Lucene search
This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-2716.NASLHistoryJun 29, 2013 - 12:00 a.m.
Debian DSA-2716-1 : iceweasel - several vulnerabilities
2013-06-2900:00:00
This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.13 Low
EPSS
Percentile
95.5%
Multiple security issues have been found in Iceweasel, Debian’s version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-free vulnerabilities, missing permission checks, incorrect memory handling and other implementation errors may lead to the execution of arbitrary code, privilege escalation, information disclosure or cross-site request forgery.
The Iceweasel version in the oldstable distribution (squeeze) is no longer supported with security updates.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-2716. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(67101);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/03/29");
script_cve_id(
"CVE-2013-1682",
"CVE-2013-1684",
"CVE-2013-1685",
"CVE-2013-1686",
"CVE-2013-1687",
"CVE-2013-1690",
"CVE-2013-1692",
"CVE-2013-1693",
"CVE-2013-1694",
"CVE-2013-1697"
);
script_xref(name:"DSA", value:"2716");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/04/18");
script_name(english:"Debian DSA-2716-1 : iceweasel - several vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security-related update.");
script_set_attribute(attribute:"description", value:
"Multiple security issues have been found in Iceweasel, Debian's
version of the Mozilla Firefox web browser: Multiple memory safety
errors, use-after-free vulnerabilities, missing permission checks,
incorrect memory handling and other implementation errors may lead to
the execution of arbitrary code, privilege escalation, information
disclosure or cross-site request forgery.
The Iceweasel version in the oldstable distribution (squeeze) is no
longer supported with security updates.");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/wheezy/iceweasel");
script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2013/dsa-2716");
script_set_attribute(attribute:"solution", value:
"Upgrade the iceweasel packages.
For the stable distribution (wheezy), these problems have been fixed
in version 17.0.7esr-1~deb7u1.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Firefox onreadystatechange Event DocumentViewerImpl Use After Free');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2013/06/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/29");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"7.0", prefix:"iceweasel", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-dbg", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-dev", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ach", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-af", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-all", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-an", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ar", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-as", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ast", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-be", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-bg", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-bn-bd", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-bn-in", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-br", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-bs", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ca", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-cs", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-csb", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-cy", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-da", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-de", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-el", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-en-gb", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-en-za", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-eo", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-es-ar", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-es-cl", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-es-es", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-es-mx", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-et", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-eu", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-fa", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ff", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-fi", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-fr", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-fy-nl", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ga-ie", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-gd", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-gl", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-gu-in", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-he", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-hi-in", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-hr", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-hsb", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-hu", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-hy-am", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-id", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-is", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-it", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ja", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-kk", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-km", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-kn", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ko", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ku", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-lij", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-lt", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-lv", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-mai", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-mk", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ml", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-mr", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ms", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-nb-no", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-nl", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-nn-no", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-or", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-pa-in", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-pl", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-pt-br", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-pt-pt", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-rm", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ro", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ru", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-si", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-sk", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-sl", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-son", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-sq", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-sr", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-sv-se", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ta", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-te", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-th", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-tr", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-uk", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-vi", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-xh", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-zh-cn", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-zh-tw", reference:"17.0.7esr-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceweasel-l10n-zu", reference:"17.0.7esr-1~deb7u1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | iceweasel | p-cpe:/a:debian:debian_linux:iceweasel |
| debian | debian_linux | 7.0 | cpe:/o:debian:debian_linux:7.0 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1682
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1684
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1685
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1686
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1687
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1692
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1693
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1694
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1697
packages.debian.org/source/wheezy/iceweasel
www.debian.org/security/2013/dsa-2716
Related
redhat
redhat
(RHSA-2013:0982) Important: thunderbird security update
2013-06-25 00:00:00
(RHSA-2013:0981) Critical: firefox security update
2013-06-25 00:00:00
nessus
nessus
openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:1141-1)
2014-06-13 00:00:00
RHEL 5 / 6 : thunderbird (RHSA-2013:0982)
2013-06-26 00:00:00
Firefox ESR 17.x < 17.0.7 Multiple Vulnerabilities
2013-06-26 00:00:00
openvas
openvas
Mozilla Thunderbird ESR Multiple Vulnerabilities - June 13 (Windows)
2013-06-26 00:00:00
Debian Security Advisory DSA 2716-1 (iceweasel - several vulnerabilities)
2013-06-26 00:00:00
CentOS Update for thunderbird CESA-2013:0982 centos6
2013-06-27 00:00:00
mageia
mageia
Updated Firefox and Thunderbird packages fix multiple vulnerabilities
2013-06-26 22:45:58
veracode
veracode
Use-After-Free
2019-05-02 04:45:43
Use-After-Free
2019-05-02 04:45:41
Arbitrary Code Execution
2019-05-02 04:45:45
oraclelinux
oraclelinux
thunderbird security update
2013-06-25 00:00:00
firefox security update
2013-06-25 00:00:00
suse
suse
MozillaThunderbird: 17.0.7 (important)
2013-07-04 12:04:15
xulrunner: 17.0.7esr (important)
2013-07-04 12:04:46
Security update for Mozilla Firefox (important)
2013-07-05 22:04:18
centos
centos
firefox, xulrunner security update
2013-06-26 02:19:59
thunderbird security update
2013-06-26 02:19:42
ubuntu
ubuntu
Thunderbird vulnerabilities
2013-06-26 00:00:00
Firefox vulnerabilities
2013-06-26 00:00:00
Firefox regression
2013-07-03 00:00:00
debian
debian
[SECURITY] [DSA 2720-1] icedove security update
2013-07-06 15:37:08
[SECURITY] [DSA 2716-1] iceweasel security update
2013-06-26 14:00:40
mozilla
mozilla
Memory corruption found using Address Sanitizer — Mozilla
2013-06-25 00:00:00
XrayWrappers can be bypassed to run user defined methods in a privileged context — Mozilla
2013-06-25 00:00:00
PreserveWrapper has inconsistent behavior — Mozilla
2013-06-25 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-07-01 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-06-25 00:00:00
ibm
ibm
nvd
nvd
cve
cve
ubuntucve
ubuntucve
cvelist
cvelist
prion
prion
Cross site request forgery (csrf)
2013-06-26 03:19:00
Design/Logic Flaw
2013-06-26 03:19:00
Design/Logic Flaw
2013-06-26 03:19:00
saint
saint
Mozilla Firefox onreadystatechange Event Use After Free
2013-08-22 00:00:00
Mozilla Firefox onreadystatechange Event Use After Free
2013-08-22 00:00:00
Mozilla Firefox onreadystatechange Event Use After Free
2013-08-22 00:00:00
attackerkb
attackerkb
CVE-2013-1690
2013-06-26 00:00:00
zdt
zdt
Firefox onreadystatechange Event DocumentViewerImpl Use After Free
2013-08-08 00:00:00
packetstorm
packetstorm
Firefox onreadystatechange Event DocumentViewerImpl Use After Free
2013-08-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox onreadystatechange Use After Free (CVE-2013-1690)
2013-09-01 00:00:00
seebug
seebug
Mozilla Firefox JavaScript远程代码执行漏洞
2013-08-11 00:00:00
cisa_kev
cisa_kev
Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability
2022-03-28 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.13 Low
EPSS
Percentile
95.5%
Related for DEBIAN_DSA-2716.NASL