-2004-0905](https://vulners.com/cve/CVE-2004-0905)\nBugtraq ID: 11177\n", "modified": "2004-09-14T00:00:00", "published": "2004-09-14T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:10524", "id": "OSVDB:10524", "type": "osvdb", "title": "Mozilla Multiple Product Javascript Drag and Drop XSS", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:08:40", "bulletinFamily": "scanner", "description": "Several scripting vulnerabilities were discovered and corrected in Mozilla : CVE-2004-0905 JavaScript; links dragged onto another frame or page allows an attacker to steal or modify sensitive information from other sites. The user could be convinced to drag obscurred links in the context of a game or even a fake scrollbar. If the user could be convinced to drag two links in sequence into a separate window (not frame) the attacker would be able to run arbitrary programs.\nCVE-2004-0908 Untrusted JavaScript code can read and write to the clipboard, stealing any sensitive data the user might have copied.\nWorkaround: disable JavaScript CVE-2004-0909 Signed scripts requesting enhanced abilities could construct the request in a way that led to a confusing grant dialog, possibly fooling the user into thinking the privilege requested was inconsequential while actually obtaining explicit permission to run and install software. Workaround: Never grant enhanced abilities of any kind to untrusted web pages.", "modified": "2018-11-23T00:00:00", "id": "FREEBSD_PKG_B2E6D1D6133911D9BC4A000C41E2CDAD.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19087", "published": "2005-07-13T00:00:00", "title": "FreeBSD : mozilla -- scripting vulnerabilities (b2e6d1d6-1339-11d9-bc4a-000c41e2cdad)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19087);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/11/23 12:49:57\");\n\n script_cve_id(\"CVE-2004-0905\", \"CVE-2004-0908\", \"CVE-2004-0909\");\n\n script_name(english:\"FreeBSD : mozilla -- scripting vulnerabilities (b2e6d1d6-1339-11d9-bc4a-000c41e2cdad)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several scripting vulnerabilities were discovered and corrected in\nMozilla : CVE-2004-0905 JavaScript; links dragged onto another frame\nor page allows an attacker to steal or modify sensitive information\nfrom other sites. The user could be convinced to drag obscurred links\nin the context of a game or even a fake scrollbar. If the user could\nbe convinced to drag two links in sequence into a separate window (not\nframe) the attacker would be able to run arbitrary programs.\nCVE-2004-0908 Untrusted JavaScript code can read and write to the\nclipboard, stealing any sensitive data the user might have copied.\nWorkaround: disable JavaScript CVE-2004-0909 Signed scripts requesting\nenhanced abilities could construct the request in a way that led to a\nconfusing grant dialog, possibly fooling the user into thinking the\nprivilege requested was inconsequential while actually obtaining\nexplicit permission to run and install software. Workaround: Never\ngrant enhanced abilities of any kind to untrusted web pages.\"\n );\n # http://bugzilla.mozilla.org/show_bug.cgi?id=250862\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=250862\"\n );\n # http://bugzilla.mozilla.org/show_bug.cgi?id=257523\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=257523\"\n );\n # http://bugzilla.mozilla.org/show_bug.cgi?id=253942\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=253942\"\n );\n # https://vuxml.freebsd.org/freebsd/b2e6d1d6-1339-11d9-bc4a-000c41e2cdad.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f22c46a5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:de-linux-mozillafirebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:de-linux-netscape\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:de-netscape7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:el-linux-mozillafirebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:fr-linux-netscape\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:fr-netscape7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ja-linux-mozillafirebird-gtk1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ja-linux-netscape\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ja-mozillafirebird-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ja-netscape7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-mozilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-mozillafirebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-netscape\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-phoenix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mozilla+ipv6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mozilla-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mozilla-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mozilla-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mozilla-gtk1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mozilla-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:netscape7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:phoenix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:pt_BR-netscape7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ru-linux-mozillafirebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:zhCN-linux-mozillafirebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:zhTW-linux-mozillafirebird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird<0.8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"de-linux-mozillafirebird<1.p\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"el-linux-mozillafirebird<1.p\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"firefox<1.p\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-linux-mozillafirebird-gtk1<1.p\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-mozillafirebird-gtk2<1.p\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-mozillafirebird<1.p\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ru-linux-mozillafirebird<1.p\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"zhCN-linux-mozillafirebird<1.p\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"zhTW-linux-mozillafirebird<1.p\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"de-netscape7<=7.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"fr-netscape7<=7.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-netscape7<=7.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"netscape7<=7.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"pt_BR-netscape7<=7.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mozilla-gtk1<1.7.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-mozilla<1.7.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-mozilla-devel<1.7.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mozilla<1.7.3,2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"de-linux-netscape>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"fr-linux-netscape>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-linux-netscape>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-netscape>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-phoenix>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mozilla+ipv6>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mozilla-embedded>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mozilla-firebird>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mozilla-gtk2>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mozilla-gtk>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mozilla-thunderbird>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"phoenix>=0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:08:06", "bulletinFamily": "scanner", "description": "The remote host is using Mozilla and/or Firefox, a web browser.\n\nThe remote version of this software is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host, get access to content of the user clipboard or, perform a cross-domain cross-site scripting attack.\n\nA remote attacker could exploit these issues by tricking a user into viewing a malicious web page.", "modified": "2018-07-16T00:00:00", "id": "MOZILLA_MULTIPLE_FLAWS.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=14728", "published": "2004-09-15T00:00:00", "title": "Mozilla Browsers Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif(description)\n{\n script_id(14728);\n script_version(\"1.24\");\n script_cve_id(\n \"CVE-2004-0904\", \n \"CVE-2004-0905\", \n \"CVE-2004-0906\", \n \"CVE-2004-0908\"\n );\n script_bugtraq_id(\n 11194, \n 11192, \n 11169, \n 11171, \n 11177, \n 11179 \n );\n\n script_name(english:\"Mozilla Browsers Multiple Vulnerabilities\");\n script_summary(english:\"Determines the version of Mozilla\");\n \n script_set_attribute( attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\" );\n script_set_attribute( attribute:\"description\", value:\n\"The remote host is using Mozilla and/or Firefox, a web browser.\n\nThe remote version of this software is vulnerable to several flaws\nthat could allow an attacker to execute arbitrary code on the remote\nhost, get access to content of the user clipboard or, perform\na cross-domain cross-site scripting attack.\n\nA remote attacker could exploit these issues by tricking a user\ninto viewing a malicious web page.\" );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade to Mozilla 1.7.3 / Firefox 0.10.0 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/09/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2004/09/14\");\n script_cvs_date(\"Date: 2018/07/16 14:09:15\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:mozilla:mozilla\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:mozilla:firefox\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:mozilla:thunderbird\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:netscape:navigator\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n if ( NASL_LEVEL >= 3206 ) script_require_ports(\"Mozilla/Version\", \"Mozilla/Firefox/Version\");\n exit(0);\n}\n\n#\n\ninclude(\"misc_func.inc\");\n\nver = read_version_in_kb(\"Mozilla/Version\");\nif (!isnull(ver))\n{\n if (\n ver[0] < 1 ||\n (\n ver[0] == 1 &&\n (\n ver[1] < 7 ||\n (ver[1] == 7 && ver[2] < 3)\n )\n )\n ) security_hole(get_kb_item(\"SMB/transport\"));\n}\n\nver = read_version_in_kb(\"Mozilla/Firefox/Version\");\nif (!isnull(ver))\n{\n if (ver[0] == 0 && ver[1] < 10)\n security_hole(get_kb_item(\"SMB/transport\"));\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:08:13", "bulletinFamily": "scanner", "description": "Updated mozilla packages that fix a number of security issues are now available.\n\nMozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.\n\nJesse Ruderman discovered a cross-domain scripting bug in Mozilla. If a user is tricked into dragging a JavaScript link into another frame or page, it becomes possible for an attacker to steal or modify sensitive information from that site. Additionally, if a user is tricked into dragging two links in sequence to another window (not frame), it is possible for the attacker to execute arbitrary commands.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0905 to this issue.\n\nGael Delalleau discovered an integer overflow which affects the BMP handling code inside Mozilla. An attacker could create a carefully crafted BMP file in such a way that it would cause Mozilla to crash or execute arbitrary code when the image is viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0904 to this issue.\n\nGeorgi Guninski discovered a stack-based buffer overflow in the vCard display routines. An attacker could create a carefully crafted vCard file in such a way that it would cause Mozilla to crash or execute arbitrary code when viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0903 to this issue.\n\nWladimir Palant discovered a flaw in the way JavaScript interacts with the clipboard. It is possible that an attacker could use malicious JavaScript code to steal sensitive data which has been copied into the clipboard. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0908 to this issue.\n\nGeorgi Guninski discovered a heap based buffer overflow in the 'Send Page' feature. It is possible that an attacker could construct a link in such a way that a user attempting to forward it could result in a crash or arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0902 to this issue.\n\nUsers of Mozilla should update to these updated packages, which contain backported patches and are not vulnerable to these issues.", "modified": "2018-12-20T00:00:00", "id": "REDHAT-RHSA-2004-486.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=15409", "published": "2004-10-02T00:00:00", "title": "RHEL 2.1 / 3 : mozilla (RHSA-2004:486)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2004:486. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15409);\n script_version (\"1.25\");\n script_cvs_date(\"Date: 2018/12/20 11:08:45\");\n\n script_cve_id(\"CVE-2004-0902\", \"CVE-2004-0903\", \"CVE-2004-0904\", \"CVE-2004-0905\", \"CVE-2004-0908\");\n script_xref(name:\"RHSA\", value:\"2004:486\");\n script_xref(name:\"Secunia\", value:\"12526\");\n\n script_name(english:\"RHEL 2.1 / 3 : mozilla (RHSA-2004:486)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mozilla packages that fix a number of security issues are now\navailable.\n\nMozilla is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nJesse Ruderman discovered a cross-domain scripting bug in Mozilla. If\na user is tricked into dragging a JavaScript link into another frame\nor page, it becomes possible for an attacker to steal or modify\nsensitive information from that site. Additionally, if a user is\ntricked into dragging two links in sequence to another window (not\nframe), it is possible for the attacker to execute arbitrary commands.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2004-0905 to this issue.\n\nGael Delalleau discovered an integer overflow which affects the BMP\nhandling code inside Mozilla. An attacker could create a carefully\ncrafted BMP file in such a way that it would cause Mozilla to crash or\nexecute arbitrary code when the image is viewed. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2004-0904 to this issue.\n\nGeorgi Guninski discovered a stack-based buffer overflow in the vCard\ndisplay routines. An attacker could create a carefully crafted vCard\nfile in such a way that it would cause Mozilla to crash or execute\narbitrary code when viewed. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2004-0903 to this\nissue.\n\nWladimir Palant discovered a flaw in the way JavaScript interacts with\nthe clipboard. It is possible that an attacker could use malicious\nJavaScript code to steal sensitive data which has been copied into the\nclipboard. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2004-0908 to this issue.\n\nGeorgi Guninski discovered a heap based buffer overflow in the 'Send\nPage' feature. It is possible that an attacker could construct a link\nin such a way that a user attempting to forward it could result in a\ncrash or arbitrary code execution. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CVE-2004-0902\nto this issue.\n\nUsers of Mozilla should update to these updated packages, which\ncontain backported patches and are not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0908\"\n );\n # http://www.mozilla.org/projects/security/known-vulnerabilities.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/known-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2004:486\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/10/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(2\\.1|3)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2004:486\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"galeon-1.2.13-5.2.1\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-1.4.3-2.1.4\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-chat-1.4.3-2.1.4\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-devel-1.4.3-2.1.4\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-dom-inspector-1.4.3-2.1.4\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-js-debugger-1.4.3-2.1.4\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-mail-1.4.3-2.1.4\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-nspr-1.4.3-2.1.4\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-nspr-devel-1.4.3-2.1.4\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-nss-1.4.3-2.1.4\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-nss-devel-1.4.3-2.1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-1.4.3-3.0.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-chat-1.4.3-3.0.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-devel-1.4.3-3.0.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-dom-inspector-1.4.3-3.0.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-js-debugger-1.4.3-3.0.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-mail-1.4.3-3.0.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-nspr-1.4.3-3.0.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-nspr-devel-1.4.3-3.0.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-nss-1.4.3-3.0.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-nss-devel-1.4.3-3.0.4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"galeon / mozilla / mozilla-chat / mozilla-devel / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:08:06", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200409-26 (Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities)\n\n Mozilla-based products are vulnerable to multiple security issues.\n Firstly, routines handling the display of BMP images and VCards contain an integer overflow and a stack buffer overrun. Specific pages with long links, when sent using the 'Send Page' function, and links with non-ASCII hostnames could both cause heap buffer overruns.\n Several issues were found and fixed in JavaScript rights handling:\n untrusted script code could read and write to the clipboard, signed scripts could build confusing grant privileges dialog boxes, and when dragged onto trusted frames or windows, JavaScript links could access information and rights of the target frame or window. Finally, Mozilla-based mail clients (Mozilla and Mozilla Thunderbird) are vulnerable to a heap overflow caused by invalid POP3 mail server responses.\n Impact :\n\n An attacker might be able to run arbitrary code with the rights of the user running the software by enticing the user to perform one of the following actions: view a specially crafted BMP image or VCard, use the 'Send Page' function on a malicious page, follow links with malicious hostnames, drag multiple JavaScript links in a row to another window, or connect to an untrusted POP3 mail server. An attacker could also use a malicious page with JavaScript to disclose clipboard contents or abuse previously-given privileges to request XPI installation privileges through a confusing dialog.\n Workaround :\n\n There is no known workaround covering all vulnerabilities.", "modified": "2018-12-18T00:00:00", "id": "GENTOO_GLSA-200409-26.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=14781", "published": "2004-09-21T00:00:00", "title": "GLSA-200409-26 : Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200409-26.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14781);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/12/18 10:18:58\");\n\n script_cve_id(\"CVE-2004-0902\", \"CVE-2004-0903\", \"CVE-2004-0904\", \"CVE-2004-0905\", \"CVE-2004-0906\", \"CVE-2004-0907\", \"CVE-2004-0908\", \"CVE-2004-0909\");\n script_xref(name:\"GLSA\", value:\"200409-26\");\n\n script_name(english:\"GLSA-200409-26 : Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200409-26\n(Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities)\n\n Mozilla-based products are vulnerable to multiple security issues.\n Firstly, routines handling the display of BMP images and VCards contain\n an integer overflow and a stack buffer overrun. Specific pages with\n long links, when sent using the 'Send Page' function, and links with\n non-ASCII hostnames could both cause heap buffer overruns.\n Several issues were found and fixed in JavaScript rights handling:\n untrusted script code could read and write to the clipboard, signed\n scripts could build confusing grant privileges dialog boxes, and when\n dragged onto trusted frames or windows, JavaScript links could access\n information and rights of the target frame or window. Finally,\n Mozilla-based mail clients (Mozilla and Mozilla Thunderbird) are\n vulnerable to a heap overflow caused by invalid POP3 mail server\n responses.\n \nImpact :\n\n An attacker might be able to run arbitrary code with the rights of the\n user running the software by enticing the user to perform one of the\n following actions: view a specially crafted BMP image or VCard, use the\n 'Send Page' function on a malicious page, follow links with malicious\n hostnames, drag multiple JavaScript links in a row to another window,\n or connect to an untrusted POP3 mail server. An attacker could also use\n a malicious page with JavaScript to disclose clipboard contents or\n abuse previously-given privileges to request XPI installation\n privileges through a confusing dialog.\n \nWorkaround :\n\n There is no known workaround covering all vulnerabilities.\"\n );\n # http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e445b231\"\n );\n # http://www.us-cert.gov/cas/techalerts/TA04-261A.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.us-cert.gov/ncas/alerts/ta04-261a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200409-26\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All users should upgrade to the latest stable version:\n # emerge sync\n # emerge -pv your-version\n # emerge your-version\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-firefox-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/mozilla-firefox-bin\", unaffected:make_list(\"ge 1.0_pre\"), vulnerable:make_list(\"lt 1.0_pre\"))) flag++;\nif (qpkg_check(package:\"mail-client/mozilla-thunderbird-bin\", unaffected:make_list(\"ge 0.8\"), vulnerable:make_list(\"lt 0.8\"))) flag++;\nif (qpkg_check(package:\"www-client/mozilla\", unaffected:make_list(\"ge 1.7.3\"), vulnerable:make_list(\"lt 1.7.3\"))) flag++;\nif (qpkg_check(package:\"www-client/epiphany\", unaffected:make_list(\"ge 1.2.9-r1\"), vulnerable:make_list(\"lt 1.2.9-r1\"))) flag++;\nif (qpkg_check(package:\"www-client/mozilla-bin\", unaffected:make_list(\"ge 1.7.3\"), vulnerable:make_list(\"lt 1.7.3\"))) flag++;\nif (qpkg_check(package:\"mail-client/mozilla-thunderbird\", unaffected:make_list(\"ge 0.8\"), vulnerable:make_list(\"lt 0.8\"))) flag++;\nif (qpkg_check(package:\"www-client/mozilla-firefox\", unaffected:make_list(\"ge 1.0_pre\"), vulnerable:make_list(\"lt 1.0_pre\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla / Firefox / Thunderbird / Epiphany\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:08:14", "bulletinFamily": "scanner", "description": "A number of vulnerabilities were fixed in mozilla 1.7.3, the following of which have been backported to mozilla packages for Mandrakelinux 10.0 :\n\n - 'Send page' heap overrun\n\n - JavaScript clipboard access\n\n - buffer overflow when displaying VCard\n\n - BMP integer overflow\n\n - javascript: link dragging\n\n - Malicious POP3 server III\n\nThe details of all of these vulnerabilities are available from the Mozilla website.", "modified": "2018-07-19T00:00:00", "id": "MANDRAKE_MDKSA-2004-107.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=15521", "published": "2004-10-20T00:00:00", "title": "Mandrake Linux Security Advisory : mozilla (MDKSA-2004:107)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2004:107. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15521);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2018/07/19 20:59:13\");\n\n script_cve_id(\"CVE-2004-0902\", \"CVE-2004-0903\", \"CVE-2004-0904\", \"CVE-2004-0905\", \"CVE-2004-0906\", \"CVE-2004-0908\", \"CVE-2004-0909\");\n script_xref(name:\"MDKSA\", value:\"2004:107\");\n\n script_name(english:\"Mandrake Linux Security Advisory : mozilla (MDKSA-2004:107)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of vulnerabilities were fixed in mozilla 1.7.3, the following\nof which have been backported to mozilla packages for Mandrakelinux\n10.0 :\n\n - 'Send page' heap overrun\n\n - JavaScript clipboard access\n\n - buffer overflow when displaying VCard\n\n - BMP integer overflow\n\n - javascript: link dragging\n\n - Malicious POP3 server III\n\nThe details of all of these vulnerabilities are available from the\nMozilla website.\"\n );\n # http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e445b231\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nspr4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nspr4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nss3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nss3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnspr4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnspr4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnss3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnss3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-enigmime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-spellchecker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/10/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64nspr4-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64nspr4-devel-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64nss3-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64nss3-devel-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libnspr4-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libnspr4-devel-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libnss3-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libnss3-devel-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-devel-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-dom-inspector-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-enigmail-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-enigmime-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-irc-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-js-debugger-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-mail-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-spellchecker-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:09", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-10-04T00:00:00", "published": "2008-09-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=52364", "id": "OPENVAS:52364", "title": "FreeBSD Ports: thunderbird", "type": "openvas", "sourceData": "#\n#VID b2e6d1d6-1339-11d9-bc4a-000c41e2cdad\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n thunderbird\n de-linux-mozillafirebird\n el-linux-mozillafirebird\n firefox\n ja-linux-mozillafirebird-gtk1\n ja-mozillafirebird-gtk2\n linux-mozillafirebird\n ru-linux-mozillafirebird\n zhCN-linux-mozillafirebird\n zhTW-linux-mozillafirebird\n de-netscape7\n fr-netscape7\n ja-netscape7\n netscape7\n pt_BR-netscape7\n mozilla-gtk1\n linux-mozilla\n linux-mozilla-devel\n mozilla\n de-linux-netscape\n fr-linux-netscape\n ja-linux-netscape\n linux-netscape\n linux-phoenix\n mozilla+ipv6\n mozilla-embedded\n mozilla-firebird\n mozilla-gtk2\n mozilla-gtk\n mozilla-thunderbird\n phoenix\n\nCVE-2004-0905\nMozilla Firefox before the Preview Release, Mozilla before 1.7.3, and\nThunderbird before 0.8 allows remote attackers to perform cross-domain\nscripting and possible execute arbitrary code by convincing a user to\ndrag and drop javascript: links to a frame or page in another domain.\n\nCVE-2004-0908\nMozilla Firefox before the Preview Release, Mozilla before 1.7.3, and\nThunderbird before 0.8 allows untrusted Javascript code to read and\nwrite to the clipboard, and possibly obtain sensitive information, via\nscript-generated events such as Ctrl-Ins.\n\nCVE-2004-0909\nMozilla Firefox before the Preview Release, Mozilla before 1.7.3, and\nThunderbird before 0.8 may allow remote attackers to trick users into\nperforming unexpected actions, including installing software, via\nsigned scripts that request enhanced abilities using the\nenablePrivilege parameter, then modify the meaning of certain\nsecurity-relevant dialog messages.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://bugzilla.mozilla.org/show_bug.cgi?id=250862\nhttp://bugzilla.mozilla.org/show_bug.cgi?id=257523\nhttp://bugzilla.mozilla.org/show_bug.cgi?id=253942\nhttp://www.vuxml.org/freebsd/b2e6d1d6-1339-11d9-bc4a-000c41e2cdad.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52364);\n script_version(\"$Revision: 4203 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-10-04 07:30:30 +0200 (Tue, 04 Oct 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2004-0905\", \"CVE-2004-0908\", \"CVE-2004-0909\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: thunderbird\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"thunderbird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.8\")<0) {\n txt += 'Package thunderbird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"de-linux-mozillafirebird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.p\")<0) {\n txt += 'Package de-linux-mozillafirebird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"el-linux-mozillafirebird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.p\")<0) {\n txt += 'Package el-linux-mozillafirebird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.p\")<0) {\n txt += 'Package firefox version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ja-linux-mozillafirebird-gtk1\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.p\")<0) {\n txt += 'Package ja-linux-mozillafirebird-gtk1 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ja-mozillafirebird-gtk2\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.p\")<0) {\n txt += 'Package ja-mozillafirebird-gtk2 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-mozillafirebird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.p\")<0) {\n txt += 'Package linux-mozillafirebird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ru-linux-mozillafirebird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.p\")<0) {\n txt += 'Package ru-linux-mozillafirebird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"zhCN-linux-mozillafirebird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.p\")<0) {\n txt += 'Package zhCN-linux-mozillafirebird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"zhTW-linux-mozillafirebird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.p\")<0) {\n txt += 'Package zhTW-linux-mozillafirebird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"de-netscape7\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.2\")<=0) {\n txt += 'Package de-netscape7 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"fr-netscape7\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.2\")<=0) {\n txt += 'Package fr-netscape7 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ja-netscape7\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.2\")<=0) {\n txt += 'Package ja-netscape7 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"netscape7\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.2\")<=0) {\n txt += 'Package netscape7 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"pt_BR-netscape7\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.2\")<=0) {\n txt += 'Package pt_BR-netscape7 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mozilla-gtk1\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.7.3\")<0) {\n txt += 'Package mozilla-gtk1 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-mozilla\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.7.3\")<0) {\n txt += 'Package linux-mozilla version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-mozilla-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.7.3\")<0) {\n txt += 'Package linux-mozilla-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mozilla\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.7.3,2\")<0) {\n txt += 'Package mozilla version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"de-linux-netscape\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package de-linux-netscape version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"fr-linux-netscape\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package fr-linux-netscape version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ja-linux-netscape\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package ja-linux-netscape version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-netscape\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package linux-netscape version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-phoenix\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package linux-phoenix version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mozilla+ipv6\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package mozilla+ipv6 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mozilla-embedded\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package mozilla-embedded version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mozilla-firebird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package mozilla-firebird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mozilla-gtk2\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package mozilla-gtk2 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mozilla-gtk\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package mozilla-gtk version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mozilla-thunderbird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package mozilla-thunderbird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"phoenix\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package phoenix version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:18", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-irc\n mozilla-venkman\n mozilla\n mozilla-calendar\n mozilla-mail\n mozilla-dom-inspector\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5012017 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65278", "id": "OPENVAS:65278", "title": "SLES9: Security update for Mozilla", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5012017.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Mozilla\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-irc\n mozilla-venkman\n mozilla\n mozilla-calendar\n mozilla-mail\n mozilla-dom-inspector\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5012017 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65278);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2004-0902\", \"CVE-2004-0903\", \"CVE-2004-0904\", \"CVE-2004-0905\", \"CVE-2004-0906\", \"CVE-2004-0908\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Mozilla\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla-irc\", rpm:\"mozilla-irc~1.6~74.14\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:34", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-irc\n mozilla-venkman\n mozilla\n mozilla-calendar\n mozilla-mail\n mozilla-dom-inspector\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5012017 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065278", "id": "OPENVAS:136141256231065278", "title": "SLES9: Security update for Mozilla", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5012017.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Mozilla\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-irc\n mozilla-venkman\n mozilla\n mozilla-calendar\n mozilla-mail\n mozilla-dom-inspector\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5012017 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65278\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2004-0902\", \"CVE-2004-0903\", \"CVE-2004-0904\", \"CVE-2004-0905\", \"CVE-2004-0906\", \"CVE-2004-0908\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Mozilla\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla-irc\", rpm:\"mozilla-irc~1.6~74.14\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:44", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200409-26.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=54682", "id": "OPENVAS:54682", "title": "Gentoo Security Advisory GLSA 200409-26 (Mozilla)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New releases of Mozilla, Epiphany, Mozilla Thunderbird, and Mozilla Firefox\nfix several vulnerabilities, including the remote execution of arbitrary\ncode.\";\ntag_solution = \"All users should upgrade to the latest stable version:\n\n # emerge sync\n\n # emerge -pv your-version\n # emerge your-version\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200409-26\nhttp://bugs.gentoo.org/show_bug.cgi?id=63996\nhttp://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3\nhttp://www.us-cert.gov/cas/techalerts/TA04-261A.html\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200409-26.\";\n\n \n\nif(description)\n{\n script_id(54682);\n script_cve_id(\"CVE-2004-0902\",\"CVE-2004-0903\",\"CVE-2004-0904\",\"CVE-2004-0905\",\"CVE-2004-0906\",\"CVE-2004-0907\",\"CVE-2004-0908\",\"CVE-2004-0909\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_name(\"Gentoo Security Advisory GLSA 200409-26 (Mozilla)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-www/mozilla\", unaffected: make_list(\"ge 1.7.3\"), vulnerable: make_list(\"lt 1.7.3\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"net-www/mozilla-firefox\", unaffected: make_list(\"ge 1.0_pre\"), vulnerable: make_list(\"lt 1.0_pre\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"mail-client/mozilla-thunderbird\", unaffected: make_list(\"ge 0.8\"), vulnerable: make_list(\"lt 0.8\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"net-www/mozilla-bin\", unaffected: make_list(\"ge 1.7.3\"), vulnerable: make_list(\"lt 1.7.3\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"net-www/mozilla-firefox-bin\", unaffected: make_list(\"ge 1.0_pre\"), vulnerable: make_list(\"lt 1.0_pre\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"mail-client/mozilla-thunderbird-bin\", unaffected: make_list(\"ge 0.8\"), vulnerable: make_list(\"lt 0.8\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"net-www/epiphany\", unaffected: make_list(\"ge 1.2.9-r1\"), vulnerable: make_list(\"lt 1.2.9-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:35:11", "bulletinFamily": "unix", "description": "\nSeveral scripting vulnerabilities were discovered and\n\t corrected in Mozilla:\n\nCVE-2004-0905\n\n\njavascript; links dragged onto another frame or\n\t\tpage allows an attacker to steal or modify sensitive\n\t\tinformation from other sites. The user could be convinced\n\t\tto drag obscurred links in the context of a game or even a\n\t\tfake scrollbar. If the user could be convinced to drag two\n\t\tlinks in sequence into a separate window (not frame) the\n\t\tattacker would be able to run arbitrary programs.\n\n\nCVE-2004-0908\n\n\nUntrusted javascript code can read and write to the\n\t\tclipboard, stealing any sensitive data the user might\n\t\thave copied. Workaround: disable\n\t\tjavascript\n\n\nCVE-2004-0909\n\n\nSigned scripts requesting enhanced abilities could\n\t\tconstruct the request in a way that led to a confusing\n\t\tgrant dialog, possibly fooling the user into thinking\n\t\tthe privilege requested was inconsequential while\n\t\tactually obtaining explicit permission to run and\n\t\tinstall software. Workaround: Never\n\t\tgrant enhanced abilities of any kind to untrusted web\n\t\tpages.\n\n\n\n", "modified": "2004-09-13T00:00:00", "published": "2004-09-13T00:00:00", "id": "B2E6D1D6-1339-11D9-BC4A-000C41E2CDAD", "href": "https://vuxml.freebsd.org/freebsd/b2e6d1d6-1339-11d9-bc4a-000c41e2cdad.html", "title": "mozilla -- scripting vulnerabilities", "type": "freebsd", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:44:39", "bulletinFamily": "unix", "description": "Mozilla is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nJesse Ruderman discovered a cross-domain scripting bug in Mozilla. If\na user is tricked into dragging a javascript link into another frame or\npage, it becomes possible for an attacker to steal or modify sensitive\ninformation from that site. Additionally, if a user is tricked into\ndragging two links in sequence to another window (not frame), it is\npossible for the attacker to execute arbitrary commands. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0905 to this issue.\n\nGael Delalleau discovered an integer overflow which affects the BMP\nhandling code inside Mozilla. An attacker could create a carefully crafted\nBMP file in such a way that it would cause Mozilla to crash or execute\narbitrary code when the image is viewed. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0904 to\nthis issue.\n\nGeorgi Guninski discovered a stack-based buffer overflow in the vCard\ndisplay routines. An attacker could create a carefully crafted vCard file\nin such a way that it would cause Mozilla to crash or execute arbitrary\ncode when viewed. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0903 to this issue.\n\nWladimir Palant discovered a flaw in the way javascript interacts with\nthe clipboard. It is possible that an attacker could use malicious\njavascript code to steal sensitive data which has been copied into the\nclipboard. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0908 to this issue.\n\nGeorgi Guninski discovered a heap based buffer overflow in the \"Send\nPage\" feature. It is possible that an attacker could construct a link in\nsuch a way that a user attempting to forward it could result in a crash or\narbitrary code execution. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0902 to this issue.\n\nUsers of Mozilla should update to these updated packages, which contain\nbackported patches and are not vulnerable to these issues.", "modified": "2019-03-22T23:43:43", "published": "2004-09-30T04:00:00", "id": "RHSA-2004:486", "href": "https://access.redhat.com/errata/RHSA-2004:486", "type": "redhat", "title": "(RHSA-2004:486) mozilla security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:42", "bulletinFamily": "unix", "description": "### Background\n\nMozilla is a popular web browser that includes a mail and newsreader. Epiphany is a web browser that uses Gecko, the Mozilla rendering engine. Mozilla Firefox and Mozilla Thunderbird are respectively the next-generation browser and mail client from the Mozilla project. \n\n### Description\n\nMozilla-based products are vulnerable to multiple security issues. Firstly routines handling the display of BMP images and VCards contain an integer overflow and a stack buffer overrun. Specific pages with long links, when sent using the \"Send Page\" function, and links with non-ASCII hostnames could both cause heap buffer overruns. \n\nSeveral issues were found and fixed in JavaScript rights handling: untrusted script code could read and write to the clipboard, signed scripts could build confusing grant privileges dialog boxes, and when dragged onto trusted frames or windows, JavaScript links could access information and rights of the target frame or window. Finally, Mozilla-based mail clients (Mozilla and Mozilla Thunderbird) are vulnerable to a heap overflow caused by invalid POP3 mail server responses. \n\n### Impact\n\nAn attacker might be able to run arbitrary code with the rights of the user running the software by enticing the user to perform one of the following actions: view a specially-crafted BMP image or VCard, use the \"Send Page\" function on a malicious page, follow links with malicious hostnames, drag multiple JavaScript links in a row to another window, or connect to an untrusted POP3 mail server. An attacker could also use a malicious page with JavaScript to disclose clipboard contents or abuse previously-given privileges to request XPI installation privileges through a confusing dialog. \n\n### Workaround\n\nThere is no known workaround covering all vulnerabilities. \n\n### Resolution\n\nAll users should upgrade to the latest stable version: \n \n \n # emerge sync\n \n # emerge -pv your-version\n # emerge your-version", "modified": "2007-12-30T00:00:00", "published": "2004-09-20T00:00:00", "id": "GLSA-200409-26", "href": "https://security.gentoo.org/glsa/200409-26", "type": "gentoo", "title": "Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-04-13T01:00:44", "bulletinFamily": "unix", "description": "During the last months a number of security problems have been fixed in Mozilla and Mozilla based brwosers. These include:\n#### Solution\nSince there is no workaround, we recommend an update in any case if you use the mozilla browser.", "modified": "2004-10-06T13:11:21", "published": "2004-10-06T13:11:21", "id": "SUSE-SA:2004:036", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-10/msg00006.html", "title": "various vulnerabilities in mozilla", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
