Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FREEBSD_PKG_2B8CAD90F28911E1A21514DAE9EBCF89.NASL
HistoryAug 31, 2012 - 12:00 a.m.

FreeBSD : mozilla -- multiple vulnerabilities (2b8cad90-f289-11e1-a215-14dae9ebcf89)

2012-08-3100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
JSON

The Mozilla Project reports :

MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)

MFSA 2012-58 Use-after-free issues found using Address Sanitizer

MFSA 2012-59 Location object can be shadowed using Object.defineProperty

MFSA 2012-60 Escalation of privilege through about:newtab

MFSA 2012-61 Memory corruption with bitmap format images with negative height

MFSA 2012-62 WebGL use-after-free and memory corruption

MFSA 2012-63 SVG buffer overflow and use-after-free issues

MFSA 2012-64 Graphite 2 memory corruption

MFSA 2012-65 Out-of-bounds read in format-number in XSLT

MFSA 2012-66 HTTPMonitor extension allows for remote debugging without explicit activation

MFSA 2012-67 Installer will launch incorrect executable following new installation

MFSA 2012-68 DOMParser loads linked resources in extensions when parsing text/html

MFSA 2012-69 Incorrect site SSL certificate data display

MFSA 2012-70 Location object security checks bypassed by chrome code

MFSA 2012-71 Insecure use of __android_log_print

MFSA 2012-72 Web console eval capable of executing chrome-privileged code

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2019 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
#    copyright notice, this list of conditions and the following
#    disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
#    published online in any format, converted to PDF, PostScript,
#    RTF and other formats) must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer
#    in the documentation and/or other materials provided with the
#    distribution.
# 
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(61741);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2012-1956", "CVE-2012-1970", "CVE-2012-1971", "CVE-2012-1972", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-1975", "CVE-2012-1976", "CVE-2012-3956", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-3959", "CVE-2012-3960", "CVE-2012-3961", "CVE-2012-3962", "CVE-2012-3963", "CVE-2012-3964", "CVE-2012-3965", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3968", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3971", "CVE-2012-3972", "CVE-2012-3973", "CVE-2012-3974", "CVE-2012-3975", "CVE-2012-3976", "CVE-2012-3978", "CVE-2012-3979", "CVE-2012-3980");

  script_name(english:"FreeBSD : mozilla -- multiple vulnerabilities (2b8cad90-f289-11e1-a215-14dae9ebcf89)");
  script_summary(english:"Checks for updated packages in pkg_info output");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote FreeBSD host is missing one or more security-related
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The Mozilla Project reports :

MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)

MFSA 2012-58 Use-after-free issues found using Address Sanitizer

MFSA 2012-59 Location object can be shadowed using
Object.defineProperty

MFSA 2012-60 Escalation of privilege through about:newtab

MFSA 2012-61 Memory corruption with bitmap format images with negative
height

MFSA 2012-62 WebGL use-after-free and memory corruption

MFSA 2012-63 SVG buffer overflow and use-after-free issues

MFSA 2012-64 Graphite 2 memory corruption

MFSA 2012-65 Out-of-bounds read in format-number in XSLT

MFSA 2012-66 HTTPMonitor extension allows for remote debugging without
explicit activation

MFSA 2012-67 Installer will launch incorrect executable following new
installation

MFSA 2012-68 DOMParser loads linked resources in extensions when
parsing text/html

MFSA 2012-69 Incorrect site SSL certificate data display

MFSA 2012-70 Location object security checks bypassed by chrome code

MFSA 2012-71 Insecure use of __android_log_print

MFSA 2012-72 Web console eval capable of executing chrome-privileged
code"
  );
  # http://www.mozilla.org/security/known-vulnerabilities/
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/known-vulnerabilities/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-57.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-57/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-58.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-59.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-59/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-60.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-60/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-61.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-61/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-62.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-62/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-63.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-63/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-64.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-64/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-65.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-65/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-66.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-66/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-67.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-67/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-68.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-68/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-69.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-69/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-70.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-70/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-71.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-71/"
  );
  # http://www.mozilla.org/security/announce/2012/mfsa2012-72.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-72/"
  );
  # https://vuxml.freebsd.org/freebsd/2b8cad90-f289-11e1-a215-14dae9ebcf89.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?266b99d3"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:firefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:libxul");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-firefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-seamonkey");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-thunderbird");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:seamonkey");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:thunderbird");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/08/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/31");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"FreeBSD Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");

  exit(0);
}


include("audit.inc");
include("freebsd_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (pkg_test(save_report:TRUE, pkg:"firefox>11.0,1<15.0,1")) flag++;
if (pkg_test(save_report:TRUE, pkg:"firefox<10.0.7,1")) flag++;
if (pkg_test(save_report:TRUE, pkg:"linux-firefox<10.0.7,1")) flag++;
if (pkg_test(save_report:TRUE, pkg:"linux-seamonkey<2.12")) flag++;
if (pkg_test(save_report:TRUE, pkg:"linux-thunderbird<10.0.7")) flag++;
if (pkg_test(save_report:TRUE, pkg:"seamonkey<2.12")) flag++;
if (pkg_test(save_report:TRUE, pkg:"thunderbird>11.0<15.0")) flag++;
if (pkg_test(save_report:TRUE, pkg:"thunderbird<10.0.7")) flag++;
if (pkg_test(save_report:TRUE, pkg:"libxul>1.9.2.*<10.0.7")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
freebsdfreebsdfirefoxp-cpe:/a:freebsd:freebsd:firefox
freebsdfreebsdlibxulp-cpe:/a:freebsd:freebsd:libxul
freebsdfreebsdlinux-firefoxp-cpe:/a:freebsd:freebsd:linux-firefox
freebsdfreebsdlinux-seamonkeyp-cpe:/a:freebsd:freebsd:linux-seamonkey
freebsdfreebsdlinux-thunderbirdp-cpe:/a:freebsd:freebsd:linux-thunderbird
freebsdfreebsdseamonkeyp-cpe:/a:freebsd:freebsd:seamonkey
freebsdfreebsdthunderbirdp-cpe:/a:freebsd:freebsd:thunderbird
freebsdfreebsdcpe:/o:freebsd:freebsd

References

Related

suse 4
nessus 37
openvas 60
ubuntu 4
securityvulns 1
veracode 20
redhat 2
freebsd 1
oraclelinux 2
centos 2
mozilla 12
osv 3
debian 3
ibm 2
prion 15
cve 15
ubuntucve 14
seebug 2
suse
suse
MozillaFirefox: Update to version 15 (critical)
2012-08-30 12:09:32
MozillaFirefox: Update to version 15 (critical)
2012-08-30 12:09:15
Security update for Mozilla Firefox (important)
2012-09-14 02:08:30
nessus
nessus
openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:1065-1)
2014-06-13 00:00:00
Mandriva Linux Security Advisory : firefox (MDVSA-2012:145)
2012-09-06 00:00:00
Thunderbird < 15.0 Multiple Vulnerabilities (Mac OS X)
2012-08-29 00:00:00
openvas
openvas
openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2012:1065-1)
2013-03-11 00:00:00
SuSE Update for MozillaFirefox openSUSE-SU-2012:1064-1 (MozillaFirefox)
2012-12-13 00:00:00
Mandriva Update for firefox MDVSA-2012:145 (firefox)
2012-08-30 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2012-08-29 00:00:00
Firefox regression
2012-09-11 00:00:00
Thunderbird regressions
2012-09-28 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-09-18 00:00:00
veracode
veracode
Memory Corruption
2019-05-02 04:42:51
Arbitrary Code Execution
2019-05-02 04:42:54
Memory Corruption
2019-05-02 04:42:53
redhat
redhat
(RHSA-2012:1211) Critical: thunderbird security update
2012-08-29 00:00:00
(RHSA-2012:1210) Critical: firefox security update
2012-08-29 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-08-28 00:00:00
oraclelinux
oraclelinux
firefox security update
2012-08-29 00:00:00
thunderbird security update
2012-08-29 00:00:00
centos
centos
thunderbird security update
2012-08-29 12:53:01
firefox, xulrunner security update
2012-08-29 12:43:30
mozilla
mozilla
Use-after-free issues found using Address Sanitizer β€” Mozilla
2012-08-28 00:00:00
Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7) β€” Mozilla
2012-08-28 00:00:00
WebGL use-after-free and memory corruption β€” Mozilla
2012-08-28 00:00:00
osv
osv
iceweasel - several
2012-09-24 00:00:00
icedove - several
2012-10-07 00:00:00
iceape - several
2012-09-26 00:00:00
debian
debian
[SECURITY] [DSA 2556-1] icedove security update
2012-10-07 13:13:58
[SECURITY] [DSA 2553-1] iceweasel security update
2012-09-24 17:18:25
[SECURITY] [DSA 2554-1] iceape security update
2012-09-26 19:00:31
ibm
ibm
Security Bulletin: Storwize V7000 Unified V1.4.1.0 Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
prion
prion
Code injection
2012-08-29 10:56:00
Code injection
2012-08-29 10:56:00
Code injection
2012-08-29 10:56:00
cve
cve
CVE-2012-3973
2012-08-29 10:56:00
CVE-2012-3965
2012-08-29 10:56:00
CVE-2012-3971
2012-08-29 10:56:00
ubuntucve
ubuntucve
CVE-2012-3965
2012-08-29 00:00:00
CVE-2012-3975
2012-08-29 00:00:00
CVE-2012-3971
2012-08-29 00:00:00
seebug
seebug
Mozilla Firefox about:newtabζƒι™ζε‡ζΌζ΄ž
2012-08-30 00:00:00
Mozilla Firefox/Thunderbird/SeaMonkeyζœ¬εœ°δ»£η ζ‰§θ‘ŒζΌζ΄ž
2012-09-04 00:00:00
JSON
Related for FREEBSD_PKG_2B8CAD90F28911E1A21514DAE9EBCF89.NASL
suse4nessus37openvas60ubuntu4securityvulns1veracode20redhat2freebsd1oraclelinux2centos2mozilla12osv3debian3ibm2prion15cve15ubuntucve14seebug2