ID CVE-2013-0748 Type cve Reporter cve@mitre.org Modified 2020-08-04T18:59:00
Description
The XBL.proto.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR protection mechanism by calling the toString function of an XBL object.
{"mozilla": [{"lastseen": "2016-09-05T13:37:42", "bulletinFamily": "software", "cvelist": ["CVE-2013-0748"], "edition": 1, "description": "Mozilla security researcher Jesse Ruderman discovered that using the toString function of XBL objects can lead to inappropriate information leakage by revealing the address space layout instead of just the ID of the object. This layout information could potentially be used to bypass ASLR and other security protections.\n\nIn general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.", "modified": "2013-01-08T00:00:00", "published": "2013-01-08T00:00:00", "id": "MFSA2013-11", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2013-11/", "type": "mozilla", "title": "Address space layout leaked in XBL objects", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "openvas": [{"lastseen": "2017-07-13T10:50:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0746", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0754", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0758"], "description": "This host is installed with Mozilla Firefox/Thunderbird/Seamonkey and is\n prone to multiple vulnerabilities.", "modified": "2017-06-28T00:00:00", "published": "2013-01-16T00:00:00", "id": "OPENVAS:803098", "href": "http://plugins.openvas.org/nasl.php?oid=803098", "type": "openvas", "title": "Mozilla Products Multiple Vulnerabilities January13 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_prdts_mult_vuln_jan13_win.nasl 6469 2017-06-28 14:24:07Z cfischer $\n#\n# Mozilla Products Multiple Vulnerabilities January13 (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Upgrade to Mozilla Firefox version 18.0 or ESR version 10.0.12 or 17.0.2 or later,\n For updates refer to http://www.mozilla.com/en-US/firefox/all.html\n\n Upgrade to SeaMonkey version to 2.15 or later,\n http://www.mozilla.org/projects/seamonkey/\n\n Upgrade to Thunderbird version to 17.0.2 or ESR 10.0.12 or 17.0.2 or later,\n http://www.mozilla.org/en-US/thunderbird/\";\n\ntag_impact = \"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code or crash the\n application in the context of the browser.\n Impact Level: System/Application\";\n\ntag_affected = \"SeaMonkey version before 2.15 on Windows\n Thunderbird version before 17.0.2 on Windows\n Mozilla Firefox version before 18.0 on Windows\n Thunderbird ESR version 10.x before 10.0.12 and 17.x before 17.0.2 on Windows\n Mozilla Firefox ESR version 10.x before 10.0.12 and 17.x before 17.0.2 on Windows\";\ntag_insight = \"- URL spoofing in address bar during page loads in conjunction with a\n 204 (aka No Content) HTTP status code.\n - Improper interaction between plugin objects and SVG elements.\n - Use-after-free error exists within the implementation serializeToStream\n in the XMLSerializer component and ListenerManager, and in the function\n 'TableBackgroundPainter::TableBackgroundData::Destroy'.\n 'serializeToStream' implementation in the XMLSerializer component\n - Compartment mismatch with quickstubs returned values.\n - An error within the 'XBL.__proto__.toString()' can be exploited to\n disclose the address space layout.\";\ntag_summary = \"This host is installed with Mozilla Firefox/Thunderbird/Seamonkey and is\n prone to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(803098);\n script_version(\"$Revision: 6469 $\");\n script_cve_id(\"CVE-2013-0744\", \"CVE-2013-0746\", \"CVE-2013-0748\", \"CVE-2013-0750\",\n \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0758\", \"CVE-2013-0759\");\n script_bugtraq_id(57218, 57238, 57234, 57235, 57209, 57217, 57232, 57228);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-28 16:24:07 +0200 (Wed, 28 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-16 15:08:04 +0530 (Wed, 16 Jan 2013)\");\n script_name(\"Mozilla Products Multiple Vulnerabilities January13 (Windows)\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/51752/\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1027955\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1027957\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1027958\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2013/mfsa2013-04.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2013/mfsa2013-05.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2013/mfsa2013-09.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2013/mfsa2013-11.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2013/mfsa2013-12.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2013/mfsa2013-15.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2013/mfsa2013-16.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2013/mfsa2013-17.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_win.nasl\", \"gb_seamonkey_detect_win.nasl\", \"gb_thunderbird_detect_win.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Firefox Check\nffVer = \"\";\nfesrVer = \"\";\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nfesrVer = get_kb_item(\"Firefox-ESR/Win/Ver\");\n\nif(ffVer || fesrVer)\n{\n # Grep for Firefox version\n if(version_is_less(version:ffVer, test_version:\"18.0\")||\n version_in_range(version:fesrVer, test_version:\"10.0\", test_version2:\"10.0.11\")||\n version_in_range(version:fesrVer, test_version:\"17.0\", test_version2:\"17.0.1\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# SeaMonkey Check\nseaVer = \"\";\nseaVer = get_kb_item(\"Seamonkey/Win/Ver\");\n\nif(seaVer)\n{\n # Grep for SeaMonkey version\n if(version_is_less(version:seaVer, test_version:\"2.15\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Thunderbird Check\ntbVer = \"\";\ntbesrVer = \"\";\n\ntbVer = get_kb_item(\"Thunderbird/Win/Ver\");\ntbesrVer = get_kb_item(\"Thunderbird-ESR/Win/Ver\");\n\nif(tbVer || tbesrVer)\n{\n # Grep for Thunderbird version\n if(version_is_less(version:tbVer, test_version:\"17.0.2\")||\n version_in_range(version:tbesrVer, test_version:\"10.0\", test_version2:\"10.0.11\")||\n version_in_range(version:tbesrVer, test_version:\"17.0\", test_version2:\"17.0.1\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-14T10:51:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0746", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0754", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0758"], "description": "This host is installed with Mozilla Firefox/Thunderbird/Seamonkey and is\n prone to multiple vulnerabilities.", "modified": "2017-06-29T00:00:00", "published": "2013-01-16T00:00:00", "id": "OPENVAS:803099", "href": "http://plugins.openvas.org/nasl.php?oid=803099", "type": "openvas", "title": "Mozilla Products Multiple Vulnerabilities January13 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_prdts_mult_vuln_jan13_macosx.nasl 6481 2017-06-29 08:15:47Z cfischer $\n#\n# Mozilla Products Multiple Vulnerabilities January13 (Mac OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Upgrade to Mozilla Firefox version 18.0 or ESR version 10.0.12 or 17.0.2 or later,\n For updates refer to http://www.mozilla.com/en-US/firefox/all.html\n\n Upgrade to SeaMonkey version to 2.15 or later,\n http://www.mozilla.org/projects/seamonkey/\n\n Upgrade to Thunderbird version to 17.0.2 or ESR 10.0.12 or 17.0.2 or later,\n http://www.mozilla.org/en-US/thunderbird/\";\n\ntag_impact = \"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code or crash the\n application in the context of the browser.\n Impact Level: System/Application\";\n\ntag_affected = \"SeaMonkey version before 2.15 on Mac OS X\n Thunderbird version before 17.0.2 on Mac OS X\n Mozilla Firefox version before 18.0 on Mac OS X\n Thunderbird ESR version 10.x before 10.0.12 and 17.x before 17.0.2 on Mac OS X\n Mozilla Firefox ESR version 10.x before 10.0.12 and 17.x before 17.0.2 on Mac OS X\";\ntag_insight = \"- URL spoofing in address bar during page loads in conjunction with a\n 204 (aka No Content) HTTP status code.\n - Improper interaction between plugin objects and SVG elements.\n - Use-after-free error exists within the implementation serializeToStream\n in the XMLSerializer component and ListenerManager, and in the function\n 'TableBackgroundPainter::TableBackgroundData::Destroy'.\n 'serializeToStream' implementation in the XMLSerializer component\n - Compartment mismatch with quickstubs returned values.\n - An error within the 'XBL.__proto__.toString()' can be exploited to\n disclose the address space layout.\";\ntag_summary = \"This host is installed with Mozilla Firefox/Thunderbird/Seamonkey and is\n prone to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(803099);\n script_version(\"$Revision: 6481 $\");\n script_cve_id(\"CVE-2013-0744\", \"CVE-2013-0746\", \"CVE-2013-0748\", \"CVE-2013-0750\",\n \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0758\", \"CVE-2013-0759\");\n script_bugtraq_id(57218, 57238, 57234, 57235, 57209, 57217, 57232, 57228);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-29 10:15:47 +0200 (Thu, 29 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-16 15:29:04 +0530 (Wed, 16 Jan 2013)\");\n script_name(\"Mozilla Products Multiple Vulnerabilities January13 (Mac OS X)\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/51752/\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1027955\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1027957\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1027958\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2013/mfsa2013-04.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2013/mfsa2013-05.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2013/mfsa2013-09.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2013/mfsa2013-11.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2013/mfsa2013-12.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2013/mfsa2013-15.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2013/mfsa2013-16.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2013/mfsa2013-17.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\", \"ssh_authorization_init.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Mac/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Firefox Check\nffVer = \"\";\nfesrVer = \"\";\nffVer = get_kb_item(\"Mozilla/Firefox/MacOSX/Version\");\nfesrVer = get_kb_item(\"Mozilla/Firefox-ESR/MacOSX/Version\");\n\nif(ffVer || fesrVer)\n{\n # Grep for Firefox version\n if(version_is_less(version:ffVer, test_version:\"18.0\")||\n version_in_range(version:fesrVer, test_version:\"10.0\", test_version2:\"10.0.11\")||\n version_in_range(version:fesrVer, test_version:\"17.0\", test_version2:\"17.0.1\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# SeaMonkey Check\nseaVer = \"\";\nseaVer = get_kb_item(\"SeaMonkey/MacOSX/Version\");\n\nif(seaVer)\n{\n # Grep for SeaMonkey version\n if(version_is_less(version:seaVer, test_version:\"2.15\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Thunderbird Check\ntbVer = \"\";\ntbesrVer = \"\";\ntbVer = get_kb_item(\"ThunderBird/MacOSX/Version\");\ntbesrVer = get_kb_item(\"ThunderBird-ESR/MacOSX/Version\");\n\nif(tbVer || tbesrVer)\n{\n # Grep for Thunderbird version\n if(version_is_less(version:tbVer, test_version:\"17.0.2\")||\n version_in_range(version:tbesrVer, test_version:\"10.0\", test_version2:\"10.0.11\")||\n version_in_range(version:tbesrVer, test_version:\"17.0\", test_version2:\"17.0.1\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-08-05T16:05:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0746", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0754", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0758"], "description": "This host is installed with Mozilla Firefox/Thunderbird/Seamonkey and is\n prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2013-01-16T00:00:00", "id": "OPENVAS:1361412562310803099", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803099", "type": "openvas", "title": "Mozilla Products Multiple Vulnerabilities January13 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Products Multiple Vulnerabilities January13 (Mac OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803099\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2013-0744\", \"CVE-2013-0746\", \"CVE-2013-0748\", \"CVE-2013-0750\",\n \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0758\", \"CVE-2013-0759\");\n script_bugtraq_id(57218, 57238, 57234, 57235, 57209, 57217, 57232, 57228);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2013-01-16 15:29:04 +0530 (Wed, 16 Jan 2013)\");\n script_name(\"Mozilla Products Multiple Vulnerabilities January13 (Mac OS X)\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/51752/\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027955\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027957\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027958\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-04.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-05.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-09.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-11.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-12.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-15.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-16.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-17.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Mac/Installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code or crash the\n application in the context of the browser.\");\n\n script_tag(name:\"affected\", value:\"SeaMonkey version before 2.15 on Mac OS X\n\n Thunderbird version before 17.0.2 on Mac OS X\n\n Mozilla Firefox version before 18.0 on Mac OS X\n\n Thunderbird ESR version 10.x before 10.0.12 and 17.x before 17.0.2 on Mac OS X\n\n Mozilla Firefox ESR version 10.x before 10.0.12 and 17.x before 17.0.2 on Mac OS X\");\n\n script_tag(name:\"insight\", value:\"- URL spoofing in address bar during page loads in conjunction with a\n 204 (aka No Content) HTTP status code.\n\n - Improper interaction between plugin objects and SVG elements.\n\n - Use-after-free error exists within the implementation serializeToStream\n in the XMLSerializer component and ListenerManager, and in the function\n 'TableBackgroundPainter::TableBackgroundData::Destroy'.\n 'serializeToStream' implementation in the XMLSerializer component\n\n - Compartment mismatch with quickstubs returned values.\n\n - An error within the 'XBL.__proto__.toString()' can be exploited to\n disclose the address space layout.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox/Thunderbird/Seamonkey and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 18.0 or ESR version 10.0.12 or 17.0.2 or later, upgrade to SeaMonkey version to 2.15 or later,\n upgrade to Thunderbird version to 17.0.2 or ESR 10.0.12 or 17.0.2 or later.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/projects/seamonkey/\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/en-US/thunderbird/\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Mozilla/Firefox/MacOSX/Version\");\nfesrVer = get_kb_item(\"Mozilla/Firefox-ESR/MacOSX/Version\");\n\nif(ffVer || fesrVer)\n{\n if(version_is_less(version:ffVer, test_version:\"18.0\")||\n version_in_range(version:fesrVer, test_version:\"10.0\", test_version2:\"10.0.11\")||\n version_in_range(version:fesrVer, test_version:\"17.0\", test_version2:\"17.0.1\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\nseaVer = get_kb_item(\"SeaMonkey/MacOSX/Version\");\n\nif(seaVer)\n{\n if(version_is_less(version:seaVer, test_version:\"2.15\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\ntbVer = get_kb_item(\"Thunderbird/MacOSX/Version\");\ntbesrVer = get_kb_item(\"Thunderbird-ESR/MacOSX/Version\");\n\nif(tbVer || tbesrVer)\n{\n if(version_is_less(version:tbVer, test_version:\"17.0.2\")||\n version_in_range(version:tbesrVer, test_version:\"10.0\", test_version2:\"10.0.11\")||\n version_in_range(version:tbesrVer, test_version:\"17.0\", test_version2:\"17.0.1\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-05T16:05:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0746", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0754", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0758"], "description": "This host is installed with Mozilla Firefox/Thunderbird/Seamonkey and is\n prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2013-01-16T00:00:00", "id": "OPENVAS:1361412562310803098", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803098", "type": "openvas", "title": "Mozilla Products Multiple Vulnerabilities January13 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Products Multiple Vulnerabilities January13 (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803098\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2013-0744\", \"CVE-2013-0746\", \"CVE-2013-0748\", \"CVE-2013-0750\",\n \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0758\", \"CVE-2013-0759\");\n script_bugtraq_id(57218, 57238, 57234, 57235, 57209, 57217, 57232, 57228);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2013-01-16 15:08:04 +0530 (Wed, 16 Jan 2013)\");\n script_name(\"Mozilla Products Multiple Vulnerabilities January13 (Windows)\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/51752/\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027955\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027957\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027958\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-04.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-05.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-09.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-11.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-12.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-15.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-16.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-17.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\", \"gb_seamonkey_detect_win.nasl\", \"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code or crash the\n application in the context of the browser.\");\n script_tag(name:\"affected\", value:\"SeaMonkey version before 2.15 on Windows\n Thunderbird version before 17.0.2 on Windows\n Mozilla Firefox version before 18.0 on Windows\n Thunderbird ESR version 10.x before 10.0.12 and 17.x before 17.0.2 on Windows\n Mozilla Firefox ESR version 10.x before 10.0.12 and 17.x before 17.0.2 on Windows\");\n script_tag(name:\"insight\", value:\"- URL spoofing in address bar during page loads in conjunction with a\n 204 (aka No Content) HTTP status code.\n\n - Improper interaction between plugin objects and SVG elements.\n\n - Use-after-free error exists within the implementation serializeToStream\n in the XMLSerializer component and ListenerManager, and in the function\n 'TableBackgroundPainter::TableBackgroundData::Destroy'.\n 'serializeToStream' implementation in the XMLSerializer component\n\n - Compartment mismatch with quickstubs returned values.\n\n - An error within the 'XBL.__proto__.toString()' can be exploited to\n disclose the address space layout.\");\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox/Thunderbird/Seamonkey and is\n prone to multiple vulnerabilities.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 18.0 or ESR version 10.0.12 or 17.0.2 or later, upgrade to SeaMonkey version to 2.15 or later,\n upgrade to Thunderbird version to 17.0.2 or ESR 10.0.12 or 17.0.2 or later.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/projects/seamonkey/\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/en-US/thunderbird/\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nfesrVer = get_kb_item(\"Firefox-ESR/Win/Ver\");\n\nif(ffVer || fesrVer)\n{\n if(version_is_less(version:ffVer, test_version:\"18.0\")||\n version_in_range(version:fesrVer, test_version:\"10.0\", test_version2:\"10.0.11\")||\n version_in_range(version:fesrVer, test_version:\"17.0\", test_version2:\"17.0.1\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\nseaVer = get_kb_item(\"Seamonkey/Win/Ver\");\nif(seaVer)\n{\n if(version_is_less(version:seaVer, test_version:\"2.15\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\ntbVer = get_kb_item(\"Thunderbird/Win/Ver\");\ntbesrVer = get_kb_item(\"Thunderbird-ESR/Win/Ver\");\n\nif(tbVer || tbesrVer)\n{\n if(version_is_less(version:tbVer, test_version:\"17.0.2\")||\n version_in_range(version:tbesrVer, test_version:\"10.0\", test_version2:\"10.0.11\")||\n version_in_range(version:tbesrVer, test_version:\"17.0\", test_version2:\"17.0.1\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0746", "CVE-2013-0766", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0758"], "description": "Oracle Linux Local Security Checks ELSA-2013-0144", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123766", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123766", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0144", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0144.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123766\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:08:15 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0144\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0144 - firefox security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0144\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0144.html\");\n script_cve_id(\"CVE-2013-0744\", \"CVE-2013-0746\", \"CVE-2013-0748\", \"CVE-2013-0750\", \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0758\", \"CVE-2013-0759\", \"CVE-2013-0762\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0769\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.12~1.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.12~1.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.12~1.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.12~1.0.1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.12~1.0.1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.12~1.0.1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-18T11:09:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0746", "CVE-2013-0766", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0758"], "description": "Check for the Version of firefox", "modified": "2018-01-18T00:00:00", "published": "2013-01-11T00:00:00", "id": "OPENVAS:870881", "href": "http://plugins.openvas.org/nasl.php?oid=870881", "type": "openvas", "title": "RedHat Update for firefox RHSA-2013:0144-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2013:0144-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753,\n CVE-2013-0754, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769)\n\n A flaw was found in the way Chrome Object Wrappers were implemented.\n Malicious content could be used to cause Firefox to execute arbitrary code\n via plug-ins installed in Firefox. (CVE-2013-0758)\n\n A flaw in the way Firefox displayed URL values in the address bar could\n allow a malicious site or user to perform a phishing attack.\n (CVE-2013-0759)\n\n An information disclosure flaw was found in the way certain JavaScript\n functions were implemented in Firefox. An attacker could use this flaw to\n bypass Address Space Layout Randomization (ASLR) and other security\n restrictions. (CVE-2013-0748)\n\n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 10.0.12 ESR, which corrects these issues. After installing\n the update, Firefox must be restarted for the changes to take effect.\";\n\n\ntag_affected = \"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-January/msg00019.html\");\n script_id(870881);\n script_version(\"$Revision: 8456 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 07:58:40 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-11 16:42:11 +0530 (Fri, 11 Jan 2013)\");\n script_cve_id(\"CVE-2013-0744\", \"CVE-2013-0746\", \"CVE-2013-0748\", \"CVE-2013-0750\",\n \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0758\", \"CVE-2013-0759\",\n \"CVE-2013-0762\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0769\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2013:0144-01\");\n script_name(\"RedHat Update for firefox RHSA-2013:0144-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.12~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~10.0.12~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.12~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~10.0.12~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.12~1.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~10.0.12~1.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.12~1.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~10.0.12~1.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.12~1.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-02-06T13:10:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0746", "CVE-2013-0766", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0758"], "description": "Check for the Version of firefox", "modified": "2018-02-05T00:00:00", "published": "2013-01-21T00:00:00", "id": "OPENVAS:881565", "href": "http://plugins.openvas.org/nasl.php?oid=881565", "type": "openvas", "title": "CentOS Update for firefox CESA-2013:0144 centos5 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2013:0144 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753,\n CVE-2013-0754, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769)\n \n A flaw was found in the way Chrome Object Wrappers were implemented.\n Malicious content could be used to cause Firefox to execute arbitrary code\n via plug-ins installed in Firefox. (CVE-2013-0758)\n \n A flaw in the way Firefox displayed URL values in the address bar could\n allow a malicious site or user to perform a phishing attack.\n (CVE-2013-0759)\n \n An information disclosure flaw was found in the way certain JavaScript\n functions were implemented in Firefox. An attacker could use this flaw to\n bypass Address Space Layout Randomization (ASLR) and other security\n restrictions. (CVE-2013-0748)\n \n For technical details regarding these flaws, refer to the Mozilla security\n advisories for Firefox 10.0.12 ESR. You can find a link to the Mozilla\n advisories in the References section of this erratum.\n \n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt, regenrecht,\n Abhishek Arya, Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki\n Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse Ruderman as the\n original reporters of these issues.\n \n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 10.0.12 ESR, which corrects these issues. After installing\n the update, Firefox must be restarted for the changes to take effect.\";\n\n\ntag_affected = \"firefox on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-January/019200.html\");\n script_id(881565);\n script_version(\"$Revision: 8672 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-05 17:39:18 +0100 (Mon, 05 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:39:51 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2013-0744\", \"CVE-2013-0746\", \"CVE-2013-0748\", \"CVE-2013-0750\",\n \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0758\", \"CVE-2013-0759\",\n \"CVE-2013-0762\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0769\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2013:0144\");\n script_name(\"CentOS Update for firefox CESA-2013:0144 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.12~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0746", "CVE-2013-0766", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0758"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2013-01-11T00:00:00", "id": "OPENVAS:1361412562310870885", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870885", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2013:0145-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2013:0145-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-January/msg00020.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870885\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-11 16:42:31 +0530 (Fri, 11 Jan 2013)\");\n script_cve_id(\"CVE-2013-0744\", \"CVE-2013-0746\", \"CVE-2013-0748\", \"CVE-2013-0750\",\n \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0758\", \"CVE-2013-0759\",\n \"CVE-2013-0762\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0769\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2013:0145-01\");\n script_name(\"RedHat Update for thunderbird RHSA-2013:0145-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"thunderbird on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed content. Malicious\n content could cause Thunderbird to crash or, potentially, execute arbitrary\n code with the privileges of the user running Thunderbird. (CVE-2013-0744,\n CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762,\n CVE-2013-0766, CVE-2013-0767, CVE-2013-0769)\n\n A flaw was found in the way Chrome Object Wrappers were implemented.\n Malicious content could be used to cause Thunderbird to execute arbitrary\n code via plug-ins installed in Thunderbird. (CVE-2013-0758)\n\n A flaw in the way Thunderbird displayed URL values could allow malicious\n content or a user to perform a phishing attack. (CVE-2013-0759)\n\n An information disclosure flaw was found in the way certain JavaScript\n functions were implemented in Thunderbird. An attacker could use this flaw\n to bypass Address Space Layout Randomization (ASLR) and other security\n restrictions. (CVE-2013-0748)\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt, regenrecht,\n Abhishek Arya, Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki\n Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse Ruderman as the\n original reporters of these issues.\n\n Note: All issues except CVE-2013-0744, CVE-2013-0753, and CVE-2013-0754\n cannot be exploited by a specially-crafted HTML mail message as JavaScript\n is disabled by default for mail messages. They could be exploited another\n way in Thunderbird, for example, when viewing the full remote content of an\n RSS feed.\n\n All Thunderbird users should upgrade to this updated package, which\n contains Thunderbird version 10.0.12 ESR, which corrects these issues.\n After installing the update, Thunderbird must be restarted for the changes\n to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.12~3.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~10.0.12~3.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0746", "CVE-2013-0766", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0758"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-01-21T00:00:00", "id": "OPENVAS:1361412562310881577", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881577", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2013:0145 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2013:0145 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-January/019201.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881577\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:42:00 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2013-0744\", \"CVE-2013-0746\", \"CVE-2013-0748\", \"CVE-2013-0750\",\n \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0758\", \"CVE-2013-0759\",\n \"CVE-2013-0762\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0769\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2013:0145\");\n script_name(\"CentOS Update for thunderbird CESA-2013:0145 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed content. Malicious\n content could cause Thunderbird to crash or, potentially, execute arbitrary\n code with the privileges of the user running Thunderbird. (CVE-2013-0744,\n CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762,\n CVE-2013-0766, CVE-2013-0767, CVE-2013-0769)\n\n A flaw was found in the way Chrome Object Wrappers were implemented.\n Malicious content could be used to cause Thunderbird to execute arbitrary\n code via plug-ins installed in Thunderbird. (CVE-2013-0758)\n\n A flaw in the way Thunderbird displayed URL values could allow malicious\n content or a user to perform a phishing attack. (CVE-2013-0759)\n\n An information disclosure flaw was found in the way certain JavaScript\n functions were implemented in Thunderbird. An attacker could use this flaw\n to bypass Address Space Layout Randomization (ASLR) and other security\n restrictions. (CVE-2013-0748)\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt, regenrecht,\n Abhishek Arya, Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki\n Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse Ruderman as the\n original reporters of these issues.\n\n Note: All issues except CVE-2013-0744, CVE-2013-0753, and CVE-2013-0754\n cannot be exploited by a specially-crafted HTML mail message as JavaScript\n is disabled by default for mail messages. They could be exploited another\n way in Thunderbird, for example, when viewing the full remote content of an\n RSS feed.\n\n All Thunderbird users should upgrade to this updated package, which\n contains Thunderbird version 10.0.12 ESR, which corrects these issues.\n After installing the update, Thunderbird must be restarted for the changes\n to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.12~3.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-02-05T11:10:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0746", "CVE-2013-0766", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0758"], "description": "Check for the Version of thunderbird", "modified": "2018-02-03T00:00:00", "published": "2013-01-11T00:00:00", "id": "OPENVAS:870885", "href": "http://plugins.openvas.org/nasl.php?oid=870885", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2013:0145-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2013:0145-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed content. Malicious\n content could cause Thunderbird to crash or, potentially, execute arbitrary\n code with the privileges of the user running Thunderbird. (CVE-2013-0744,\n CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762,\n CVE-2013-0766, CVE-2013-0767, CVE-2013-0769)\n\n A flaw was found in the way Chrome Object Wrappers were implemented.\n Malicious content could be used to cause Thunderbird to execute arbitrary\n code via plug-ins installed in Thunderbird. (CVE-2013-0758)\n\n A flaw in the way Thunderbird displayed URL values could allow malicious\n content or a user to perform a phishing attack. (CVE-2013-0759)\n\n An information disclosure flaw was found in the way certain JavaScript\n functions were implemented in Thunderbird. An attacker could use this flaw\n to bypass Address Space Layout Randomization (ASLR) and other security\n restrictions. (CVE-2013-0748)\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt, regenrecht,\n Abhishek Arya, Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki\n Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse Ruderman as the\n original reporters of these issues.\n\n Note: All issues except CVE-2013-0744, CVE-2013-0753, and CVE-2013-0754\n cannot be exploited by a specially-crafted HTML mail message as JavaScript\n is disabled by default for mail messages. They could be exploited another\n way in Thunderbird, for example, when viewing the full remote content of an\n RSS feed.\n\n All Thunderbird users should upgrade to this updated package, which\n contains Thunderbird version 10.0.12 ESR, which corrects these issues.\n After installing the update, Thunderbird must be restarted for the changes\n to take effect.\";\n\n\ntag_affected = \"thunderbird on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-January/msg00020.html\");\n script_id(870885);\n script_version(\"$Revision: 8650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:59 +0100 (Sat, 03 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-11 16:42:31 +0530 (Fri, 11 Jan 2013)\");\n script_cve_id(\"CVE-2013-0744\", \"CVE-2013-0746\", \"CVE-2013-0748\", \"CVE-2013-0750\",\n \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0758\", \"CVE-2013-0759\",\n \"CVE-2013-0762\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0769\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2013:0145-01\");\n script_name(\"RedHat Update for thunderbird RHSA-2013:0145-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.12~3.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~10.0.12~3.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-06T09:28:19", "description": "Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750,\nCVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766,\nCVE-2013-0767, CVE-2013-0769)\n\nA flaw was found in the way Chrome Object Wrappers were implemented.\nMalicious content could be used to cause Firefox to execute arbitrary\ncode via plug-ins installed in Firefox. (CVE-2013-0758)\n\nA flaw in the way Firefox displayed URL values in the address bar\ncould allow a malicious site or user to perform a phishing attack.\n(CVE-2013-0759)\n\nAn information disclosure flaw was found in the way certain JavaScript\nfunctions were implemented in Firefox. An attacker could use this flaw\nto bypass Address Space Layout Randomization (ASLR) and other security\nrestrictions. (CVE-2013-0748)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 10.0.12 ESR. You can find a link to\nthe Mozilla advisories in the References section of this erratum.\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt,\nregenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats\nPalmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse\nRuderman as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 10.0.12 ESR, which corrects these issues.\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.", "edition": 25, "published": "2013-01-09T00:00:00", "title": "CentOS 5 / 6 : firefox / xulrunner (CESA-2013:0144)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0746", "CVE-2013-0766", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0758"], "modified": "2013-01-09T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:xulrunner-devel", "p-cpe:/a:centos:centos:xulrunner", "p-cpe:/a:centos:centos:firefox", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2013-0144.NASL", "href": "https://www.tenable.com/plugins/nessus/63431", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0144 and \n# CentOS Errata and Security Advisory 2013:0144 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63431);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-0744\", \"CVE-2013-0746\", \"CVE-2013-0748\", \"CVE-2013-0750\", \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0758\", \"CVE-2013-0759\", \"CVE-2013-0762\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0769\");\n script_bugtraq_id(57185);\n script_xref(name:\"RHSA\", value:\"2013:0144\");\n\n script_name(english:\"CentOS 5 / 6 : firefox / xulrunner (CESA-2013:0144)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750,\nCVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766,\nCVE-2013-0767, CVE-2013-0769)\n\nA flaw was found in the way Chrome Object Wrappers were implemented.\nMalicious content could be used to cause Firefox to execute arbitrary\ncode via plug-ins installed in Firefox. (CVE-2013-0758)\n\nA flaw in the way Firefox displayed URL values in the address bar\ncould allow a malicious site or user to perform a phishing attack.\n(CVE-2013-0759)\n\nAn information disclosure flaw was found in the way certain JavaScript\nfunctions were implemented in Firefox. An attacker could use this flaw\nto bypass Address Space Layout Randomization (ASLR) and other security\nrestrictions. (CVE-2013-0748)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 10.0.12 ESR. You can find a link to\nthe Mozilla advisories in the References section of this erratum.\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt,\nregenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats\nPalmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse\nRuderman as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 10.0.12 ESR, which corrects these issues.\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-January/019048.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cf178259\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-January/019050.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056061f2\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-January/019199.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3076771a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-January/019200.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d863b80f\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-January/000461.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ea172ff2\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-January/000464.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1b83b489\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or xulrunner packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0750\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 17.0.1 Flash Privileged Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-10.0.12-1.el5.centos\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-10.0.12-1.el5_9\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-devel-10.0.12-1.el5_9\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"firefox-10.0.12-1.el6.centos\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"xulrunner-10.0.12-1.el6.centos\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"xulrunner-devel-10.0.12-1.el6.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner / xulrunner-devel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:28:19", "description": "An updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750,\nCVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766,\nCVE-2013-0767, CVE-2013-0769)\n\nA flaw was found in the way Chrome Object Wrappers were implemented.\nMalicious content could be used to cause Thunderbird to execute\narbitrary code via plug-ins installed in Thunderbird. (CVE-2013-0758)\n\nA flaw in the way Thunderbird displayed URL values could allow\nmalicious content or a user to perform a phishing attack.\n(CVE-2013-0759)\n\nAn information disclosure flaw was found in the way certain JavaScript\nfunctions were implemented in Thunderbird. An attacker could use this\nflaw to bypass Address Space Layout Randomization (ASLR) and other\nsecurity restrictions. (CVE-2013-0748)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt,\nregenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats\nPalmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse\nRuderman as the original reporters of these issues.\n\nNote: All issues except CVE-2013-0744, CVE-2013-0753, and\nCVE-2013-0754 cannot be exploited by a specially crafted HTML mail\nmessage as JavaScript is disabled by default for mail messages. They\ncould be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 10.0.12 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.", "edition": 21, "published": "2013-01-09T00:00:00", "title": "CentOS 5 / 6 : thunderbird (CESA-2013:0145)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0746", "CVE-2013-0766", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0758"], "modified": "2013-01-09T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2013-0145.NASL", "href": "https://www.tenable.com/plugins/nessus/63432", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0145 and \n# CentOS Errata and Security Advisory 2013:0145 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63432);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-0744\", \"CVE-2013-0746\", \"CVE-2013-0748\", \"CVE-2013-0750\", \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0758\", \"CVE-2013-0759\", \"CVE-2013-0762\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0769\");\n script_bugtraq_id(57185);\n script_xref(name:\"RHSA\", value:\"2013:0145\");\n\n script_name(english:\"CentOS 5 / 6 : thunderbird (CESA-2013:0145)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750,\nCVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766,\nCVE-2013-0767, CVE-2013-0769)\n\nA flaw was found in the way Chrome Object Wrappers were implemented.\nMalicious content could be used to cause Thunderbird to execute\narbitrary code via plug-ins installed in Thunderbird. (CVE-2013-0758)\n\nA flaw in the way Thunderbird displayed URL values could allow\nmalicious content or a user to perform a phishing attack.\n(CVE-2013-0759)\n\nAn information disclosure flaw was found in the way certain JavaScript\nfunctions were implemented in Thunderbird. An attacker could use this\nflaw to bypass Address Space Layout Randomization (ASLR) and other\nsecurity restrictions. (CVE-2013-0748)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt,\nregenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats\nPalmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse\nRuderman as the original reporters of these issues.\n\nNote: All issues except CVE-2013-0744, CVE-2013-0753, and\nCVE-2013-0754 cannot be exploited by a specially crafted HTML mail\nmessage as JavaScript is disabled by default for mail messages. They\ncould be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 10.0.12 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-January/019049.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f6f9b40e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-January/019201.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c1d1c8ba\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-January/000465.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bb9636f6\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0750\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 17.0.1 Flash Privileged Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-10.0.12-3.el5.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-10.0.12-3.el6.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:47:12", "description": "Several flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750,\nCVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766,\nCVE-2013-0767, CVE-2013-0769)\n\nA flaw was found in the way Chrome Object Wrappers were implemented.\nMalicious content could be used to cause Thunderbird to execute\narbitrary code via plug- ins installed in Thunderbird. (CVE-2013-0758)\n\nA flaw in the way Thunderbird displayed URL values could allow\nmalicious content or a user to perform a phishing attack.\n(CVE-2013-0759)\n\nAn information disclosure flaw was found in the way certain JavaScript\nfunctions were implemented in Thunderbird. An attacker could use this\nflaw to bypass Address Space Layout Randomization (ASLR) and other\nsecurity restrictions. (CVE-2013-0748)\n\nNote: All issues except CVE-2013-0744, CVE-2013-0753, and\nCVE-2013-0754 cannot be exploited by a specially crafted HTML mail\nmessage as JavaScript is disabled by default for mail messages. They\ncould be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.", "edition": 14, "published": "2013-01-11T00:00:00", "title": "Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20130108)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0746", "CVE-2013-0766", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0758"], "modified": "2013-01-11T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:thunderbird", "p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20130108_THUNDERBIRD_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/63472", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63472);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-0744\", \"CVE-2013-0746\", \"CVE-2013-0748\", \"CVE-2013-0750\", \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0758\", \"CVE-2013-0759\", \"CVE-2013-0762\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0769\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20130108)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750,\nCVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766,\nCVE-2013-0767, CVE-2013-0769)\n\nA flaw was found in the way Chrome Object Wrappers were implemented.\nMalicious content could be used to cause Thunderbird to execute\narbitrary code via plug- ins installed in Thunderbird. (CVE-2013-0758)\n\nA flaw in the way Thunderbird displayed URL values could allow\nmalicious content or a user to perform a phishing attack.\n(CVE-2013-0759)\n\nAn information disclosure flaw was found in the way certain JavaScript\nfunctions were implemented in Thunderbird. An attacker could use this\nflaw to bypass Address Space Layout Randomization (ASLR) and other\nsecurity restrictions. (CVE-2013-0748)\n\nNote: All issues except CVE-2013-0744, CVE-2013-0753, and\nCVE-2013-0754 cannot be exploited by a specially crafted HTML mail\nmessage as JavaScript is disabled by default for mail messages. They\ncould be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1301&L=scientific-linux-errata&T=0&P=440\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b0c6ca11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 17.0.1 Flash Privileged Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-10.0.12-3.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-debuginfo-10.0.12-3.el5_9\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-10.0.12-3.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-debuginfo-10.0.12-3.el6_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:11:42", "description": "Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750,\nCVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766,\nCVE-2013-0767, CVE-2013-0769)\n\nA flaw was found in the way Chrome Object Wrappers were implemented.\nMalicious content could be used to cause Firefox to execute arbitrary\ncode via plug-ins installed in Firefox. (CVE-2013-0758)\n\nA flaw in the way Firefox displayed URL values in the address bar\ncould allow a malicious site or user to perform a phishing attack.\n(CVE-2013-0759)\n\nAn information disclosure flaw was found in the way certain JavaScript\nfunctions were implemented in Firefox. An attacker could use this flaw\nto bypass Address Space Layout Randomization (ASLR) and other security\nrestrictions. (CVE-2013-0748)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 10.0.12 ESR. You can find a link to\nthe Mozilla advisories in the References section of this erratum.\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt,\nregenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats\nPalmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse\nRuderman as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 10.0.12 ESR, which corrects these issues.\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.", "edition": 22, "published": "2013-01-09T00:00:00", "title": "RHEL 5 / 6 : firefox (RHSA-2013:0144)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0746", "CVE-2013-0766", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0758"], "modified": "2013-01-09T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo", "cpe:/o:redhat:enterprise_linux:6.3", "cpe:/o:redhat:enterprise_linux:5.9", "p-cpe:/a:redhat:enterprise_linux:xulrunner", "p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xulrunner-devel", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2013-0144.NASL", "href": "https://www.tenable.com/plugins/nessus/63445", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0144. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63445);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-0744\", \"CVE-2013-0746\", \"CVE-2013-0748\", \"CVE-2013-0750\", \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0758\", \"CVE-2013-0759\", \"CVE-2013-0762\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0769\");\n script_bugtraq_id(57185);\n script_xref(name:\"RHSA\", value:\"2013:0144\");\n\n script_name(english:\"RHEL 5 / 6 : firefox (RHSA-2013:0144)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750,\nCVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766,\nCVE-2013-0767, CVE-2013-0769)\n\nA flaw was found in the way Chrome Object Wrappers were implemented.\nMalicious content could be used to cause Firefox to execute arbitrary\ncode via plug-ins installed in Firefox. (CVE-2013-0758)\n\nA flaw in the way Firefox displayed URL values in the address bar\ncould allow a malicious site or user to perform a phishing attack.\n(CVE-2013-0759)\n\nAn information disclosure flaw was found in the way certain JavaScript\nfunctions were implemented in Firefox. An attacker could use this flaw\nto bypass Address Space Layout Randomization (ASLR) and other security\nrestrictions. (CVE-2013-0748)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 10.0.12 ESR. You can find a link to\nthe Mozilla advisories in the References section of this erratum.\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt,\nregenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats\nPalmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse\nRuderman as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 10.0.12 ESR, which corrects these issues.\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a134523f\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0759\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0766\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 17.0.1 Flash Privileged Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0144\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-10.0.12-1.el5_9\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-debuginfo-10.0.12-1.el5_9\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-10.0.12-1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-debuginfo-10.0.12-1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"xulrunner-devel-10.0.12-1.el5_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-10.0.12-1.el6_3\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-debuginfo-10.0.12-1.el6_3\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-10.0.12-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-debuginfo-10.0.12-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xulrunner-devel-10.0.12-1.el6_3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo / xulrunner / xulrunner-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:11:42", "description": "An updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750,\nCVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766,\nCVE-2013-0767, CVE-2013-0769)\n\nA flaw was found in the way Chrome Object Wrappers were implemented.\nMalicious content could be used to cause Thunderbird to execute\narbitrary code via plug-ins installed in Thunderbird. (CVE-2013-0758)\n\nA flaw in the way Thunderbird displayed URL values could allow\nmalicious content or a user to perform a phishing attack.\n(CVE-2013-0759)\n\nAn information disclosure flaw was found in the way certain JavaScript\nfunctions were implemented in Thunderbird. An attacker could use this\nflaw to bypass Address Space Layout Randomization (ASLR) and other\nsecurity restrictions. (CVE-2013-0748)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt,\nregenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats\nPalmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse\nRuderman as the original reporters of these issues.\n\nNote: All issues except CVE-2013-0744, CVE-2013-0753, and\nCVE-2013-0754 cannot be exploited by a specially crafted HTML mail\nmessage as JavaScript is disabled by default for mail messages. They\ncould be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 10.0.12 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.", "edition": 21, "published": "2013-01-09T00:00:00", "title": "RHEL 5 / 6 : thunderbird (RHSA-2013:0145)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0746", "CVE-2013-0766", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0758"], "modified": "2013-01-09T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6.3", "p-cpe:/a:redhat:enterprise_linux:thunderbird", "cpe:/o:redhat:enterprise_linux:5.9", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2013-0145.NASL", "href": "https://www.tenable.com/plugins/nessus/63446", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0145. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63446);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-0744\", \"CVE-2013-0746\", \"CVE-2013-0748\", \"CVE-2013-0750\", \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0758\", \"CVE-2013-0759\", \"CVE-2013-0762\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0769\");\n script_bugtraq_id(57185);\n script_xref(name:\"RHSA\", value:\"2013:0145\");\n\n script_name(english:\"RHEL 5 / 6 : thunderbird (RHSA-2013:0145)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750,\nCVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766,\nCVE-2013-0767, CVE-2013-0769)\n\nA flaw was found in the way Chrome Object Wrappers were implemented.\nMalicious content could be used to cause Thunderbird to execute\narbitrary code via plug-ins installed in Thunderbird. (CVE-2013-0758)\n\nA flaw in the way Thunderbird displayed URL values could allow\nmalicious content or a user to perform a phishing attack.\n(CVE-2013-0759)\n\nAn information disclosure flaw was found in the way certain JavaScript\nfunctions were implemented in Thunderbird. An attacker could use this\nflaw to bypass Address Space Layout Randomization (ASLR) and other\nsecurity restrictions. (CVE-2013-0748)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt,\nregenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats\nPalmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse\nRuderman as the original reporters of these issues.\n\nNote: All issues except CVE-2013-0744, CVE-2013-0753, and\nCVE-2013-0754 cannot be exploited by a specially crafted HTML mail\nmessage as JavaScript is disabled by default for mail messages. They\ncould be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 10.0.12 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0759\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0766\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 17.0.1 Flash Privileged Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0145\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-10.0.12-3.el5_9\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-10.0.12-3.el5_9\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-debuginfo-10.0.12-3.el5_9\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-10.0.12-3.el5_9\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-10.0.12-3.el6_3\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-10.0.12-3.el6_3\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-10.0.12-3.el6_3\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-debuginfo-10.0.12-3.el6_3\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-debuginfo-10.0.12-3.el6_3\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-10.0.12-3.el6_3\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:47:32", "description": "From Red Hat Security Advisory 2013:0145 :\n\nAn updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750,\nCVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766,\nCVE-2013-0767, CVE-2013-0769)\n\nA flaw was found in the way Chrome Object Wrappers were implemented.\nMalicious content could be used to cause Thunderbird to execute\narbitrary code via plug-ins installed in Thunderbird. (CVE-2013-0758)\n\nA flaw in the way Thunderbird displayed URL values could allow\nmalicious content or a user to perform a phishing attack.\n(CVE-2013-0759)\n\nAn information disclosure flaw was found in the way certain JavaScript\nfunctions were implemented in Thunderbird. An attacker could use this\nflaw to bypass Address Space Layout Randomization (ASLR) and other\nsecurity restrictions. (CVE-2013-0748)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt,\nregenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats\nPalmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse\nRuderman as the original reporters of these issues.\n\nNote: All issues except CVE-2013-0744, CVE-2013-0753, and\nCVE-2013-0754 cannot be exploited by a specially crafted HTML mail\nmessage as JavaScript is disabled by default for mail messages. They\ncould be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 10.0.12 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.", "edition": 18, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : thunderbird (ELSA-2013-0145)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0746", "CVE-2013-0766", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0758"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:thunderbird"], "id": "ORACLELINUX_ELSA-2013-0145.NASL", "href": "https://www.tenable.com/plugins/nessus/68708", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0145 and \n# Oracle Linux Security Advisory ELSA-2013-0145 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68708);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-0744\", \"CVE-2013-0746\", \"CVE-2013-0748\", \"CVE-2013-0750\", \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0758\", \"CVE-2013-0759\", \"CVE-2013-0762\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0769\");\n script_bugtraq_id(57185);\n script_xref(name:\"RHSA\", value:\"2013:0145\");\n\n script_name(english:\"Oracle Linux 6 : thunderbird (ELSA-2013-0145)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2013:0145 :\n\nAn updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750,\nCVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766,\nCVE-2013-0767, CVE-2013-0769)\n\nA flaw was found in the way Chrome Object Wrappers were implemented.\nMalicious content could be used to cause Thunderbird to execute\narbitrary code via plug-ins installed in Thunderbird. (CVE-2013-0758)\n\nA flaw in the way Thunderbird displayed URL values could allow\nmalicious content or a user to perform a phishing attack.\n(CVE-2013-0759)\n\nAn information disclosure flaw was found in the way certain JavaScript\nfunctions were implemented in Thunderbird. An attacker could use this\nflaw to bypass Address Space Layout Randomization (ASLR) and other\nsecurity restrictions. (CVE-2013-0748)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt,\nregenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats\nPalmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse\nRuderman as the original reporters of these issues.\n\nNote: All issues except CVE-2013-0744, CVE-2013-0753, and\nCVE-2013-0754 cannot be exploited by a specially crafted HTML mail\nmessage as JavaScript is disabled by default for mail messages. They\ncould be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 10.0.12 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-January/003190.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 17.0.1 Flash Privileged Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"thunderbird-10.0.12-3.0.1.el6_3\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:47:11", "description": "Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750,\nCVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766,\nCVE-2013-0767, CVE-2013-0769)\n\nA flaw was found in the way Chrome Object Wrappers were implemented.\nMalicious content could be used to cause Firefox to execute arbitrary\ncode via plug-ins installed in Firefox. (CVE-2013-0758)\n\nA flaw in the way Firefox displayed URL values in the address bar\ncould allow a malicious site or user to perform a phishing attack.\n(CVE-2013-0759)\n\nAn information disclosure flaw was found in the way certain JavaScript\nfunctions were implemented in Firefox. An attacker could use this flaw\nto bypass Address Space Layout Randomization (ASLR) and other security\nrestrictions. (CVE-2013-0748)\n\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.", "edition": 14, "published": "2013-01-11T00:00:00", "title": "Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20130108)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0746", "CVE-2013-0766", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0758"], "modified": "2013-01-11T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:xulrunner-debuginfo", "p-cpe:/a:fermilab:scientific_linux:firefox", "p-cpe:/a:fermilab:scientific_linux:xulrunner-devel", "p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:xulrunner"], "id": "SL_20130108_FIREFOX_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/63471", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63471);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-0744\", \"CVE-2013-0746\", \"CVE-2013-0748\", \"CVE-2013-0750\", \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0758\", \"CVE-2013-0759\", \"CVE-2013-0762\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0769\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20130108)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750,\nCVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766,\nCVE-2013-0767, CVE-2013-0769)\n\nA flaw was found in the way Chrome Object Wrappers were implemented.\nMalicious content could be used to cause Firefox to execute arbitrary\ncode via plug-ins installed in Firefox. (CVE-2013-0758)\n\nA flaw in the way Firefox displayed URL values in the address bar\ncould allow a malicious site or user to perform a phishing attack.\n(CVE-2013-0759)\n\nAn information disclosure flaw was found in the way certain JavaScript\nfunctions were implemented in Firefox. An attacker could use this flaw\nto bypass Address Space Layout Randomization (ASLR) and other security\nrestrictions. (CVE-2013-0748)\n\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1301&L=scientific-linux-errata&T=0&P=307\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?be340992\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 17.0.1 Flash Privileged Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"firefox-10.0.12-1.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"firefox-debuginfo-10.0.12-1.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-10.0.12-1.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-debuginfo-10.0.12-1.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-devel-10.0.12-1.el5_9\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"firefox-10.0.12-1.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"firefox-debuginfo-10.0.12-1.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xulrunner-10.0.12-1.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xulrunner-debuginfo-10.0.12-1.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xulrunner-devel-10.0.12-1.el6_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo / xulrunner / xulrunner-debuginfo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:47:32", "description": "From Red Hat Security Advisory 2013:0144 :\n\nUpdated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750,\nCVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766,\nCVE-2013-0767, CVE-2013-0769)\n\nA flaw was found in the way Chrome Object Wrappers were implemented.\nMalicious content could be used to cause Firefox to execute arbitrary\ncode via plug-ins installed in Firefox. (CVE-2013-0758)\n\nA flaw in the way Firefox displayed URL values in the address bar\ncould allow a malicious site or user to perform a phishing attack.\n(CVE-2013-0759)\n\nAn information disclosure flaw was found in the way certain JavaScript\nfunctions were implemented in Firefox. An attacker could use this flaw\nto bypass Address Space Layout Randomization (ASLR) and other security\nrestrictions. (CVE-2013-0748)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 10.0.12 ESR. You can find a link to\nthe Mozilla advisories in the References section of this erratum.\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt,\nregenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats\nPalmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse\nRuderman as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 10.0.12 ESR, which corrects these issues.\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.", "edition": 18, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 / 6 : firefox (ELSA-2013-0144)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0746", "CVE-2013-0766", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0758"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:xulrunner", "p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:xulrunner-devel"], "id": "ORACLELINUX_ELSA-2013-0144.NASL", "href": "https://www.tenable.com/plugins/nessus/68707", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0144 and \n# Oracle Linux Security Advisory ELSA-2013-0144 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68707);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-0744\", \"CVE-2013-0746\", \"CVE-2013-0748\", \"CVE-2013-0750\", \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0758\", \"CVE-2013-0759\", \"CVE-2013-0762\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0769\");\n script_bugtraq_id(57185);\n script_xref(name:\"RHSA\", value:\"2013:0144\");\n\n script_name(english:\"Oracle Linux 5 / 6 : firefox (ELSA-2013-0144)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2013:0144 :\n\nUpdated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750,\nCVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766,\nCVE-2013-0767, CVE-2013-0769)\n\nA flaw was found in the way Chrome Object Wrappers were implemented.\nMalicious content could be used to cause Firefox to execute arbitrary\ncode via plug-ins installed in Firefox. (CVE-2013-0758)\n\nA flaw in the way Firefox displayed URL values in the address bar\ncould allow a malicious site or user to perform a phishing attack.\n(CVE-2013-0759)\n\nAn information disclosure flaw was found in the way certain JavaScript\nfunctions were implemented in Firefox. An attacker could use this flaw\nto bypass Address Space Layout Randomization (ASLR) and other security\nrestrictions. (CVE-2013-0748)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 10.0.12 ESR. You can find a link to\nthe Mozilla advisories in the References section of this erratum.\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt,\nregenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats\nPalmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse\nRuderman as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 10.0.12 ESR, which corrects these issues.\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-January/003191.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-January/003205.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 17.0.1 Flash Privileged Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"firefox-10.0.12-1.0.1.el5_9\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-10.0.12-1.0.1.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-devel-10.0.12-1.0.1.el5_9\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"firefox-10.0.12-1.0.1.el6_3\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xulrunner-10.0.12-1.0.1.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xulrunner-devel-10.0.12-1.0.1.el6_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner / xulrunner-devel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:51:54", "description": "The installed version of Thunderbird 10.x is potentially affected by\nthe following security issues :\n\n - Two intermediate certificates were improperly issued by\n TURKTRUST certificate authority. (CVE-2013-0743)\n\n - A use-after-free error exists related to displaying\n HTML tables with many columns and column groups.\n (CVE-2013-0744)\n\n - An error exists related to 'jsval', 'quickstubs', and\n compartmental mismatches that could lead to potentially\n exploitable crashes. (CVE-2013-0746)\n\n - An error related to the 'toString' method of XBL\n objects could lead to address information leakage.\n (CVE-2013-0748)\n\n - A buffer overflow exists related to JavaScript string\n concatenation. (CVE-2013-0750)\n\n - A use-after-free error exists related to\n 'XMLSerializer' and 'serializeToStream'.\n (CVE-2013-0753)\n\n - A use-after-free error exists related to garbage\n collection and 'ListenManager'. (CVE-2013-0754)\n\n - An error related to SVG elements and plugins could \n allow privilege escalation. (CVE-2013-0758)\n\n - An error exists related to the address bar that could\n allow URL spoofing attacks. (CVE-2013-0759)\n\n - Multiple, unspecified use-after-free, out-of-bounds read\n and buffer overflow errors exist. (CVE-2013-0762,\n CVE-2013-0766, CVE-2013-0767)\n\n - An unspecified memory corruption issue exists.\n (CVE-2013-0769)\n\nPlease note the 10.x ESR branch will no longer be supported as of \n02/13/2013. Only the 17.x ESR branch will receive security updates \nafter that date.", "edition": 26, "published": "2013-01-15T00:00:00", "title": "Mozilla Thunderbird 10.x < 10.0.12 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0743", "CVE-2013-0746", "CVE-2013-0766", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0758"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MOZILLA_THUNDERBIRD_10012.NASL", "href": "https://www.tenable.com/plugins/nessus/63552", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63552);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/12/04\");\n\n script_cve_id(\n \"CVE-2013-0744\",\n \"CVE-2013-0746\",\n \"CVE-2013-0748\",\n \"CVE-2013-0750\",\n \"CVE-2013-0753\",\n \"CVE-2013-0754\",\n \"CVE-2013-0758\",\n \"CVE-2013-0759\",\n \"CVE-2013-0762\",\n \"CVE-2013-0766\",\n \"CVE-2013-0767\",\n \"CVE-2013-0769\"\n );\n script_bugtraq_id(\n 57193,\n 57194,\n 57195,\n 57203,\n 57209,\n 57217,\n 57218,\n 57228,\n 57232,\n 57234,\n 57235,\n 57238,\n 57258\n );\n\n script_name(english:\"Mozilla Thunderbird 10.x < 10.0.12 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a mail client that is potentially\naffected by several vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Thunderbird 10.x is potentially affected by\nthe following security issues :\n\n - Two intermediate certificates were improperly issued by\n TURKTRUST certificate authority. (CVE-2013-0743)\n\n - A use-after-free error exists related to displaying\n HTML tables with many columns and column groups.\n (CVE-2013-0744)\n\n - An error exists related to 'jsval', 'quickstubs', and\n compartmental mismatches that could lead to potentially\n exploitable crashes. (CVE-2013-0746)\n\n - An error related to the 'toString' method of XBL\n objects could lead to address information leakage.\n (CVE-2013-0748)\n\n - A buffer overflow exists related to JavaScript string\n concatenation. (CVE-2013-0750)\n\n - A use-after-free error exists related to\n 'XMLSerializer' and 'serializeToStream'.\n (CVE-2013-0753)\n\n - A use-after-free error exists related to garbage\n collection and 'ListenManager'. (CVE-2013-0754)\n\n - An error related to SVG elements and plugins could \n allow privilege escalation. (CVE-2013-0758)\n\n - An error exists related to the address bar that could\n allow URL spoofing attacks. (CVE-2013-0759)\n\n - Multiple, unspecified use-after-free, out-of-bounds read\n and buffer overflow errors exist. (CVE-2013-0762,\n CVE-2013-0766, CVE-2013-0767)\n\n - An unspecified memory corruption issue exists.\n (CVE-2013-0769)\n\nPlease note the 10.x ESR branch will no longer be supported as of \n02/13/2013. Only the 17.x ESR branch will receive security updates \nafter that date.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-003/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-006/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-039/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-01/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-02/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-04/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-05/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-09/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-11/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-12/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-20/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Thunderbird 10.0.12 ESR or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0769\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 17.0.1 Flash Privileged Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\");\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:TRUE, fix:'10.0.12', min:'10.0', severity:SECURITY_HOLE, xss:TRUE);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:27:36", "description": "The installed version of Firefox is earlier than 10.0.12 and thus, \nis potentially affected by the following security issues :\n\n - Two intermediate certificates were improperly issued by\n TURKTRUST certificate authority. (CVE-2013-0743)\n\n - A use-after-free error exists related to displaying\n HTML tables with many columns and column groups.\n (CVE-2013-0744)\n\n - An error exists related to 'jsval', 'quickstubs', and\n compartmental mismatches that could lead to potentially\n exploitable crashes. (CVE-2013-0746)\n\n - An error related to the 'toString' method of XBL\n objects could lead to address information leakage.\n (CVE-2013-0748)\n\n - A buffer overflow exists related to JavaScript string\n concatenation. (CVE-2013-0750)\n\n - A use-after-free error exists related to\n 'XMLSerializer' and 'serializeToStream'.\n (CVE-2013-0753)\n\n - A use-after-free error exists related to garbage\n collection and 'ListenManager'. (CVE-2013-0754)\n\n - An error related to SVG elements and plugins could \n allow privilege escalation. (CVE-2013-0758)\n\n - An error exists related to the address bar that could\n allow URL spoofing attacks. (CVE-2013-0759)\n\n - Multiple, unspecified use-after-free, out-of-bounds read\n and buffer overflow errors exist. (CVE-2013-0762,\n CVE-2013-0766, CVE-2013-0767)\n\n - An unspecified memory corruption issue exists.\n (CVE-2013-0769)\n\nPlease note the 10.x ESR branch will no longer be supported as of\n02/13/2013. Only the 17.x ESR branch will receive security updates\nafter that date.", "edition": 26, "published": "2013-01-15T00:00:00", "title": "Firefox < 10.0.12 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0743", "CVE-2013-0746", "CVE-2013-0766", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0758"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MACOSX_FIREFOX_10_0_12.NASL", "href": "https://www.tenable.com/plugins/nessus/63542", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63542);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/12/04\");\n\n script_cve_id(\n \"CVE-2013-0744\",\n \"CVE-2013-0746\",\n \"CVE-2013-0748\",\n \"CVE-2013-0750\",\n \"CVE-2013-0753\",\n \"CVE-2013-0754\",\n \"CVE-2013-0758\",\n \"CVE-2013-0759\",\n \"CVE-2013-0762\",\n \"CVE-2013-0766\",\n \"CVE-2013-0767\",\n \"CVE-2013-0769\"\n );\n script_bugtraq_id(\n 57193,\n 57194,\n 57195,\n 57203,\n 57209,\n 57217,\n 57218,\n 57228,\n 57232,\n 57234,\n 57235,\n 57238,\n 57258\n );\n\n script_name(english:\"Firefox < 10.0.12 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox is earlier than 10.0.12 and thus, \nis potentially affected by the following security issues :\n\n - Two intermediate certificates were improperly issued by\n TURKTRUST certificate authority. (CVE-2013-0743)\n\n - A use-after-free error exists related to displaying\n HTML tables with many columns and column groups.\n (CVE-2013-0744)\n\n - An error exists related to 'jsval', 'quickstubs', and\n compartmental mismatches that could lead to potentially\n exploitable crashes. (CVE-2013-0746)\n\n - An error related to the 'toString' method of XBL\n objects could lead to address information leakage.\n (CVE-2013-0748)\n\n - A buffer overflow exists related to JavaScript string\n concatenation. (CVE-2013-0750)\n\n - A use-after-free error exists related to\n 'XMLSerializer' and 'serializeToStream'.\n (CVE-2013-0753)\n\n - A use-after-free error exists related to garbage\n collection and 'ListenManager'. (CVE-2013-0754)\n\n - An error related to SVG elements and plugins could \n allow privilege escalation. (CVE-2013-0758)\n\n - An error exists related to the address bar that could\n allow URL spoofing attacks. (CVE-2013-0759)\n\n - Multiple, unspecified use-after-free, out-of-bounds read\n and buffer overflow errors exist. (CVE-2013-0762,\n CVE-2013-0766, CVE-2013-0767)\n\n - An unspecified memory corruption issue exists.\n (CVE-2013-0769)\n\nPlease note the 10.x ESR branch will no longer be supported as of\n02/13/2013. Only the 17.x ESR branch will receive security updates\nafter that date.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-003/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-006/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-039/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-01/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-02/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-04/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-05/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-09/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-11/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-12/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-20/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Firefox 10.0.12 ESR or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0769\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 17.0.1 Flash Privileged Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:TRUE, fix:'10.0.12', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:01", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0744", "CVE-2013-0746", "CVE-2013-0748", "CVE-2013-0750", "CVE-2013-0753", "CVE-2013-0754", "CVE-2013-0758", "CVE-2013-0759", "CVE-2013-0762", "CVE-2013-0766", "CVE-2013-0767", "CVE-2013-0769"], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753,\nCVE-2013-0754, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769)\n\nA flaw was found in the way Chrome Object Wrappers were implemented.\nMalicious content could be used to cause Firefox to execute arbitrary code\nvia plug-ins installed in Firefox. (CVE-2013-0758)\n\nA flaw in the way Firefox displayed URL values in the address bar could\nallow a malicious site or user to perform a phishing attack.\n(CVE-2013-0759)\n\nAn information disclosure flaw was found in the way certain JavaScript\nfunctions were implemented in Firefox. An attacker could use this flaw to\nbypass Address Space Layout Randomization (ASLR) and other security\nrestrictions. (CVE-2013-0748)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 10.0.12 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt, regenrecht,\nAbhishek Arya, Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki\nIshikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse Ruderman as the\noriginal reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 10.0.12 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n", "modified": "2018-06-06T20:24:21", "published": "2013-01-08T05:00:00", "id": "RHSA-2013:0144", "href": "https://access.redhat.com/errata/RHSA-2013:0144", "type": "redhat", "title": "(RHSA-2013:0144) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:36", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0744", "CVE-2013-0746", "CVE-2013-0748", "CVE-2013-0750", "CVE-2013-0753", "CVE-2013-0754", "CVE-2013-0758", "CVE-2013-0759", "CVE-2013-0762", "CVE-2013-0766", "CVE-2013-0767", "CVE-2013-0769"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content. Malicious\ncontent could cause Thunderbird to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Thunderbird. (CVE-2013-0744,\nCVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762,\nCVE-2013-0766, CVE-2013-0767, CVE-2013-0769)\n\nA flaw was found in the way Chrome Object Wrappers were implemented.\nMalicious content could be used to cause Thunderbird to execute arbitrary\ncode via plug-ins installed in Thunderbird. (CVE-2013-0758)\n\nA flaw in the way Thunderbird displayed URL values could allow malicious\ncontent or a user to perform a phishing attack. (CVE-2013-0759)\n\nAn information disclosure flaw was found in the way certain JavaScript\nfunctions were implemented in Thunderbird. An attacker could use this flaw\nto bypass Address Space Layout Randomization (ASLR) and other security\nrestrictions. (CVE-2013-0748)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt, regenrecht,\nAbhishek Arya, Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki\nIshikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse Ruderman as the\noriginal reporters of these issues.\n\nNote: All issues except CVE-2013-0744, CVE-2013-0753, and CVE-2013-0754\ncannot be exploited by a specially-crafted HTML mail message as JavaScript\nis disabled by default for mail messages. They could be exploited another\nway in Thunderbird, for example, when viewing the full remote content of an\nRSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 10.0.12 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n", "modified": "2018-06-06T20:24:18", "published": "2013-01-08T05:00:00", "id": "RHSA-2013:0145", "href": "https://access.redhat.com/errata/RHSA-2013:0145", "type": "redhat", "title": "(RHSA-2013:0145) Critical: thunderbird security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-10-30T13:21:08", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0746", "CVE-2013-0766", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0758"], "description": "**CentOS Errata and Security Advisory** CESA-2013:0144\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753,\nCVE-2013-0754, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769)\n\nA flaw was found in the way Chrome Object Wrappers were implemented.\nMalicious content could be used to cause Firefox to execute arbitrary code\nvia plug-ins installed in Firefox. (CVE-2013-0758)\n\nA flaw in the way Firefox displayed URL values in the address bar could\nallow a malicious site or user to perform a phishing attack.\n(CVE-2013-0759)\n\nAn information disclosure flaw was found in the way certain JavaScript\nfunctions were implemented in Firefox. An attacker could use this flaw to\nbypass Address Space Layout Randomization (ASLR) and other security\nrestrictions. (CVE-2013-0748)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 10.0.12 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt, regenrecht,\nAbhishek Arya, Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki\nIshikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse Ruderman as the\noriginal reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 10.0.12 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-January/031086.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-January/031088.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-January/031237.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-January/031238.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-January/006661.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-January/006664.html\n\n**Affected packages:**\nfirefox\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2013-0144.html", "edition": 9, "modified": "2013-01-11T13:28:50", "published": "2013-01-09T05:51:05", "href": "http://lists.centos.org/pipermail/centos-announce/2013-January/031086.html", "id": "CESA-2013:0144", "title": "firefox, xulrunner security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-30T13:21:32", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0746", "CVE-2013-0766", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0758"], "description": "**CentOS Errata and Security Advisory** CESA-2013:0145\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content. Malicious\ncontent could cause Thunderbird to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Thunderbird. (CVE-2013-0744,\nCVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762,\nCVE-2013-0766, CVE-2013-0767, CVE-2013-0769)\n\nA flaw was found in the way Chrome Object Wrappers were implemented.\nMalicious content could be used to cause Thunderbird to execute arbitrary\ncode via plug-ins installed in Thunderbird. (CVE-2013-0758)\n\nA flaw in the way Thunderbird displayed URL values could allow malicious\ncontent or a user to perform a phishing attack. (CVE-2013-0759)\n\nAn information disclosure flaw was found in the way certain JavaScript\nfunctions were implemented in Thunderbird. An attacker could use this flaw\nto bypass Address Space Layout Randomization (ASLR) and other security\nrestrictions. (CVE-2013-0748)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt, regenrecht,\nAbhishek Arya, Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki\nIshikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse Ruderman as the\noriginal reporters of these issues.\n\nNote: All issues except CVE-2013-0744, CVE-2013-0753, and CVE-2013-0754\ncannot be exploited by a specially-crafted HTML mail message as JavaScript\nis disabled by default for mail messages. They could be exploited another\nway in Thunderbird, for example, when viewing the full remote content of an\nRSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 10.0.12 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-January/031087.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-January/031239.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-January/006665.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2013-0145.html", "edition": 7, "modified": "2013-01-11T13:30:03", "published": "2013-01-09T05:51:41", "href": "http://lists.centos.org/pipermail/centos-announce/2013-January/031087.html", "id": "CESA-2013:0145", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:25", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0746", "CVE-2013-0766", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0758"], "description": "firefox\n[10.0.12-1.0.1.el6_3]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones\n[10.0.12-1]\n- Update to 10.0.12 ESR\nxulrunner\n[10.0.12-1.0.1.el6_3]\n- Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js\n[10.0.12-1]\n- Update to 10.0.12 ESR", "edition": 4, "modified": "2013-01-08T00:00:00", "published": "2013-01-08T00:00:00", "id": "ELSA-2013-0144", "href": "http://linux.oracle.com/errata/ELSA-2013-0144.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-22T17:07:30", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0746", "CVE-2013-0766", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0758"], "description": "[10.0.12-3.0.1.el6_3]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[10.0.12-3]\n- Update to 10.0.12 ESR", "edition": 5, "modified": "2013-01-08T00:00:00", "published": "2013-01-08T00:00:00", "id": "ELSA-2013-0145", "href": "http://linux.oracle.com/errata/ELSA-2013-0145.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:05:07", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0743", "CVE-2013-0763", "CVE-2013-0746", "CVE-2012-5829", "CVE-2013-0766", "CVE-2013-0747", "CVE-2013-0751", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0768", "CVE-2013-0755", "CVE-2013-0752", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0771", "CVE-2013-0757", "CVE-2013-0749", "CVE-2013-0745", "CVE-2013-0756", "CVE-2013-0760", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0770", "CVE-2013-0758", "CVE-2013-0764"], "description": "Mozilla Firefox is updated to the 10.0.12ESR version.\n\n This is a roll-up update for LTSS.\n\n It fixes a lot of security issues and bugs. 10.0.12ESR\n fixes specifically:\n\n *\n\n MFSA 2013-01: Mozilla developers identified and fixed\n several memory safety bugs in the browser engine used in\n Firefox and other Mozilla-based products. Some of these\n bugs showed evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n Christoph Diehl, Christian Holler, Mats Palmgren, and\n Chiaki Ishikawa reported memory safety problems and crashes\n that affect Firefox ESR 10, Firefox ESR 17, and Firefox 17.\n (CVE-2013-0769)\n\n Bill Gianopoulos, Benoit Jacob, Christoph Diehl,\n Christian Holler, Gary Kwong, Robert O'Callahan, and\n Scoobidiver reported memory safety problems and crashes\n that affect Firefox ESR 17 and Firefox 17. (CVE-2013-0749)\n\n Jesse Ruderman, Christian Holler, Julian Seward, and\n Scoobidiver reported memory safety problems and crashes\n that affect Firefox 17. (CVE-2013-0770)\n\n *\n\n MFSA 2013-02: Security researcher Abhishek Arya\n (Inferno) of the Google Chrome Security Team discovered a\n series critically rated of use-after-free, out of bounds\n read, and buffer overflow issues using the Address\n Sanitizer tool in shipped software. These issues are\n potentially exploitable, allowing for remote code\n execution. We would also like to thank Abhishek for\n reporting three additional user-after-free and out of\n bounds read flaws introduced during Firefox development\n that were fixed before general release.\n\n The following issue has been fixed in Firefox 18:\n\n o Global-buffer-overflow in\n CharDistributionAnalysis::HandleOneChar (CVE-2013-0760)\n\n The following issues has been fixed in Firefox 18,\n ESR 17.0.1, and ESR 10.0.12:\n\n o Heap-use-after-free in imgRequest::OnStopFrame\n (CVE-2013-0762) o Heap-use-after-free in ~nsHTMLEditRules\n (CVE-2013-0766) o Out of bounds read in\n nsSVGPathElement::GetPathLengthScale (CVE-2013-0763) o\n Heap-buffer-overflow in\n gfxTextRun::ShrinkToLigatureBoundaries (CVE-2013-0771)\n\n The following issue has been fixed in Firefox 18 and\n in the earlier ESR 10.0.11 release:\n\n o Heap-buffer-overflow in nsWindow::OnExposeEvent\n (CVE-2012-5829)\n *\n\n MFSA 2013-03: Security researcher miaubiz used the\n Address Sanitizer tool to discover a buffer overflow in\n Canvas when specific bad height and width values were given\n through HTML. This could lead to a potentially exploitable\n crash. (CVE-2013-0768)\n\n Miaubiz also found a potentially exploitable crash\n when 2D and 3D content was mixed which was introduced\n during Firefox development and fixed before general release.\n\n *\n\n MFSA 2013-04: Security researcher Masato Kinugawa\n found a flaw in which the displayed URL values within the\n addressbar can be spoofed by a page during loading. This\n allows for phishing attacks where a malicious page can\n spoof the identify of another site. (CVE-2013-0759)\n\n *\n\n MFSA 2013-05: Using the Address Sanitizer tool,\n security researcher Atte Kettunen from OUSPG discovered\n that the combination of large numbers of columns and column\n groups in a table could cause the array containing the\n columns during rendering to overwrite itself. This can lead\n to a user-after-free causing a potentially exploitable\n crash. (CVE-2013-0744)\n\n *\n\n MFSA 2013-06: Mozilla developer Wesley Johnston\n reported that when there are two or more iframes on the\n same HTML page, an iframe is able to see the touch events\n and their targets that occur within the other iframes on\n the page. If the iframes are from the same origin, they can\n also access the properties and methods of the targets of\n other iframes but same-origin policy (SOP) restricts access\n across domains. This allows for information leakage and\n possibilities for cross-site scripting (XSS) if another\n vulnerability can be used to get around SOP restrictions.\n (CVE-2013-0751)\n\n *\n\n MFSA 2013-07: Mozilla community member Jerry Baker\n reported a crashing issue found through Thunderbird when\n downloading messages over a Secure Sockets Layer (SSL)\n connection. This was caused by a bug in the networking code\n assuming that secure connections were entirely handled on\n the socket transport thread when they can occur on a\n variety of threads. The resulting crash was potentially\n exploitable. (CVE-2013-0764)\n\n *\n\n MFSA 2013-08: Mozilla developer Olli Pettay\n discovered that the AutoWrapperChanger class fails to keep\n some javascript objects alive during garbage collection.\n This can lead to an exploitable crash allowing for\n arbitrary code execution. (CVE-2013-0745)\n\n *\n\n MFSA 2013-09: Mozilla developer Boris Zbarsky\n reported reported a problem where jsval-returning\n quickstubs fail to wrap their return values, causing a\n compartment mismatch. This mismatch can cause garbage\n collection to occur incorrectly and lead to a potentially\n exploitable crash. (CVE-2013-0746)\n\n *\n\n MFSA 2013-10: Mozilla security researcher Jesse\n Ruderman reported that events in the plugin handler can be\n manipulated by web content to bypass same-origin policy\n (SOP) restrictions. This can allow for clickjacking on\n malicious web pages. (CVE-2013-0747)\n\n *\n\n MFSA 2013-11: Mozilla security researcher Jesse\n Ruderman discovered that using the toString function of XBL\n objects can lead to inappropriate information leakage by\n revealing the address space layout instead of just the ID\n of the object. This layout information could potentially be\n used to bypass ASLR and other security protections.\n (CVE-2013-0748)\n\n *\n\n MFSA 2013-12: Security researcher pa_kt reported a\n flaw via TippingPoint's Zero Day Initiative that an integer\n overflow is possible when calculating the length for a\n Javascript string concatenation, which is then used for\n memory allocation. This results in a buffer overflow,\n leading to a potentially exploitable memory corruption.\n (CVE-2013-0750)\n\n *\n\n MFSA 2013-13: Security researcher Sviatoslav Chagaev\n reported that when using an XBL file containing multiple\n XML bindings with SVG content, a memory corruption can\n occur. In concern with remote XUL, this can lead to an\n exploitable crash. (CVE-2013-0752)\n\n *\n\n MFSA 2013-14: Security researcher Mariusz Mlynski\n reported that it is possible to change the prototype of an\n object and bypass Chrome Object Wrappers (COW) to gain\n access to chrome privileged functions. This could allow for\n arbitrary code execution. (CVE-2013-0757)\n\n *\n\n MFSA 2013-15: Security researcher Mariusz Mlynski\n reported that it is possible to open a chrome privileged\n web page through plugin objects through interaction with\n SVG elements. This could allow for arbitrary code\n execution. (CVE-2013-0758)\n\n *\n\n MFSA 2013-16: Security researcher regenrecht\n reported, via TippingPoint's Zero Day Initiative, a\n use-after-free in XMLSerializer by the exposing of\n serializeToStream to web content. This can lead to\n arbitrary code execution when exploited. (CVE-2013-0753)\n\n *\n\n MFSA 2013-17: Security researcher regenrecht\n reported, via TippingPoint's Zero Day Initiative, a\n use-after-free within the ListenerManager when garbage\n collection is forced after data in listener objects have\n been allocated in some circumstances. This results in a\n use-after-free which can lead to arbitrary code execution.\n (CVE-2013-0754)\n\n *\n\n MFSA 2013-18: Security researcher regenrecht\n reported, via TippingPoint's Zero Day Initiative, a\n use-after-free using the domDoc pointer within Vibrate\n library. This can lead to arbitrary code execution when\n exploited. (CVE-2013-0755)\n\n *\n\n MFSA 2013-19: Security researcher regenrecht\n reported, via TippingPoint's Zero Day Initiative, a garbage\n collection flaw in Javascript Proxy objects. This can lead\n to a use-after-free leading to arbitrary code execution.\n (CVE-2013-0756)\n\n *\n\n MFSA 2013-20: Google reported to Mozilla that\n TURKTRUST, a certificate authority in Mozilla's root\n program, had mis-issued two intermediate certificates to\n customers. The issue was not specific to Firefox but there\n was evidence that one of the certificates was used for\n man-in-the-middle (MITM) traffic management of domain names\n that the customer did not legitimately own or control. This\n issue was resolved by revoking the trust for these specific\n mis-issued certificates. (CVE-2013-0743)\n", "edition": 1, "modified": "2013-02-18T18:04:29", "published": "2013-02-18T18:04:29", "id": "SUSE-SU-2013:0306-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00012.html", "title": "Security update for Mozilla Firefox (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:41:56", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0743", "CVE-2013-0763", "CVE-2013-0746", "CVE-2012-5829", "CVE-2013-0766", "CVE-2013-0747", "CVE-2013-0751", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0768", "CVE-2013-0755", "CVE-2013-0752", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0771", "CVE-2013-0757", "CVE-2013-0749", "CVE-2013-0761", "CVE-2013-0745", "CVE-2013-0756", "CVE-2013-0760", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0770", "CVE-2013-0758", "CVE-2013-0764"], "description": "Mozilla Firefox was updated to the 10.0.12ESR release.\n\n *\n\n MFSA 2013-01: Mozilla developers identified and fixed\n several memory safety bugs in the browser engine used in\n Firefox and other Mozilla-based products. Some of these\n bugs showed evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n o Christoph Diehl, Christian Holler, Mats\n Palmgren, and Chiaki Ishikawa reported memory safety\n problems and crashes that affect Firefox ESR 10, Firefox\n ESR 17, and Firefox 17. ( CVE-2013-0769\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0769\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0769</a>\n > ) o Bill Gianopoulos, Benoit Jacob, Christoph Diehl,\n Christian Holler, Gary Kwong, Robert O'Callahan, and\n Scoobidiver reported memory safety problems and crashes\n that affect Firefox ESR 17 and Firefox 17. (CVE-2013-0749\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0749\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0749</a>\n > ) o Jesse Ruderman, Christian Holler, Julian Seward, and\n Scoobidiver reported memory safety problems and crashes\n that affect Firefox 17. (CVE-2013-0770\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0770\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0770</a>\n > )\n *\n\n MFSA 2013-02: Security researcher Abhishek Arya\n (Inferno) of the Google Chrome Security Team discovered a\n series critically rated of use-after-free, out of bounds\n read, and buffer overflow issues using the Address\n Sanitizer tool in shipped software. These issues are\n potentially exploitable, allowing for remote code\n execution. We would also like to thank Abhishek for\n reporting three additional user-after-free and out of\n bounds read flaws introduced during Firefox development\n that were fixed before general release.\n\n The following issue was fixed in Firefox 18:\n\n o Global-buffer-overflow in\n CharDistributionAnalysis::HandleOneChar (CVE-2013-0760\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760</a>\n > )\n\n The following issues were fixed in Firefox 18, ESR\n 17.0.1, and ESR 10.0.12:\n\n o Heap-use-after-free in imgRequest::OnStopFrame\n (CVE-2013-0762\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0762\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0762</a>\n > ) o Heap-use-after-free in ~nsHTMLEditRules\n (CVE-2013-0766\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0766\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0766</a>\n > ) o Out of bounds read in\n nsSVGPathElement::GetPathLengthScale ( CVE-2013-0767\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0767\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0767</a>\n > )\n\n The following issues were fixed in Firefox 18 and ESR\n 17.0.1:\n\n o Heap-use-after-free in\n mozilla::TrackUnionStream::EndTrack ( CVE-2013-0761\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0761\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0761</a>\n > ) o Heap-use-after-free in Mesa, triggerable by resizing\n a WebGL canvas (CVE-2013-0763\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0763\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0763</a>\n > ) o Heap-buffer-overflow in\n gfxTextRun::ShrinkToLigatureBoundaries (CVE-2013-0771\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0771\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0771</a>\n > )\n\n The following issue was fixed in Firefox 18 and in\n the earlier ESR 10.0.11 release:\n\n o Heap-buffer-overflow in nsWindow::OnExposeEvent\n (CVE-2012-5829\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829</a>\n > )\n *\n\n MFSA 2013-03: Security researcher miaubiz used the\n Address Sanitizer tool to discover a buffer overflow in\n Canvas when specific bad height and width values were given\n through HTML. This could lead to a potentially exploitable\n crash. (CVE-2013-0768\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0768\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0768</a>\n > )\n\n Miaubiz also found a potentially exploitable crash\n when 2D and 3D content was mixed which was introduced\n during Firefox development and fixed before general release.\n\n *\n\n MFSA 2013-04: Security researcher Masato Kinugawa\n found a flaw in which the displayed URL values within the\n addressbar can be spoofed by a page during loading. This\n allows for phishing attacks where a malicious page can\n spoof the identify of another site. ( CVE-2013-0759\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0759\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0759</a>\n > )\n\n *\n\n MFSA 2013-05: Using the Address Sanitizer tool,\n security researcher Atte Kettunen from OUSPG discovered\n that the combination of large numbers of columns and column\n groups in a table could cause the array containing the\n columns during rendering to overwrite itself. This can lead\n to a user-after-free causing a potentially exploitable\n crash. ( CVE-2013-0744\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0744\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0744</a>\n > )\n\n *\n\n MFSA 2013-06: Mozilla developer Wesley Johnston\n reported that when there are two or more iframes on the\n same HTML page, an iframe is able to see the touch events\n and their targets that occur within the other iframes on\n the page. If the iframes are from the same origin, they can\n also access the properties and methods of the targets of\n other iframes but same-origin policy (SOP) restricts access\n across domains. This allows for information leakage and\n possibilities for cross-site scripting (XSS) if another\n vulnerability can be used to get around SOP restrictions.\n (CVE-2013-0751\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0751\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0751</a>\n > )\n\n *\n\n MFSA 2013-07: Mozilla community member Jerry Baker\n reported a crashing issue found through Thunderbird when\n downloading messages over a Secure Sockets Layer (SSL)\n connection. This was caused by a bug in the networking code\n assuming that secure connections were entirely handled on\n the socket transport thread when they can occur on a\n variety of threads. The resulting crash was potentially\n exploitable. (CVE-2013-0764\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0764\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0764</a>\n > )\n\n *\n\n MFSA 2013-08: Mozilla developer Olli Pettay\n discovered that the AutoWrapperChanger class fails to keep\n some javascript objects alive during garbage collection.\n This can lead to an exploitable crash allowing for\n arbitrary code execution. (CVE-2013-0745\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0745\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0745</a>\n > )\n\n *\n\n MFSA 2013-09: Mozilla developer Boris Zbarsky\n reported reported a problem where jsval-returning\n quickstubs fail to wrap their return values, causing a\n compartment mismatch. This mismatch can cause garbage\n collection to occur incorrectly and lead to a potentially\n exploitable crash. (CVE-2013-0746\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0746\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0746</a>\n > )\n\n *\n\n MFSA 2013-10: Mozilla security researcher Jesse\n Ruderman reported that events in the plugin handler can be\n manipulated by web content to bypass same-origin policy\n (SOP) restrictions. This can allow for clickjacking on\n malicious web pages. (CVE-2013-0747\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0747\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0747</a>\n > )\n\n *\n\n MFSA 2013-11: Mozilla security researcher Jesse\n Ruderman discovered that using the toString function of XBL\n objects can lead to inappropriate information leakage by\n revealing the address space layout instead of just the ID\n of the object. This layout information could potentially be\n used to bypass ASLR and other security protections.\n (CVE-2013-0748\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0748\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0748</a>\n > )\n\n *\n\n MFSA 2013-12: Security researcher pa_kt reported a\n flaw via TippingPoint's Zero Day Initiative that an integer\n overflow is possible when calculating the length for a\n Javascript string concatenation, which is then used for\n memory allocation. This results in a buffer overflow,\n leading to a potentially exploitable memory corruption.\n (CVE-2013-0750\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0750\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0750</a>\n > )\n\n *\n\n MFSA 2013-13: Security researcher Sviatoslav Chagaev\n reported that when using an XBL file containing multiple\n XML bindings with SVG content, a memory corruption can\n occur. In concern with remote XUL, this can lead to an\n exploitable crash. (CVE-2013-0752\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0752\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0752</a>\n > )\n\n *\n\n MFSA 2013-14: Security researcher Mariusz Mlynski\n reported that it is possible to change the prototype of an\n object and bypass Chrome Object Wrappers (COW) to gain\n access to chrome privileged functions. This could allow for\n arbitrary code execution. (CVE-2013-0757\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0757\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0757</a>\n > )\n\n *\n\n MFSA 2013-15: Security researcher Mariusz Mlynski\n reported that it is possible to open a chrome privileged\n web page through plugin objects through interaction with\n SVG elements. This could allow for arbitrary code\n execution. (CVE-2013-0758\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0758\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0758</a>\n > )\n\n *\n\n MFSA 2013-16: Security researcher regenrecht\n reported, via TippingPoint's Zero Day Initiative, a\n use-after-free in XMLSerializer by the exposing of\n serializeToStream to web content. This can lead to\n arbitrary code execution when exploited. (CVE-2013-0753\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753</a>\n > )\n\n *\n\n MFSA 2013-17: Security researcher regenrecht\n reported, via TippingPoint's Zero Day Initiative, a\n use-after-free within the ListenerManager when garbage\n collection is forced after data in listener objects have\n been allocated in some circumstances. This results in a\n use-after-free which can lead to arbitrary code execution.\n (CVE-2013-0754\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0754\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0754</a>\n > )\n\n *\n\n MFSA 2013-18: Security researcher regenrecht\n reported, via TippingPoint's Zero Day Initiative, a\n use-after-free using the domDoc pointer within Vibrate\n library. This can lead to arbitrary code execution when\n exploited. (CVE-2013-0755\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0755\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0755</a>\n > )\n\n *\n\n MFSA 2013-19: Security researcher regenrecht\n reported, via TippingPoint's Zero Day Initiative, a garbage\n collection flaw in Javascript Proxy objects. This can lead\n to a use-after-free leading to arbitrary code execution.\n (CVE-2013-0756\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0756\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0756</a>\n > )\n\n *\n\n MFSA 2013-20: Google reported to Mozilla that\n TURKTRUST, a certificate authority in Mozilla's root\n program, had mis-issued two intermediate certificates to\n customers. The issue was not specific to Firefox but there\n was evidence that one of the certificates was used for\n man-in-the-middle (MITM) traffic management of domain names\n that the customer did not legitimately own or control. This\n issue was resolved by revoking the trust for these specific\n mis-issued certificates. (CVE-2013-0743\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0743\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0743</a>\n > )\n\n", "edition": 1, "modified": "2013-01-18T19:04:49", "published": "2013-01-18T19:04:49", "id": "SUSE-SU-2013:0048-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html", "type": "suse", "title": "Security update for MozillaFirefox (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:35:06", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0743", "CVE-2013-0763", "CVE-2013-0746", "CVE-2012-5829", "CVE-2013-0766", "CVE-2013-0747", "CVE-2013-0751", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0768", "CVE-2013-0755", "CVE-2013-0752", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0771", "CVE-2013-0757", "CVE-2013-0749", "CVE-2013-0761", "CVE-2013-0745", "CVE-2013-0756", "CVE-2013-0760", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0770", "CVE-2013-0758", "CVE-2013-0764"], "description": "Mozilla Firefox was updated to the 10.0.12ESR release.\n\n *\n\n MFSA 2013-01: Mozilla developers identified and fixed\n several memory safety bugs in the browser engine used in\n Firefox and other Mozilla-based products. Some of these\n bugs showed evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n o Christoph Diehl, Christian Holler, Mats\n Palmgren, and Chiaki Ishikawa reported memory safety\n problems and crashes that affect Firefox ESR 10, Firefox\n ESR 17, and Firefox 17. ( CVE-2013-0769\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0769\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0769</a>\n > ) o Bill Gianopoulos, Benoit Jacob, Christoph Diehl,\n Christian Holler, Gary Kwong, Robert O'Callahan, and\n Scoobidiver reported memory safety problems and crashes\n that affect Firefox ESR 17 and Firefox 17. (CVE-2013-0749\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0749\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0749</a>\n > ) o Jesse Ruderman, Christian Holler, Julian Seward, and\n Scoobidiver reported memory safety problems and crashes\n that affect Firefox 17. (CVE-2013-0770\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0770\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0770</a>\n > )\n *\n\n MFSA 2013-02: Security researcher Abhishek Arya\n (Inferno) of the Google Chrome Security Team discovered a\n series critically rated of use-after-free, out of bounds\n read, and buffer overflow issues using the Address\n Sanitizer tool in shipped software. These issues are\n potentially exploitable, allowing for remote code\n execution. We would also like to thank Abhishek for\n reporting three additional user-after-free and out of\n bounds read flaws introduced during Firefox development\n that were fixed before general release.\n\n The following issue was fixed in Firefox 18:\n\n o Global-buffer-overflow in\n CharDistributionAnalysis::HandleOneChar (CVE-2013-0760\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760</a>\n > )\n\n The following issues were fixed in Firefox 18, ESR\n 17.0.1, and ESR 10.0.12:\n\n o Heap-use-after-free in imgRequest::OnStopFrame\n (CVE-2013-0762\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0762\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0762</a>\n > ) o Heap-use-after-free in ~nsHTMLEditRules\n (CVE-2013-0766\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0766\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0766</a>\n > ) o Out of bounds read in\n nsSVGPathElement::GetPathLengthScale ( CVE-2013-0767\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0767\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0767</a>\n > )\n\n The following issues were fixed in Firefox 18 and ESR\n 17.0.1:\n\n o Heap-use-after-free in\n mozilla::TrackUnionStream::EndTrack ( CVE-2013-0761\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0761\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0761</a>\n > ) o Heap-use-after-free in Mesa, triggerable by resizing\n a WebGL canvas (CVE-2013-0763\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0763\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0763</a>\n > ) o Heap-buffer-overflow in\n gfxTextRun::ShrinkToLigatureBoundaries (CVE-2013-0771\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0771\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0771</a>\n > )\n\n The following issue was fixed in Firefox 18 and in\n the earlier ESR 10.0.11 release:\n\n o Heap-buffer-overflow in nsWindow::OnExposeEvent\n (CVE-2012-5829\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829</a>\n > )\n *\n\n MFSA 2013-03: Security researcher miaubiz used the\n Address Sanitizer tool to discover a buffer overflow in\n Canvas when specific bad height and width values were given\n through HTML. This could lead to a potentially exploitable\n crash. (CVE-2013-0768\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0768\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0768</a>\n > )\n\n Miaubiz also found a potentially exploitable crash\n when 2D and 3D content was mixed which was introduced\n during Firefox development and fixed before general release.\n\n *\n\n MFSA 2013-04: Security researcher Masato Kinugawa\n found a flaw in which the displayed URL values within the\n addressbar can be spoofed by a page during loading. This\n allows for phishing attacks where a malicious page can\n spoof the identify of another site. ( CVE-2013-0759\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0759\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0759</a>\n > )\n\n *\n\n MFSA 2013-05: Using the Address Sanitizer tool,\n security researcher Atte Kettunen from OUSPG discovered\n that the combination of large numbers of columns and column\n groups in a table could cause the array containing the\n columns during rendering to overwrite itself. This can lead\n to a user-after-free causing a potentially exploitable\n crash. ( CVE-2013-0744\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0744\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0744</a>\n > )\n\n *\n\n MFSA 2013-06: Mozilla developer Wesley Johnston\n reported that when there are two or more iframes on the\n same HTML page, an iframe is able to see the touch events\n and their targets that occur within the other iframes on\n the page. If the iframes are from the same origin, they can\n also access the properties and methods of the targets of\n other iframes but same-origin policy (SOP) restricts access\n across domains. This allows for information leakage and\n possibilities for cross-site scripting (XSS) if another\n vulnerability can be used to get around SOP restrictions.\n (CVE-2013-0751\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0751\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0751</a>\n > )\n\n *\n\n MFSA 2013-07: Mozilla community member Jerry Baker\n reported a crashing issue found through Thunderbird when\n downloading messages over a Secure Sockets Layer (SSL)\n connection. This was caused by a bug in the networking code\n assuming that secure connections were entirely handled on\n the socket transport thread when they can occur on a\n variety of threads. The resulting crash was potentially\n exploitable. (CVE-2013-0764\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0764\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0764</a>\n > )\n\n *\n\n MFSA 2013-08: Mozilla developer Olli Pettay\n discovered that the AutoWrapperChanger class fails to keep\n some javascript objects alive during garbage collection.\n This can lead to an exploitable crash allowing for\n arbitrary code execution. (CVE-2013-0745\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0745\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0745</a>\n > )\n\n *\n\n MFSA 2013-09: Mozilla developer Boris Zbarsky\n reported reported a problem where jsval-returning\n quickstubs fail to wrap their return values, causing a\n compartment mismatch. This mismatch can cause garbage\n collection to occur incorrectly and lead to a potentially\n exploitable crash. (CVE-2013-0746\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0746\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0746</a>\n > )\n\n *\n\n MFSA 2013-10: Mozilla security researcher Jesse\n Ruderman reported that events in the plugin handler can be\n manipulated by web content to bypass same-origin policy\n (SOP) restrictions. This can allow for clickjacking on\n malicious web pages. (CVE-2013-0747\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0747\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0747</a>\n > )\n\n *\n\n MFSA 2013-11: Mozilla security researcher Jesse\n Ruderman discovered that using the toString function of XBL\n objects can lead to inappropriate information leakage by\n revealing the address space layout instead of just the ID\n of the object. This layout information could potentially be\n used to bypass ASLR and other security protections.\n (CVE-2013-0748\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0748\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0748</a>\n > )\n\n *\n\n MFSA 2013-12: Security researcher pa_kt reported a\n flaw via TippingPoint's Zero Day Initiative that an integer\n overflow is possible when calculating the length for a\n Javascript string concatenation, which is then used for\n memory allocation. This results in a buffer overflow,\n leading to a potentially exploitable memory corruption.\n (CVE-2013-0750\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0750\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0750</a>\n > )\n\n *\n\n MFSA 2013-13: Security researcher Sviatoslav Chagaev\n reported that when using an XBL file containing multiple\n XML bindings with SVG content, a memory corruption can\n occur. In concern with remote XUL, this can lead to an\n exploitable crash. (CVE-2013-0752\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0752\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0752</a>\n > )\n\n *\n\n MFSA 2013-14: Security researcher Mariusz Mlynski\n reported that it is possible to change the prototype of an\n object and bypass Chrome Object Wrappers (COW) to gain\n access to chrome privileged functions. This could allow for\n arbitrary code execution. (CVE-2013-0757\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0757\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0757</a>\n > )\n\n *\n\n MFSA 2013-15: Security researcher Mariusz Mlynski\n reported that it is possible to open a chrome privileged\n web page through plugin objects through interaction with\n SVG elements. This could allow for arbitrary code\n execution. (CVE-2013-0758\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0758\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0758</a>\n > )\n\n *\n\n MFSA 2013-16: Security researcher regenrecht\n reported, via TippingPoint's Zero Day Initiative, a\n use-after-free in XMLSerializer by the exposing of\n serializeToStream to web content. This can lead to\n arbitrary code execution when exploited. (CVE-2013-0753\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753</a>\n > )\n\n *\n\n MFSA 2013-17: Security researcher regenrecht\n reported, via TippingPoint's Zero Day Initiative, a\n use-after-free within the ListenerManager when garbage\n collection is forced after data in listener objects have\n been allocated in some circumstances. This results in a\n use-after-free which can lead to arbitrary code execution.\n (CVE-2013-0754\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0754\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0754</a>\n > )\n\n *\n\n MFSA 2013-18: Security researcher regenrecht\n reported, via TippingPoint's Zero Day Initiative, a\n use-after-free using the domDoc pointer within Vibrate\n library. This can lead to arbitrary code execution when\n exploited. (CVE-2013-0755\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0755\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0755</a>\n > )\n\n *\n\n MFSA 2013-19: Security researcher regenrecht\n reported, via TippingPoint's Zero Day Initiative, a garbage\n collection flaw in Javascript Proxy objects. This can lead\n to a use-after-free leading to arbitrary code execution.\n (CVE-2013-0756\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0756\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0756</a>\n > )\n\n *\n\n MFSA 2013-20: Google reported to Mozilla that\n TURKTRUST, a certificate authority in Mozilla's root\n program, had mis-issued two intermediate certificates to\n customers. The issue was not specific to Firefox but there\n was evidence that one of the certificates was used for\n man-in-the-middle (MITM) traffic management of domain names\n that the customer did not legitimately own or control. This\n issue was resolved by revoking the trust for these specific\n mis-issued certificates. (CVE-2013-0743\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0743\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0743</a>\n > )\n\n\n", "edition": 1, "modified": "2013-01-18T20:04:36", "published": "2013-01-18T20:04:36", "id": "SUSE-SU-2013:0049-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html", "type": "suse", "title": "Security update for MozillaFirefox (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:10:59", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0743", "CVE-2013-0763", "CVE-2013-0746", "CVE-2012-5829", "CVE-2013-0766", "CVE-2013-0747", "CVE-2013-0751", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0768", "CVE-2013-0755", "CVE-2013-0752", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0771", "CVE-2013-0757", "CVE-2013-0749", "CVE-2013-0761", "CVE-2013-0745", "CVE-2013-0756", "CVE-2013-0760", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0770", "CVE-2013-0758", "CVE-2013-0764"], "description": "Mozilla Firefox was updated to the 10.0.12ESR release for\n LTSS.\n\n *\n\n MFSA 2013-01: Mozilla developers identified and fixed\n several memory safety bugs in the browser engine used in\n Firefox and other Mozilla-based products. Some of these\n bugs showed evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n o Christoph Diehl, Christian Holler, Mats\n Palmgren, and Chiaki Ishikawa reported memory safety\n problems and crashes that affect Firefox ESR 10, Firefox\n ESR 17, and Firefox 17. ( CVE-2013-0769\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0769\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0769</a>\n > ) o Bill Gianopoulos, Benoit Jacob, Christoph Diehl,\n Christian Holler, Gary Kwong, Robert O'Callahan, and\n Scoobidiver reported memory safety problems and crashes\n that affect Firefox ESR 17 and Firefox 17. (CVE-2013-0749\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0749\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0749</a>\n > ) o Jesse Ruderman, Christian Holler, Julian Seward, and\n Scoobidiver reported memory safety problems and crashes\n that affect Firefox 17. (CVE-2013-0770\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0770\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0770</a>\n > )\n *\n\n MFSA 2013-02: Security researcher Abhishek Arya\n (Inferno) of the Google Chrome Security Team discovered a\n series critically rated of use-after-free, out of bounds\n read, and buffer overflow issues using the Address\n Sanitizer tool in shipped software. These issues are\n potentially exploitable, allowing for remote code\n execution. We would also like to thank Abhishek for\n reporting three additional user-after-free and out of\n bounds read flaws introduced during Firefox development\n that were fixed before general release.\n\n The following issue was fixed in Firefox 18:\n\n o Global-buffer-overflow in\n CharDistributionAnalysis::HandleOneChar (CVE-2013-0760\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760</a>\n > )\n\n The following issues were fixed in Firefox 18, ESR\n 17.0.1, and ESR 10.0.12:\n\n o Heap-use-after-free in imgRequest::OnStopFrame\n (CVE-2013-0762\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0762\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0762</a>\n > ) o Heap-use-after-free in ~nsHTMLEditRules\n (CVE-2013-0766\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0766\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0766</a>\n > ) o Out of bounds read in\n nsSVGPathElement::GetPathLengthScale ( CVE-2013-0767\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0767\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0767</a>\n > )\n\n The following issues were fixed in Firefox 18 and ESR\n 17.0.1:\n\n o Heap-use-after-free in\n mozilla::TrackUnionStream::EndTrack ( CVE-2013-0761\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0761\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0761</a>\n > ) o Heap-use-after-free in Mesa, triggerable by resizing\n a WebGL canvas (CVE-2013-0763\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0763\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0763</a>\n > ) o Heap-buffer-overflow in\n gfxTextRun::ShrinkToLigatureBoundaries (CVE-2013-0771\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0771\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0771</a>\n > )\n\n The following issue was fixed in Firefox 18 and in\n the earlier ESR 10.0.11 release:\n\n o Heap-buffer-overflow in nsWindow::OnExposeEvent\n (CVE-2012-5829\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829</a>\n > )\n *\n\n MFSA 2013-03: Security researcher miaubiz used the\n Address Sanitizer tool to discover a buffer overflow in\n Canvas when specific bad height and width values were given\n through HTML. This could lead to a potentially exploitable\n crash. (CVE-2013-0768\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0768\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0768</a>\n > )\n\n Miaubiz also found a potentially exploitable crash\n when 2D and 3D content was mixed which was introduced\n during Firefox development and fixed before general release.\n\n *\n\n MFSA 2013-04: Security researcher Masato Kinugawa\n found a flaw in which the displayed URL values within the\n addressbar can be spoofed by a page during loading. This\n allows for phishing attacks where a malicious page can\n spoof the identify of another site. ( CVE-2013-0759\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0759\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0759</a>\n > )\n\n *\n\n MFSA 2013-05: Using the Address Sanitizer tool,\n security researcher Atte Kettunen from OUSPG discovered\n that the combination of large numbers of columns and column\n groups in a table could cause the array containing the\n columns during rendering to overwrite itself. This can lead\n to a user-after-free causing a potentially exploitable\n crash. ( CVE-2013-0744\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0744\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0744</a>\n > )\n\n *\n\n MFSA 2013-06: Mozilla developer Wesley Johnston\n reported that when there are two or more iframes on the\n same HTML page, an iframe is able to see the touch events\n and their targets that occur within the other iframes on\n the page. If the iframes are from the same origin, they can\n also access the properties and methods of the targets of\n other iframes but same-origin policy (SOP) restricts access\n across domains. This allows for information leakage and\n possibilities for cross-site scripting (XSS) if another\n vulnerability can be used to get around SOP restrictions.\n (CVE-2013-0751\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0751\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0751</a>\n > )\n\n *\n\n MFSA 2013-07: Mozilla community member Jerry Baker\n reported a crashing issue found through Thunderbird when\n downloading messages over a Secure Sockets Layer (SSL)\n connection. This was caused by a bug in the networking code\n assuming that secure connections were entirely handled on\n the socket transport thread when they can occur on a\n variety of threads. The resulting crash was potentially\n exploitable. (CVE-2013-0764\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0764\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0764</a>\n > )\n\n *\n\n MFSA 2013-08: Mozilla developer Olli Pettay\n discovered that the AutoWrapperChanger class fails to keep\n some javascript objects alive during garbage collection.\n This can lead to an exploitable crash allowing for\n arbitrary code execution. (CVE-2013-0745\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0745\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0745</a>\n > )\n\n *\n\n MFSA 2013-09: Mozilla developer Boris Zbarsky\n reported reported a problem where jsval-returning\n quickstubs fail to wrap their return values, causing a\n compartment mismatch. This mismatch can cause garbage\n collection to occur incorrectly and lead to a potentially\n exploitable crash. (CVE-2013-0746\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0746\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0746</a>\n > )\n\n *\n\n MFSA 2013-10: Mozilla security researcher Jesse\n Ruderman reported that events in the plugin handler can be\n manipulated by web content to bypass same-origin policy\n (SOP) restrictions. This can allow for clickjacking on\n malicious web pages. (CVE-2013-0747\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0747\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0747</a>\n > )\n\n *\n\n MFSA 2013-11: Mozilla security researcher Jesse\n Ruderman discovered that using the toString function of XBL\n objects can lead to inappropriate information leakage by\n revealing the address space layout instead of just the ID\n of the object. This layout information could potentially be\n used to bypass ASLR and other security protections.\n (CVE-2013-0748\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0748\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0748</a>\n > )\n\n *\n\n MFSA 2013-12: Security researcher pa_kt reported a\n flaw via TippingPoint's Zero Day Initiative that an integer\n overflow is possible when calculating the length for a\n Javascript string concatenation, which is then used for\n memory allocation. This results in a buffer overflow,\n leading to a potentially exploitable memory corruption.\n (CVE-2013-0750\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0750\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0750</a>\n > )\n\n *\n\n MFSA 2013-13: Security researcher Sviatoslav Chagaev\n reported that when using an XBL file containing multiple\n XML bindings with SVG content, a memory corruption can\n occur. In concern with remote XUL, this can lead to an\n exploitable crash. (CVE-2013-0752\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0752\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0752</a>\n > )\n\n *\n\n MFSA 2013-14: Security researcher Mariusz Mlynski\n reported that it is possible to change the prototype of an\n object and bypass Chrome Object Wrappers (COW) to gain\n access to chrome privileged functions. This could allow for\n arbitrary code execution. (CVE-2013-0757\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0757\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0757</a>\n > )\n\n *\n\n MFSA 2013-15: Security researcher Mariusz Mlynski\n reported that it is possible to open a chrome privileged\n web page through plugin objects through interaction with\n SVG elements. This could allow for arbitrary code\n execution. (CVE-2013-0758\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0758\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0758</a>\n > )\n\n *\n\n MFSA 2013-16: Security researcher regenrecht\n reported, via TippingPoint's Zero Day Initiative, a\n use-after-free in XMLSerializer by the exposing of\n serializeToStream to web content. This can lead to\n arbitrary code execution when exploited. (CVE-2013-0753\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753</a>\n > )\n\n *\n\n MFSA 2013-17: Security researcher regenrecht\n reported, via TippingPoint's Zero Day Initiative, a\n use-after-free within the ListenerManager when garbage\n collection is forced after data in listener objects have\n been allocated in some circumstances. This results in a\n use-after-free which can lead to arbitrary code execution.\n (CVE-2013-0754\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0754\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0754</a>\n > )\n\n *\n\n MFSA 2013-18: Security researcher regenrecht\n reported, via TippingPoint's Zero Day Initiative, a\n use-after-free using the domDoc pointer within Vibrate\n library. This can lead to arbitrary code execution when\n exploited. (CVE-2013-0755\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0755\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0755</a>\n > )\n\n *\n\n MFSA 2013-19: Security researcher regenrecht\n reported, via TippingPoint's Zero Day Initiative, a garbage\n collection flaw in Javascript Proxy objects. This can lead\n to a use-after-free leading to arbitrary code execution.\n (CVE-2013-0756\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0756\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0756</a>\n > )\n\n *\n\n MFSA 2013-20: Google reported to Mozilla that\n TURKTRUST, a certificate authority in Mozilla's root\n program, had mis-issued two intermediate certificates to\n customers. The issue was not specific to Firefox but there\n was evidence that one of the certificates was used for\n man-in-the-middle (MITM) traffic management of domain names\n that the customer did not legitimately own or control. This\n issue was resolved by revoking the trust for these specific\n mis-issued certificates. (CVE-2013-0743\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0743\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0743</a>\n > )\n", "edition": 1, "modified": "2013-02-13T23:04:32", "published": "2013-02-13T23:04:32", "id": "SUSE-SU-2013:0292-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00008.html", "type": "suse", "title": "Security update for MozillaFirefox (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:45:49", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0743", "CVE-2013-0763", "CVE-2013-0746", "CVE-2012-5829", "CVE-2013-0766", "CVE-2013-0747", "CVE-2013-0751", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0768", "CVE-2013-0755", "CVE-2013-0752", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0771", "CVE-2013-0757", "CVE-2013-0749", "CVE-2013-0761", "CVE-2012-0759", "CVE-2013-0745", "CVE-2013-0756", "CVE-2013-0760", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0770", "CVE-2013-0758", "CVE-2013-0764"], "description": "The Mozilla January 8th 2013 security release contains\n updates:\n\n Mozilla Firefox was updated to version 18.0. Mozilla\n Seamonkey was updated to version 2.15. Mozilla Thunderbird\n was updated to version 17.0.2.\n\n * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770\n Miscellaneous memory safety hazards\n * MFSA\n 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0\n 767\n CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829\n Use-after-free and buffer overflow issues found using\n Address Sanitizer\n * MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow\n in Canvas\n * MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in\n addressbar during page loads\n * MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free\n when displaying table with many columns and column groups\n * MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are\n shared across iframes\n * MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to\n handling of SSL on threads\n * MFSA 2013-08/CVE-2013-0745 (bmo#794158)\n AutoWrapperChanger fails to keep objects alive during\n garbage collection\n * MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment\n mismatch with quickstubs returned values\n * MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event\n manipulation in plugin handler to bypass same-origin\n policy\n * MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space\n layout leaked in XBL objects\n * MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow\n in Javascript string concatenation\n * MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption\n in XBL with XML bindings containing SVG\n * MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object\n Wrapper (COW) bypass through changing prototype\n * MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege\n escalation through plugin objects\n * MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in\n serializeToStream\n * MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in\n ListenerManager\n * MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in\n Vibrate\n * MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in\n Javascript Proxy objects\n\n Mozilla NSPR was updated to 4.9.4, containing some small\n bugfixes and new features.\n\n Mozilla NSS was updated to 3.14.1 containing various new\n features, security fix and bugfixes:\n\n * MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)\n revoke mis-issued intermediate certificates from TURKTRUST\n\n Cryptographic changes done:\n * Support for TLS 1.1 (RFC 4346)\n * Experimental support for DTLS 1.0 (RFC 4347) and\n DTLS-SRTP (RFC 5764)\n * Support for AES-CTR, AES-CTS, and AES-GCM\n * Support for Keying Material Exporters for TLS (RFC 5705)\n * Support for certificate signatures using the MD5 hash\n algorithm is now disabled by default\n * The NSS license has changed to MPL 2.0. Previous releases\n were released under a MPL 1.1/GPL 2.0/LGPL 2.1\n tri-license. For more information about MPL 2.0, please\n see <a rel=\"nofollow\" href=\"http://www.mozilla.org/MPL/2.0/FAQ.html\">http://www.mozilla.org/MPL/2.0/FAQ.html</a>. For an\n additional explanation on GPL/LGPL compatibility, see\n security/nss/COPYING in the source code.\n * Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by\n default\n\n Please see <a rel=\"nofollow\" href=\"http://www.mozilla.org/security/announce/\">http://www.mozilla.org/security/announce/</a> for\n more information.\n\n", "edition": 1, "modified": "2013-01-23T14:04:54", "published": "2013-01-23T14:04:54", "id": "OPENSUSE-SU-2013:0131-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html", "type": "suse", "title": "Mozilla Januarys (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:42:58", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0743", "CVE-2013-0763", "CVE-2013-0746", "CVE-2012-5829", "CVE-2013-0766", "CVE-2013-0747", "CVE-2013-0751", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0768", "CVE-2013-0755", "CVE-2013-0752", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0771", "CVE-2013-0757", "CVE-2013-0749", "CVE-2013-0761", "CVE-2012-0759", "CVE-2013-0745", "CVE-2013-0756", "CVE-2013-0760", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0770", "CVE-2013-0758", "CVE-2013-0764"], "description": "The Mozilla January 8th 2013 security release contains\n updates:\n\n Mozilla Firefox was updated to version 18.0. Mozilla\n Seamonkey was updated to version 2.15. Mozilla Thunderbird\n was updated to version 17.0.2. Mozilla XULRunner was\n updated to version 17.0.2.\n\n * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770\n Miscellaneous memory safety hazards\n * MFSA\n 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0\n 767\n CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829\n Use-after-free and buffer overflow issues found using\n Address Sanitizer\n * MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow\n in Canvas\n * MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in\n addressbar during page loads\n * MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free\n when displaying table with many columns and column groups\n * MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are\n shared across iframes\n * MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to\n handling of SSL on threads\n * MFSA 2013-08/CVE-2013-0745 (bmo#794158)\n AutoWrapperChanger fails to keep objects alive during\n garbage collection\n * MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment\n mismatch with quickstubs returned values\n * MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event\n manipulation in plugin handler to bypass same-origin\n policy\n * MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space\n layout leaked in XBL objects\n * MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow\n in Javascript string concatenation\n * MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption\n in XBL with XML bindings containing SVG\n * MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object\n Wrapper (COW) bypass through changing prototype\n * MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege\n escalation through plugin objects\n * MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in\n serializeToStream\n * MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in\n ListenerManager\n * MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in\n Vibrate\n * MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in\n Javascript Proxy objects\n\n Mozilla NSPR was updated to 4.9.4, containing some small\n bugfixes and new features.\n\n Mozilla NSS was updated to 3.14.1 containing various new\n features, security fix and bugfixes:\n\n * MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)\n revoke mis-issued intermediate certificates from TURKTRUST\n\n Cryptographic changes done:\n * Support for TLS 1.1 (RFC 4346)\n * Experimental support for DTLS 1.0 (RFC 4347) and\n DTLS-SRTP (RFC 5764)\n * Support for AES-CTR, AES-CTS, and AES-GCM\n * Support for Keying Material Exporters for TLS (RFC 5705)\n * Support for certificate signatures using the MD5 hash\n algorithm is now disabled by default\n * The NSS license has changed to MPL 2.0. Previous releases\n were released under a MPL 1.1/GPL 2.0/LGPL 2.1\n tri-license. For more information about MPL 2.0, please\n see <a rel=\"nofollow\" href=\"http://www.mozilla.org/MPL/2.0/FAQ.html\">http://www.mozilla.org/MPL/2.0/FAQ.html</a>. For an\n additional explanation on GPL/LGPL compatibility, see\n security/nss/COPYING in the source code.\n * Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by\n default\n\n Please see <a rel=\"nofollow\" href=\"http://www.mozilla.org/security/announce/\">http://www.mozilla.org/security/announce/</a> for\n more information.\n\n", "edition": 1, "modified": "2013-01-23T14:05:53", "published": "2013-01-23T14:05:53", "id": "OPENSUSE-SU-2013:0149-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html", "type": "suse", "title": "Mozilla Januarys (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:21:58", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1945", "CVE-2011-3648", "CVE-2014-1505", "CVE-2014-1536", "CVE-2011-0061", "CVE-2011-0077", "CVE-2014-1513", "CVE-2012-0478", "CVE-2012-4193", "CVE-2012-0442", "CVE-2013-5601", "CVE-2013-1687", "CVE-2013-5612", "CVE-2013-1692", "CVE-2010-0654", "CVE-2012-1962", "CVE-2013-0743", "CVE-2012-0443", "CVE-2012-5842", "CVE-2012-4212", "CVE-2013-5595", "CVE-2010-0176", "CVE-2014-1530", "CVE-2011-0083", "CVE-2010-1203", "CVE-2013-1737", "CVE-2012-4214", "CVE-2008-1236", "CVE-2013-5611", "CVE-2012-1970", "CVE-2008-3835", "CVE-2013-1709", "CVE-2007-3738", "CVE-2012-3989", "CVE-2013-5616", "CVE-2013-1678", "CVE-2010-2762", "CVE-2012-5830", "CVE-2013-0763", "CVE-2014-1510", "CVE-2011-3026", "CVE-2012-0460", "CVE-2013-5613", "CVE-2012-1973", "CVE-2014-1522", "CVE-2011-3654", "CVE-2014-1567", "CVE-2012-1974", "CVE-2010-2766", "CVE-2012-4195", "CVE-2012-3986", "CVE-2013-0783", "CVE-2007-3734", "CVE-2011-2371", "CVE-2014-1481", "CVE-2013-1670", "CVE-2012-4185", "CVE-2010-3777", "CVE-2012-3991", "CVE-2013-1719", "CVE-2012-3968", "CVE-2013-1725", "CVE-2012-3963", "CVE-2014-1539", "CVE-2010-0174", "CVE-2012-0452", "CVE-2013-1735", "CVE-2012-1956", "CVE-2014-1487", "CVE-2012-3978", "CVE-2012-3985", "CVE-2013-0746", "CVE-2012-5829", "CVE-2009-1571", "CVE-2012-1944", "CVE-2012-5838", "CVE-2011-2986", "CVE-2010-1205", "CVE-2014-1538", "CVE-2012-4213", "CVE-2013-1685", "CVE-2012-0479", "CVE-2013-5609", "CVE-2007-3737", "CVE-2013-0766", "CVE-2007-3736", "CVE-2012-1940", "CVE-2013-1697", "CVE-2014-1484", "CVE-2014-1525", "CVE-2012-3993", "CVE-2013-5619", "CVE-2012-5837", "CVE-2008-5500", "CVE-2012-5836", "CVE-2014-1509", "CVE-2009-0772", "CVE-2013-0787", "CVE-2012-3995", "CVE-2012-4201", "CVE-2010-0159", "CVE-2009-0773", "CVE-2011-3659", "CVE-2011-3663", "CVE-2014-1494", "CVE-2014-1559", "CVE-2013-0747", "CVE-2012-0470", "CVE-2012-0446", "CVE-2008-4063", "CVE-2014-1537", "CVE-2013-1694", "CVE-2014-1523", "CVE-2012-1972", "CVE-2010-1200", "CVE-2010-0175", "CVE-2012-3988", "CVE-2012-0457", "CVE-2010-3778", "CVE-2012-3994", "CVE-2013-5615", "CVE-2013-1680", "CVE-2012-3962", "CVE-2012-0459", "CVE-2011-2362", "CVE-2014-1529", "CVE-2013-1724", "CVE-2010-1213", "CVE-2013-5597", "CVE-2012-5843", "CVE-2014-1543", "CVE-2014-1486", "CVE-2011-0085", "CVE-2013-5590", "CVE-2008-5510", "CVE-2011-0080", "CVE-2013-0780", "CVE-2008-5502", "CVE-2010-3765", "CVE-2013-1732", "CVE-2013-0744", "CVE-2013-0795", "CVE-2008-1237", "CVE-2013-1720", "CVE-2008-4070", "CVE-2013-0748", "CVE-2012-4183", "CVE-2010-3178", "CVE-2013-1679", "CVE-2007-3285", "CVE-2013-5610", "CVE-2013-0768", "CVE-2011-3661", "CVE-2012-4181", "CVE-2014-1532", "CVE-2013-6671", "CVE-2009-0040", "CVE-2011-3652", "CVE-2013-0755", "CVE-2008-4067", "CVE-2014-1548", "CVE-2011-2364", "CVE-2014-1531", "CVE-2013-0752", "CVE-2012-4186", "CVE-2014-1508", "CVE-2012-1948", "CVE-2008-5012", "CVE-2012-1938", "CVE-2013-0796", "CVE-2012-0449", "CVE-2010-3769", "CVE-2012-3969", "CVE-2014-1502", "CVE-2013-1723", "CVE-2013-0782", "CVE-2012-1953", "CVE-2012-1949", "CVE-2014-1542", "CVE-2012-0456", "CVE-2011-2372", "CVE-2010-3169", "CVE-2012-3970", "CVE-2011-0053", "CVE-2012-5840", "CVE-2010-3176", "CVE-2012-4191", "CVE-2010-3174", "CVE-2010-3768", "CVE-2014-1477", "CVE-2013-0800", "CVE-2010-1212", "CVE-2013-1681", "CVE-2010-1211", "CVE-2010-1121", "CVE-2013-0773", "CVE-2013-0754", "CVE-2010-3167", "CVE-2012-4202", "CVE-2010-3180", "CVE-2012-3957", "CVE-2011-3660", "CVE-2014-1540", "CVE-2014-1534", "CVE-2012-1941", "CVE-2013-1738", "CVE-2014-1482", "CVE-2014-1479", "CVE-2008-4066", "CVE-2008-5018", "CVE-2012-3984", "CVE-2014-1504", "CVE-2012-0444", "CVE-2011-3650", "CVE-2014-1511", "CVE-2010-2753", "CVE-2012-1946", "CVE-2010-3776", "CVE-2012-4182", "CVE-2008-1233", "CVE-2012-4187", "CVE-2012-3983", "CVE-2011-0062", "CVE-2008-0016", "CVE-2011-3101", "CVE-2010-3168", "CVE-2013-0788", "CVE-2013-1728", "CVE-2014-1545", "CVE-2010-0173", "CVE-2012-0472", "CVE-2013-5592", "CVE-2013-1730", "CVE-2008-4059", "CVE-2010-2764", "CVE-2014-1492", "CVE-2011-0081", "CVE-2009-0771", "CVE-2007-3670", "CVE-2012-1954", "CVE-2009-0774", "CVE-2014-1556", "CVE-2012-0461", "CVE-2011-2376", "CVE-2012-3958", "CVE-2012-0469", "CVE-2014-1563", "CVE-2014-1524", "CVE-2014-1512", "CVE-2012-1975", "CVE-2011-0075", "CVE-2013-1690", "CVE-2012-0464", "CVE-2013-0775", "CVE-2012-1967", "CVE-2013-5604", "CVE-2014-1514", "CVE-2010-3166", "CVE-2011-0074", "CVE-2013-0801", "CVE-2012-3956", "CVE-2010-2769", "CVE-2012-3982", "CVE-2009-3555", "CVE-2013-1714", "CVE-2011-2989", "CVE-2010-1196", "CVE-2008-5021", "CVE-2008-5017", "CVE-2013-0769", "CVE-2012-3966", "CVE-2013-0771", "CVE-2014-1490", "CVE-2012-5839", "CVE-2013-0757", "CVE-2014-1498", "CVE-2012-1961", "CVE-2010-3173", "CVE-2012-4216", "CVE-2008-4062", "CVE-2010-3179", "CVE-2010-0182", "CVE-2014-1565", "CVE-2012-3967", "CVE-2013-0749", "CVE-2011-3651", "CVE-2008-4060", "CVE-2007-3656", "CVE-2008-1234", "CVE-2012-1951", "CVE-2012-0475", "CVE-2014-1555", "CVE-2014-1564", "CVE-2012-1952", "CVE-2010-1201", "CVE-2013-0761", "CVE-2013-1669", "CVE-2010-1585", "CVE-2012-3959", "CVE-2012-0455", "CVE-2014-1558", "CVE-2011-0084", "CVE-2012-0759", "CVE-2007-3089", "CVE-2014-1519", "CVE-2013-1701", "CVE-2012-0474", "CVE-2012-3975", "CVE-2010-2768", "CVE-2008-5014", "CVE-2013-1684", "CVE-2008-4058", "CVE-2012-4184", "CVE-2012-0447", "CVE-2014-1547", "CVE-2011-3232", "CVE-2012-4205", "CVE-2014-1480", "CVE-2014-1500", "CVE-2011-0069", "CVE-2013-6630", "CVE-2008-5022", "CVE-2008-5512", "CVE-2014-1497", "CVE-2013-5596", "CVE-2012-3992", "CVE-2008-1235", "CVE-2013-1676", "CVE-2013-0789", "CVE-2008-5501", "CVE-2008-4068", "CVE-2008-5016", "CVE-2013-1675", "CVE-2014-1478", "CVE-2012-3980", "CVE-2008-5503", "CVE-2011-2374", "CVE-2012-1955", "CVE-2012-1960", "CVE-2012-0445", "CVE-2012-0462", "CVE-2012-4217", "CVE-2013-1686", "CVE-2013-0745", "CVE-2013-0756", "CVE-2012-4218", "CVE-2013-0760", "CVE-2011-2377", "CVE-2014-1485", "CVE-2014-1493", "CVE-2007-3735", "CVE-2011-3000", "CVE-2010-2765", "CVE-2014-1544", "CVE-2010-2767", "CVE-2011-0078", "CVE-2012-3960", "CVE-2010-3175", "CVE-2012-0451", "CVE-2011-3655", "CVE-2012-4180", "CVE-2013-0767", "CVE-2010-3182", "CVE-2009-0776", "CVE-2013-5603", "CVE-2012-1959", "CVE-2011-2363", "CVE-2011-0070", "CVE-2013-1682", "CVE-2012-1947", "CVE-2013-6673", "CVE-2013-1674", "CVE-2013-0762", "CVE-2014-1562", "CVE-2010-3170", "CVE-2011-3005", "CVE-2012-4208", "CVE-2011-3658", "CVE-2014-1541", "CVE-2011-2373", "CVE-2008-5511", "CVE-2011-2992", "CVE-2014-1488", "CVE-2012-1957", "CVE-2012-1958", "CVE-2008-4064", "CVE-2012-1976", "CVE-2011-1187", "CVE-2012-5835", "CVE-2014-1552", "CVE-2010-3183", "CVE-2010-1202", "CVE-2012-0468", "CVE-2013-5599", "CVE-2014-1553", "CVE-2014-1549", "CVE-2013-1713", "CVE-2008-5508", "CVE-2012-3972", "CVE-2012-4207", "CVE-2011-2988", "CVE-2008-4061", "CVE-2013-5591", "CVE-2010-1199", "CVE-2012-4204", "CVE-2013-5602", "CVE-2011-2985", "CVE-2012-4192", "CVE-2011-2987", "CVE-2012-4188", "CVE-2012-0441", "CVE-2013-0774", "CVE-2008-5024", "CVE-2013-0753", "CVE-2012-5833", "CVE-2014-1557", "CVE-2013-1736", "CVE-2014-1526", "CVE-2013-0776", "CVE-2012-3964", "CVE-2013-5593", "CVE-2014-1550", "CVE-2013-1718", "CVE-2012-5841", "CVE-2014-1533", "CVE-2013-1717", "CVE-2010-2754", "CVE-2008-5507", "CVE-2012-3990", "CVE-2014-1491", "CVE-2013-6672", "CVE-2013-5614", "CVE-2008-4065", "CVE-2013-1693", "CVE-2010-2760", "CVE-2013-0750", "CVE-2012-1937", "CVE-2014-1560", "CVE-2012-4215", "CVE-2013-6629", "CVE-2012-0463", "CVE-2013-1677", "CVE-2011-2991", "CVE-2013-0770", "CVE-2013-0793", "CVE-2012-4179", "CVE-2011-3001", "CVE-2014-1483", "CVE-2014-1489", "CVE-2011-3062", "CVE-2012-0477", "CVE-2013-1722", "CVE-2012-0473", "CVE-2012-4194", "CVE-2011-2365", "CVE-2012-4209", "CVE-2012-1963", "CVE-2012-4196", "CVE-2008-5506", "CVE-2013-1710", "CVE-2012-0467", "CVE-2012-0458", "CVE-2013-0758", "CVE-2013-5600", "CVE-2010-2752", "CVE-2014-1499", "CVE-2014-1518", "CVE-2012-0471", "CVE-2012-3961", "CVE-2014-1561", "CVE-2012-3971", "CVE-2013-0764", "CVE-2014-1528", "CVE-2013-5618", "CVE-2011-0072"], "description": "This patch contains security updates for\n\n * mozilla-nss 3.16.4\n - The following 1024-bit root CA certificate was restored to allow more\n time to develop a better transition strategy for affected sites. It\n was removed in NSS 3.16.3, but discussion in the\n mozilla.dev.security.policy forum led to the decision to keep this\n root included longer in order to give website administrators more time\n to update their web servers.\n - CN = GTE CyberTrust Global Root\n * In NSS 3.16.3, the 1024-bit "Entrust.net Secure Server Certification\n Authority" root CA certificate was removed. In NSS 3.16.4, a 2048-bit\n intermediate CA certificate has been included, without explicit trust.\n The intention is to mitigate the effects of the previous removal of\n the 1024-bit Entrust.net root certificate, because many public\n Internet sites still use the "USERTrust Legacy Secure Server CA"\n intermediate certificate that is signed by the 1024-bit Entrust.net\n root certificate. The inclusion of the intermediate certificate is a\n temporary measure to allow those sites to function, by allowing them\n to find a trust path to another 2048-bit root CA certificate. The\n temporarily included intermediate certificate expires November 1, 2015.\n\n * Firefox 31.1esr Firefox is updated from 24esr to 31esr as maintenance\n for version 24 stopped\n\n", "edition": 1, "modified": "2014-09-09T18:04:16", "published": "2014-09-09T18:04:16", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00004.html", "id": "OPENSUSE-SU-2014:1100-1", "title": "Firefox update to 31.1esr (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-02T11:39:33", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0743", "CVE-2013-0763", "CVE-2013-0746", "CVE-2012-5829", "CVE-2013-0766", "CVE-2013-0747", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0768", "CVE-2013-0755", "CVE-2013-0752", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0771", "CVE-2013-0757", "CVE-2013-0749", "CVE-2013-0761", "CVE-2013-0745", "CVE-2013-0756", "CVE-2013-0760", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0770", "CVE-2013-0758", "CVE-2013-0764"], "description": "USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, \nFirefox suffered from instabilities when accessing some websites. This \nupdate fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nChristoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill \nGianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, \nand Julian Seward discovered multiple memory safety issues affecting \nFirefox. If the user were tricked into opening a specially crafted page, an \nattacker could possibly exploit these to cause a denial of service via \napplication crash, or potentially execute code with the privileges of the \nuser invoking Firefox. (CVE-2013-0769, CVE-2013-0749, CVE-2013-0770)\n\nAbhishek Arya discovered several user-after-free and buffer overflows in \nFirefox. An attacker could exploit these to cause a denial of service via \napplication crash, or potentially execute code with the privileges of the \nuser invoking Firefox. (CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, \nCVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771, CVE-2012-5829)\n\nA stack buffer was discovered in Firefox. If the user were tricked into \nopening a specially crafted page, an attacker could possibly exploit this \nto cause a denial of service via application crash, or potentially execute \ncode with the privileges of the user invoking Firefox. (CVE-2013-0768)\n\nMasato Kinugawa discovered that Firefox did not always properly display URL \nvalues in the address bar. A remote attacker could exploit this to conduct \nURL spoofing and phishing attacks. (CVE-2013-0759)\n\nAtte Kettunen discovered that Firefox did not properly handle HTML tables \nwith a large number of columns and column groups. If the user were tricked \ninto opening a specially crafted page, an attacker could exploit this to \ncause a denial of service via application crash, or potentially execute \ncode with the privileges of the user invoking Firefox. (CVE-2013-0744)\n\nJerry Baker discovered that Firefox did not always properly handle \nthreading when performing downloads over SSL connections. An attacker could \nexploit this to cause a denial of service via application crash. \n(CVE-2013-0764)\n\nOlli Pettay and Boris Zbarsky discovered flaws in the Javacript engine of \nFirefox. An attacker could cause a denial of service via application crash, \nor potentially execute code with the privileges of the user invoking \nFirefox. (CVE-2013-0745, CVE-2013-0746)\n\nJesse Ruderman discovered a flaw in the way Firefox handled plugins. If a \nuser were tricked into opening a specially crafted page, a remote attacker \ncould exploit this to bypass security protections to conduct clickjacking \nattacks. (CVE-2013-0747)\n\nJesse Ruderman discovered an information leak in Firefox. An attacker could \nexploit this to reveal memory address layout which could help in bypassing \nASLR protections. (CVE-2013-0748)\n\nAn integer overflow was discovered in the Javascript engine, leading to a \nheap-based buffer overflow. If the user were tricked into opening a \nspecially crafted page, an attacker could possibly exploit this to execute \ncode with the privileges of the user invoking Firefox. (CVE-2013-0750)\n\nSviatoslav Chagaev discovered that Firefox did not properly handle XBL \nfiles with multiple XML bindings with SVG content. An attacker could cause \na denial of service via application crash, or potentially execute code with \nthe privileges of the user invoking Firefox. (CVE-2013-0752)\n\nMariusz Mlynski discovered two flaws to gain access to privileged chrome \nfunctions. An attacker could possibly exploit this to execute code with the \nprivileges of the user invoking Firefox. (CVE-2013-0757, CVE-2013-0758)\n\nSeveral use-after-free issues were discovered in Firefox. If the user were \ntricked into opening a specially crafted page, an attacker could possibly \nexploit this to execute code with the privileges of the user invoking \nFirefox. (CVE-2013-0753, CVE-2013-0754, CVE-2013-0755, CVE-2013-0756)\n\nTwo intermediate CA certificates were mis-issued by the TURKTRUST \ncertificate authority. If a remote attacker were able to perform a \nman-in-the-middle attack, this flaw could be exploited to view sensitive \ninformation. (CVE-2013-0743)", "edition": 5, "modified": "2013-02-05T00:00:00", "published": "2013-02-05T00:00:00", "id": "USN-1681-4", "href": "https://ubuntu.com/security/notices/USN-1681-4", "title": "Firefox regression", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-15T01:36:54", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0743", "CVE-2013-0763", "CVE-2013-0746", "CVE-2012-5829", "CVE-2013-0766", "CVE-2013-0747", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0768", "CVE-2013-0755", "CVE-2013-0752", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0771", "CVE-2013-0757", "CVE-2013-0749", "CVE-2013-0761", "CVE-2013-0745", "CVE-2013-0756", "CVE-2013-0760", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0770", "CVE-2013-0758", "CVE-2013-0764"], "description": "USN-1681-1 fixed vulnerabilities in Firefox. This update provides the \ncorresponding updates for Thunderbird.\n\nOriginal advisory details:\n\nChristoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill \nGianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, \nand Julian Seward discovered multiple memory safety issues affecting \nFirefox. If the user were tricked into opening a specially crafted page, an \nattacker could possibly exploit these to cause a denial of service via \napplication crash, or potentially execute code with the privileges of the \nuser invoking Firefox. (CVE-2013-0769, CVE-2013-0749, CVE-2013-0770)\n\nAbhishek Arya discovered several user-after-free and buffer overflows in \nFirefox. An attacker could exploit these to cause a denial of service via \napplication crash, or potentially execute code with the privileges of the \nuser invoking Firefox. (CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, \nCVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771, CVE-2012-5829)\n\nA stack buffer was discovered in Firefox. If the user were tricked into \nopening a specially crafted page, an attacker could possibly exploit this \nto cause a denial of service via application crash, or potentially execute \ncode with the privileges of the user invoking Firefox. (CVE-2013-0768)\n\nMasato Kinugawa discovered that Firefox did not always properly display URL \nvalues in the address bar. A remote attacker could exploit this to conduct \nURL spoofing and phishing attacks. (CVE-2013-0759)\n\nAtte Kettunen discovered that Firefox did not properly handle HTML tables \nwith a large number of columns and column groups. If the user were tricked \ninto opening a specially crafted page, an attacker could exploit this to \ncause a denial of service via application crash, or potentially execute \ncode with the privileges of the user invoking Firefox. (CVE-2013-0744)\n\nJerry Baker discovered that Firefox did not always properly handle \nthreading when performing downloads over SSL connections. An attacker could \nexploit this to cause a denial of service via application crash. \n(CVE-2013-0764)\n\nOlli Pettay and Boris Zbarsky discovered flaws in the Javacript engine of \nFirefox. An attacker could cause a denial of service via application crash, \nor potentially execute code with the privileges of the user invoking \nFirefox. (CVE-2013-0745, CVE-2013-0746)\n\nJesse Ruderman discovered a flaw in the way Firefox handled plugins. If a \nuser were tricked into opening a specially crafted page, a remote attacker \ncould exploit this to bypass security protections to conduct clickjacking \nattacks. (CVE-2013-0747)\n\nJesse Ruderman discovered an information leak in Firefox. An attacker could \nexploit this to reveal memory address layout which could help in bypassing \nASLR protections. (CVE-2013-0748)\n\nAn integer overflow was discovered in the Javascript engine, leading to a \nheap-based buffer overflow. If the user were tricked into opening a \nspecially crafted page, an attacker could possibly exploit this to execute \ncode with the privileges of the user invoking Firefox. (CVE-2013-0750)\n\nSviatoslav Chagaev discovered that Firefox did not properly handle XBL \nfiles with multiple XML bindings with SVG content. An attacker could cause \na denial of service via application crash, or potentially execute code with \nthe privileges of the user invoking Firefox. (CVE-2013-0752)\n\nMariusz Mlynski discovered two flaws to gain access to privileged chrome \nfunctions. An attacker could possibly exploit this to execute code with the \nprivileges of the user invoking Firefox. (CVE-2013-0757, CVE-2013-0758)\n\nSeveral use-after-free issues were discovered in Firefox. If the user were \ntricked into opening a specially crafted page, an attacker could possibly \nexploit this to execute code with the privileges of the user invoking \nFirefox. (CVE-2013-0753, CVE-2013-0754, CVE-2013-0755, CVE-2013-0756)\n\nTwo intermediate CA certificates were mis-issued by the TURKTRUST \ncertificate authority. If a remote attacker were able to perform a \nman-in-the-middle attack, this flaw could be exploited to view sensitive \ninformation. (CVE-2013-0743)", "edition": 6, "modified": "2013-01-09T00:00:00", "published": "2013-01-09T00:00:00", "id": "USN-1681-2", "href": "https://ubuntu.com/security/notices/USN-1681-2", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-15T01:44:04", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0743", "CVE-2013-0763", "CVE-2013-0746", "CVE-2012-5829", "CVE-2013-0766", "CVE-2013-0747", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0768", "CVE-2013-0755", "CVE-2013-0752", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0771", "CVE-2013-0757", "CVE-2013-0749", "CVE-2013-0761", "CVE-2013-0745", "CVE-2013-0756", "CVE-2013-0760", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0770", "CVE-2013-0758", "CVE-2013-0764"], "description": "Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill \nGianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, \nand Julian Seward discovered multiple memory safety issues affecting \nFirefox. If the user were tricked into opening a specially crafted page, an \nattacker could possibly exploit these to cause a denial of service via \napplication crash, or potentially execute code with the privileges of the \nuser invoking Firefox. (CVE-2013-0769, CVE-2013-0749, CVE-2013-0770)\n\nAbhishek Arya discovered several user-after-free and buffer overflows in \nFirefox. An attacker could exploit these to cause a denial of service via \napplication crash, or potentially execute code with the privileges of the \nuser invoking Firefox. (CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, \nCVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771, CVE-2012-5829)\n\nA stack buffer was discovered in Firefox. If the user were tricked into \nopening a specially crafted page, an attacker could possibly exploit this \nto cause a denial of service via application crash, or potentially execute \ncode with the privileges of the user invoking Firefox. (CVE-2013-0768)\n\nMasato Kinugawa discovered that Firefox did not always properly display URL \nvalues in the address bar. A remote attacker could exploit this to conduct \nURL spoofing and phishing attacks. (CVE-2013-0759)\n\nAtte Kettunen discovered that Firefox did not properly handle HTML tables \nwith a large number of columns and column groups. If the user were tricked \ninto opening a specially crafted page, an attacker could exploit this to \ncause a denial of service via application crash, or potentially execute \ncode with the privileges of the user invoking Firefox. (CVE-2013-0744)\n\nJerry Baker discovered that Firefox did not always properly handle \nthreading when performing downloads over SSL connections. An attacker could \nexploit this to cause a denial of service via application crash. \n(CVE-2013-0764)\n\nOlli Pettay and Boris Zbarsky discovered flaws in the Javacript engine of \nFirefox. An attacker could cause a denial of service via application crash, \nor potentially execute code with the privileges of the user invoking \nFirefox. (CVE-2013-0745, CVE-2013-0746)\n\nJesse Ruderman discovered a flaw in the way Firefox handled plugins. If a \nuser were tricked into opening a specially crafted page, a remote attacker \ncould exploit this to bypass security protections to conduct clickjacking \nattacks. (CVE-2013-0747)\n\nJesse Ruderman discovered an information leak in Firefox. An attacker could \nexploit this to reveal memory address layout which could help in bypassing \nASLR protections. (CVE-2013-0748)\n\nAn integer overflow was discovered in the Javascript engine, leading to a \nheap-based buffer overflow. If the user were tricked into opening a \nspecially crafted page, an attacker could possibly exploit this to execute \ncode with the privileges of the user invoking Firefox. (CVE-2013-0750)\n\nSviatoslav Chagaev discovered that Firefox did not properly handle XBL \nfiles with multiple XML bindings with SVG content. An attacker could cause \na denial of service via application crash, or potentially execute code with \nthe privileges of the user invoking Firefox. (CVE-2013-0752)\n\nMariusz Mlynski discovered two flaws to gain access to privileged chrome \nfunctions. An attacker could possibly exploit this to execute code with the \nprivileges of the user invoking Firefox. (CVE-2013-0757, CVE-2013-0758)\n\nSeveral use-after-free issues were discovered in Firefox. If the user were \ntricked into opening a specially crafted page, an attacker could possibly \nexploit this to execute code with the privileges of the user invoking \nFirefox. (CVE-2013-0753, CVE-2013-0754, CVE-2013-0755, CVE-2013-0756)\n\nTwo intermediate CA certificates were mis-issued by the TURKTRUST \ncertificate authority. If a remote attacker were able to perform a \nman-in-the-middle attack, this flaw could be exploited to view sensitive \ninformation. (CVE-2013-0743)", "edition": 6, "modified": "2013-01-09T00:00:00", "published": "2013-01-09T00:00:00", "id": "USN-1681-1", "href": "https://ubuntu.com/security/notices/USN-1681-1", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:35:48", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0743", "CVE-2013-0763", "CVE-2013-0746", "CVE-2012-5829", "CVE-2013-0766", "CVE-2013-0747", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0768", "CVE-2013-0755", "CVE-2013-0752", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0771", "CVE-2013-0757", "CVE-2013-0749", "CVE-2013-0761", "CVE-2013-0745", "CVE-2013-0756", "CVE-2013-0760", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0770", "CVE-2013-0758", "CVE-2013-0764"], "description": "USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, \nsome translations became unusable after upgrading. This update fixes the \nproblem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nChristoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill \nGianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, \nand Julian Seward discovered multiple memory safety issues affecting \nFirefox. If the user were tricked into opening a specially crafted page, an \nattacker could possibly exploit these to cause a denial of service via \napplication crash, or potentially execute code with the privileges of the \nuser invoking Firefox. (CVE-2013-0769, CVE-2013-0749, CVE-2013-0770)\n\nAbhishek Arya discovered several user-after-free and buffer overflows in \nFirefox. An attacker could exploit these to cause a denial of service via \napplication crash, or potentially execute code with the privileges of the \nuser invoking Firefox. (CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, \nCVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771, CVE-2012-5829)\n\nA stack buffer was discovered in Firefox. If the user were tricked into \nopening a specially crafted page, an attacker could possibly exploit this \nto cause a denial of service via application crash, or potentially execute \ncode with the privileges of the user invoking Firefox. (CVE-2013-0768)\n\nMasato Kinugawa discovered that Firefox did not always properly display URL \nvalues in the address bar. A remote attacker could exploit this to conduct \nURL spoofing and phishing attacks. (CVE-2013-0759)\n\nAtte Kettunen discovered that Firefox did not properly handle HTML tables \nwith a large number of columns and column groups. If the user were tricked \ninto opening a specially crafted page, an attacker could exploit this to \ncause a denial of service via application crash, or potentially execute \ncode with the privileges of the user invoking Firefox. (CVE-2013-0744)\n\nJerry Baker discovered that Firefox did not always properly handle \nthreading when performing downloads over SSL connections. An attacker could \nexploit this to cause a denial of service via application crash. \n(CVE-2013-0764)\n\nOlli Pettay and Boris Zbarsky discovered flaws in the Javacript engine of \nFirefox. An attacker could cause a denial of service via application crash, \nor potentially execute code with the privileges of the user invoking \nFirefox. (CVE-2013-0745, CVE-2013-0746)\n\nJesse Ruderman discovered a flaw in the way Firefox handled plugins. If a \nuser were tricked into opening a specially crafted page, a remote attacker \ncould exploit this to bypass security protections to conduct clickjacking \nattacks. (CVE-2013-0747)\n\nJesse Ruderman discovered an information leak in Firefox. An attacker could \nexploit this to reveal memory address layout which could help in bypassing \nASLR protections. (CVE-2013-0748)\n\nAn integer overflow was discovered in the Javascript engine, leading to a \nheap-based buffer overflow. If the user were tricked into opening a \nspecially crafted page, an attacker could possibly exploit this to execute \ncode with the privileges of the user invoking Firefox. (CVE-2013-0750)\n\nSviatoslav Chagaev discovered that Firefox did not properly handle XBL \nfiles with multiple XML bindings with SVG content. An attacker could cause \na denial of service via application crash, or potentially execute code with \nthe privileges of the user invoking Firefox. (CVE-2013-0752)\n\nMariusz Mlynski discovered two flaws to gain access to privileged chrome \nfunctions. An attacker could possibly exploit this to execute code with the \nprivileges of the user invoking Firefox. (CVE-2013-0757, CVE-2013-0758)\n\nSeveral use-after-free issues were discovered in Firefox. If the user were \ntricked into opening a specially crafted page, an attacker could possibly \nexploit this to execute code with the privileges of the user invoking \nFirefox. (CVE-2013-0753, CVE-2013-0754, CVE-2013-0755, CVE-2013-0756)\n\nTwo intermediate CA certificates were mis-issued by the TURKTRUST \ncertificate authority. If a remote attacker were able to perform a \nman-in-the-middle attack, this flaw could be exploited to view sensitive \ninformation. (CVE-2013-0743)", "edition": 5, "modified": "2013-01-22T00:00:00", "published": "2013-01-22T00:00:00", "id": "USN-1681-3", "href": "https://ubuntu.com/security/notices/USN-1681-3", "title": "Firefox regression", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:50", "bulletinFamily": "software", "cvelist": ["CVE-2013-0743", "CVE-2013-0763", "CVE-2013-0746", "CVE-2012-5829", "CVE-2013-0766", "CVE-2013-0747", "CVE-2013-0751", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0768", "CVE-2013-0755", "CVE-2013-0752", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0771", "CVE-2013-0757", "CVE-2013-0749", "CVE-2013-0761", "CVE-2013-0745", "CVE-2013-0756", "CVE-2013-0760", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0770", "CVE-2013-0758", "CVE-2013-0764"], "description": "Multiple memory corruptions, buffer overflows, privilege escalations, address spoofing, misissued certificate.", "edition": 1, "modified": "2013-01-10T00:00:00", "published": "2013-01-10T00:00:00", "id": "SECURITYVULNS:VULN:12816", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12816", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:41", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0743", "CVE-2013-0763", "CVE-2013-0746", "CVE-2012-5829", "CVE-2013-0766", "CVE-2013-0747", "CVE-2013-0751", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0768", "CVE-2013-0755", "CVE-2013-0752", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0771", "CVE-2013-0757", "CVE-2013-0749", "CVE-2013-0761", "CVE-2013-0745", "CVE-2013-0756", "CVE-2013-0760", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0770", "CVE-2013-0758", "CVE-2013-0764"], "description": "\nThe Mozilla Project reports:\n\nMFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/\n\t rv:10.0.12 / rv:17.0.2)\nMFSA 2013-02 Use-after-free and buffer overflow issues found using\n\t Address Sanitizer\nMFSA 2013-03 Buffer Overflow in Canvas\nMFSA 2013-04 URL spoofing in addressbar during page loads\nMFSA 2013-05 Use-after-free when displaying table with many\n\t columns and column groups\nMFSA 2013-06 Touch events are shared across iframes\nMFSA 2013-07 Crash due to handling of SSL on threads\nMFSA 2013-08 AutoWrapperChanger fails to keep objects alive during\n\t garbage collection\nMFSA 2013-09 Compartment mismatch with quickstubs returned values\nMFSA 2013-10 Event manipulation in plugin handler to bypass\n\t same-origin policy\nMFSA 2013-11 Address space layout leaked in XBL objects\nMFSA 2013-12 Buffer overflow in Javascript string concatenation\nMFSA 2013-13 Memory corruption in XBL with XML bindings containing\n\t SVG\nMFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing\n\t prototype\nMFSA 2013-15 Privilege escalation through plugin objects\nMFSA 2013-16 Use-after-free in serializeToStream\nMFSA 2013-17 Use-after-free in ListenerManager\nMFSA 2013-18 Use-after-free in Vibrate\nMFSA 2013-19 Use-after-free in Javascript Proxy objects\nMFSA 2013-20 Mis-issued TURKTRUST certificates\n\n", "edition": 4, "modified": "2013-01-08T00:00:00", "published": "2013-01-08T00:00:00", "id": "A4ED6632-5AA9-11E2-8FCB-C8600054B392", "href": "https://vuxml.freebsd.org/freebsd/a4ed6632-5aa9-11e2-8fcb-c8600054b392.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:05", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-0797", "CVE-2013-1671", "CVE-2013-1737", "CVE-2013-1709", "CVE-2013-1678", "CVE-2013-0763", "CVE-2013-0777", "CVE-2013-0765", "CVE-2013-0783", "CVE-2013-1670", "CVE-2013-1719", "CVE-2013-1725", "CVE-2013-1735", "CVE-2013-0746", "CVE-2013-0791", "CVE-2013-0766", "CVE-2013-1707", "CVE-2013-1697", "CVE-2013-1705", "CVE-2013-0787", "CVE-2013-0794", "CVE-2013-0747", "CVE-2013-1694", "CVE-2013-1680", "CVE-2013-1724", "CVE-2013-0751", "CVE-2013-0780", "CVE-2013-1732", "CVE-2013-0744", "CVE-2013-0795", "CVE-2013-1720", "CVE-2013-0748", "CVE-2013-1679", "CVE-2013-0778", "CVE-2013-0768", "CVE-2013-0755", "CVE-2013-0752", "CVE-2013-1702", "CVE-2013-0796", "CVE-2013-1723", "CVE-2013-0782", "CVE-2013-1726", "CVE-2013-0800", "CVE-2013-1681", "CVE-2013-0773", "CVE-2013-0754", "CVE-2013-1708", "CVE-2013-1738", "CVE-2013-1712", "CVE-2013-0788", "CVE-2013-1728", "CVE-2013-1730", "CVE-2013-0784", "CVE-2013-1690", "CVE-2013-0775", "CVE-2013-0801", "CVE-2013-1714", "CVE-2013-0769", "CVE-2013-1704", "CVE-2013-0771", "CVE-2013-0757", "CVE-2013-0749", "CVE-2013-0761", "CVE-2013-0779", "CVE-2013-1701", "CVE-2013-1684", "CVE-2013-1676", "CVE-2013-0789", "CVE-2013-0799", "CVE-2013-1675", "CVE-2013-0745", "CVE-2013-0756", "CVE-2013-0760", "CVE-2013-0767", "CVE-2013-1682", "CVE-2013-1674", "CVE-2013-0762", "CVE-2013-0792", "CVE-2013-1713", "CVE-2013-0774", "CVE-2013-0753", "CVE-2013-1736", "CVE-2013-0776", "CVE-2013-1718", "CVE-2013-1717", "CVE-2013-1693", "CVE-2013-0750", "CVE-2013-1677", "CVE-2013-0759", "CVE-2013-0770", "CVE-2013-0793", "CVE-2013-0781", "CVE-2013-0772", "CVE-2013-1722", "CVE-2013-1711", "CVE-2013-1710", "CVE-2013-0758", "CVE-2013-0764"], "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Further, a remote attacker could conduct XSS attacks, spoof URLs, bypass address space layout randomization, conduct clickjacking attacks, obtain potentially sensitive information, bypass access restrictions, modify the local filesystem, or conduct other unspecified attacks. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-17.0.9\"\n \n\nAll users of the Mozilla Firefox binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-17.0.9\"\n \n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-17.0.9\"\n \n\nAll users of the Mozilla Thunderbird binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-17.0.9\"\n \n\nAll SeaMonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.21\"\n \n\nAll users of the Mozilla SeaMonkey binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.21\"", "edition": 1, "modified": "2013-09-27T00:00:00", "published": "2013-09-27T00:00:00", "id": "GLSA-201309-23", "href": "https://security.gentoo.org/glsa/201309-23", "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
