FreeBSD : mozilla -- automated file upload (6e740881-0cae-11d9-8a8a-000c41e2cdad)

{"id": "FREEBSD_PKG_6E7408810CAE11D98A8A000C41E2CDAD.NASL", "bulletinFamily": "scanner", "title": "FreeBSD : mozilla -- automated file upload (6e740881-0cae-11d9-8a8a-000c41e2cdad)", "description": "A malicious web page can cause an automated file upload from the victim's machine when viewed with Mozilla with JavaScript enabled.\nThis is due to a bug permitting default values for type='file' <input> elements in certain situations.", "published": "2005-07-13T00:00:00", "modified": "2014-05-22T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=18977", "reporter": "Tenable", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=241924", "http://www.nessus.org/u?a90dbf98"], "cvelist": ["CVE-2004-0759"], "type": "nessus", "lastseen": "2016-09-26T17:24:23", "history": [], "edition": 1, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "35bc510f7bfba35142836e6d0bf5f947"}, {"key": "cvss", "hash": "74ae407306a397b0a0ad358180716883"}, {"key": "description", "hash": "8d0e76c67de6f3428f9bb0bfe6101540"}, {"key": "href", "hash": "f684b6ce816060e5a604716a69b28c97"}, {"key": "modified", "hash": "bfdd641b7110850b2b913732d1d9e8cf"}, {"key": "naslFamily", "hash": "fe45aa727b58c1249bf04cfb7b4e6ae0"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "pluginID", "hash": "0384d7e807a0f830fc34e813f66d0fa2"}, {"key": "published", "hash": "9024ab754ee339f101e22cbcc0c75129"}, {"key": "references", "hash": "7219fe598cf75cb360f5402dea3ae10c"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "23123eea43df0c949696fd9c6bb9e6d3"}, {"key": "title", "hash": "c236c60a7f6e5f31b1867abd3d3dd315"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "bed65f6456f097d0ecaae9725fca03b26d711c7d7498c78f5e6d453baf5af120", "viewCount": 0, "objectVersion": "1.2", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2014 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18977);\n script_version(\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2014/05/22 11:11:54 $\");\n\n script_cve_id(\"CVE-2004-0759\");\n\n script_name(english:\"FreeBSD : mozilla -- automated file upload (6e740881-0cae-11d9-8a8a-000c41e2cdad)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A malicious web page can cause an automated file upload from the\nvictim's machine when viewed with Mozilla with JavaScript enabled.\nThis is due to a bug permitting default values for type='file' <input>\nelements in certain situations.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=241924\"\n );\n # http://www.freebsd.org/ports/portaudit/6e740881-0cae-11d9-8a8a-000c41e2cdad.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a90dbf98\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mozilla-gtk1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mozilla>=1.7.a,2<1.7,2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mozilla>=1.8.a,2<1.8.a2,2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mozilla-gtk1>=1.7.a<1.7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "pluginID": "18977", "enchantments": {"vulnersScore": 6.4}}

{"result": {"cve": [{"id": "CVE-2004-0759", "type": "cve", "title": "CVE-2004-0759", "description": "Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an <input type=\"file\"> tag.", "published": "2004-08-18T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0759", "cvelist": ["CVE-2004-0759"], "lastseen": "2017-07-11T11:14:28"}], "openvas": [{"id": "OPENVAS:52378", "type": "openvas", "title": "FreeBSD Ports: mozilla", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=52378", "cvelist": ["CVE-2004-0759"], "lastseen": "2017-07-02T21:10:14"}, {"id": "OPENVAS:65531", "type": "openvas", "title": "SLES9: Security update for Mozilla", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-dom-inspector\n mozilla-venkman\n mozilla-mail\n mozilla\n mozilla-calendar\n mozilla-irc\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016546 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=65531", "cvelist": ["CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0760", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2017-07-26T08:55:11"}, {"id": "OPENVAS:53919", "type": "openvas", "title": "Slackware Advisory SSA:2004-223-01 Mozilla", "description": "The remote host is missing an update as announced\nvia advisory SSA:2004-223-01.", "published": "2012-09-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=53919", "cvelist": ["CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0599", "CVE-2004-0597", "CVE-2004-0760", "CVE-2004-0598", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2017-09-18T11:13:07"}], "freebsd": [{"id": "6E740881-0CAE-11D9-8A8A-000C41E2CDAD", "type": "freebsd", "title": "mozilla -- automated file upload", "description": "\nA malicious web page can cause an automated file upload\n\t from the victim's machine when viewed with Mozilla with\n\t Javascript enabled. This is due to a bug permitting\n\t default values for type=\"file\" <input> elements in\n\t certain situations.\n", "published": "2004-04-28T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://vuxml.freebsd.org/freebsd/6e740881-0cae-11d9-8a8a-000c41e2cdad.html", "cvelist": ["CVE-2004-0759"], "lastseen": "2016-09-26T17:25:21"}], "osvdb": [{"id": "OSVDB:8305", "type": "osvdb", "title": "Mozilla Browsers Arbitrary File Upload", "description": "## Vulnerability Description\nMozilla contains a flaw that may allow a malicious user to capture or upload a file from a users machine. The issue is triggered when a user loads a malicious web page which uses a specially crafted javascript. It is possible that the flaw may allow an attacker to retrieve files from known locations without the user being notified, resulting in a loss of confidentiality.\n## Solution Description\nUpgrade to version 1.7 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): disable javascript functionality.\n## Short Description\nMozilla contains a flaw that may allow a malicious user to capture or upload a file from a users machine. The issue is triggered when a user loads a malicious web page which uses a specially crafted javascript. It is possible that the flaw may allow an attacker to retrieve files from known locations without the user being notified, resulting in a loss of confidentiality.\n## References:\n[Vendor Specific Advisory URL](http://bugzilla.mozilla.org/show_bug.cgi?id=241924)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt)\n[Vendor Specific Advisory URL](http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7)\n[Secunia Advisory ID:15432](https://secuniaresearch.flexerasoftware.com/advisories/15432/)\n[Secunia Advisory ID:17645](https://secuniaresearch.flexerasoftware.com/advisories/17645/)\n[Secunia Advisory ID:12234](https://secuniaresearch.flexerasoftware.com/advisories/12234/)\n[Secunia Advisory ID:12283](https://secuniaresearch.flexerasoftware.com/advisories/12283/)\n[Secunia Advisory ID:10856](https://secuniaresearch.flexerasoftware.com/advisories/10856/)\n[Secunia Advisory ID:12747](https://secuniaresearch.flexerasoftware.com/advisories/12747/)\nRedHat RHSA: RHSA-2004:421-17\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:082\nOther Advisory URL: http://www.suse.de/de/security/2004_36_mozilla.html\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.25/SCOSA-2005.25.txt\nKeyword: SCOSA-2005.49\nISS X-Force ID: 16870\n[CVE-2004-0759](https://vulners.com/cve/CVE-2004-0759)\n", "published": "2004-08-03T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:8305", "cvelist": ["CVE-2004-0759"], "lastseen": "2017-04-28T13:20:03"}], "nessus": [{"id": "REDHAT-RHSA-2004-421.NASL", "type": "nessus", "title": "RHEL 2.1 / 3 : mozilla (RHSA-2004:421)", "description": "Updated mozilla packages based on version 1.4.3 that fix a number of security issues for Red Hat Enterprise Linux are now available.\n\nMozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.\n\nA number of flaws have been found in Mozilla 1.4 that have been fixed in the Mozilla 1.4.3 release :\n\nZen Parse reported improper input validation to the SOAPParameter object constructor leading to an integer overflow and controllable heap corruption. Malicious JavaScript could be written to utilize this flaw and could allow arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0722 to this issue.\n\nDuring a source code audit, Chris Evans discovered a buffer overflow and integer overflows which affect the libpng code inside Mozilla. An attacker could create a carefully crafted PNG file in such a way that it would cause Mozilla to crash or execute arbitrary code when the image was viewed. (CVE-2004-0597, CVE-2004-0599)\n\nZen Parse reported a flaw in the POP3 capability. A malicious POP3 server could send a carefully crafted response that would cause a heap overflow and potentially allow execution of arbitrary code as the user running Mozilla. (CVE-2004-0757)\n\nMarcel Boesch found a flaw that allows a CA certificate to be imported with a DN the same as that of the built-in CA root certificates, which can cause a denial of service to SSL pages, as the malicious certificate is treated as invalid. (CVE-2004-0758)\n\nMet - Martin Hassman reported a flaw in Mozilla that could allow malicious JavaScript code to upload local files from a users machine without requiring confirmation. (CVE-2004-0759)\n\nMindlock Security reported a flaw in ftp URI handling. By using a NULL character (%00) in a ftp URI, Mozilla can be confused into opening a resource as a different MIME type. (CVE-2004-0760)\n\nMozilla does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates website spoofing and other attacks, also known as the frame injection vulnerability. (CVE-2004-0718)\n\nTolga Tarhan reported a flaw that can allow a malicious webpage to use a redirect sequence to spoof the security lock icon that makes a webpage appear to be encrypted. (CVE-2004-0761)\n\nJesse Ruderman reported a security issue that affects a number of browsers including Mozilla that could allow malicious websites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box. (CVE-2004-0762)\n\nEmmanouel Kellinis discovered a caching flaw in Mozilla which allows malicious websites to spoof certificates of trusted websites via redirects and JavaScript that uses the 'onunload' method.\n(CVE-2004-0763)\n\nMozilla allowed malicious websites to hijack the user interface via the 'chrome' flag and XML User Interface Language (XUL) files.\n(CVE-2004-0764)\n\nThe cert_TestHostName function in Mozilla only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN). This flaw could be used for spoofing if an attacker had control of machines on a default DNS search path. (CVE-2004-0765)\n\nAll users are advised to update to these erratum packages which contain a snapshot of Mozilla 1.4.3 including backported fixes and are not vulnerable to these issues.", "published": "2004-08-05T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=14214", "cvelist": ["CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0599", "CVE-2004-0597", "CVE-2004-0760", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2016-12-29T02:16:36"}, {"id": "MANDRAKE_MDKSA-2004-082.NASL", "type": "nessus", "title": "Mandrake Linux Security Advisory : mozilla (MDKSA-2004:082)", "description": "A number of security vulnerabilities in mozilla are addressed by this update for Mandrakelinux 10.0 users, including a fix for frame spoofing, a fixed popup XPInstall/security dialog bug, a fix for untrusted chrome calls, a fix for SSL certificate spoofing, a fix for stealing secure HTTP Auth passwords via DNS spoofing, a fix for insecure matching of cert names for non-FQDNs, a fix for focus redefinition from another domain, a fix for a SOAP parameter overflow, a fix for text drag on file entry, a fix for certificate DoS, and a fix for lock icon and cert spoofing.\n\nAdditionally, mozilla for both Mandrakelinux 9.2 and 10.0 have been rebuilt to use the system libjpeg and libpng which addresses vulnerabilities discovered in libpng (ref: MDKSA-2004:079).", "published": "2004-08-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=14331", "cvelist": ["CVE-2004-0765", "CVE-2004-0779", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0718", "CVE-2005-1937", "CVE-2004-1449", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0599", "CVE-2004-0597", "CVE-2004-0760", "CVE-2004-0598", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2016-09-26T17:25:07"}, {"id": "SLACKWARE_SSA_2004-223-01.NASL", "type": "nessus", "title": "Slackware 10.0 / 9.1 / current : Mozilla (SSA:2004-223-01)", "description": "New Mozilla packages are available for Slackware 9.1, 10.0, and\n-current to fix a number of security issues. Slackware 10.0 and\n-current were upgraded to Mozilla 1.7.2, and Slackware 9.1 was upgraded to Mozilla 1.4.3. As usual, new versions of Mozilla require new versions of things that link with the Mozilla libraries, so for Slackware 10.0 and -current new versions of epiphany, galeon, gaim, and mozilla-plugins have also been provided. There don't appear to be epiphany and galeon versions that are compatible with Mozilla 1.4.3 and the GNOME in Slackware 9.1, so these are not provided and Epiphany and Galeon will be broken on Slackware 9.1 if the new Mozilla package is installed. Furthermore, earlier versions of Mozilla (such as the 1.3 series) were not fixed upstream, so versions of Slackware earlier than 9.1 will remain vulnerable to these browser issues. If you still use Slackware 9.0 or earlier, you may want to consider removing Mozilla or upgrading to a newer version.", "published": "2005-07-13T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=18794", "cvelist": ["CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0599", "CVE-2004-0597", "CVE-2004-0760", "CVE-2004-0598", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2016-09-26T17:23:11"}], "redhat": [{"id": "RHSA-2004:421", "type": "redhat", "title": "(RHSA-2004:421) mozilla security update", "description": "Mozilla is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nA number of flaws have been found in Mozilla 1.4 that have been fixed in\nthe Mozilla 1.4.3 release: \n\nZen Parse reported improper input validation to the SOAPParameter object\nconstructor leading to an integer overflow and controllable heap\ncorruption. Malicious JavaScript could be written to utilize this flaw and\ncould allow arbitrary code execution. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0722 to\nthis issue.\n\nDuring a source code audit, Chris Evans discovered a buffer overflow and\ninteger overflows which affect the libpng code inside Mozilla. An attacker\ncould create a carefully crafted PNG file in such a way that it would cause\nMozilla to crash or execute arbitrary code when the image was viewed.\n(CAN-2004-0597, CAN-2004-0599)\n\nZen Parse reported a flaw in the POP3 capability. A malicious POP3 server\ncould send a carefully crafted response that would cause a heap overflow\nand potentially allow execution of arbitrary code as the user running\nMozilla. (CAN-2004-0757)\n\nMarcel Boesch found a flaw that allows a CA certificate to be imported with\na DN the same as that of the built-in CA root certificates, which can cause\na denial of service to SSL pages, as the malicious certificate is treated\nas invalid. (CAN-2004-0758)\n\nMet - Martin Hassman reported a flaw in Mozilla that could allow malicious\nJavascript code to upload local files from a users machine without\nrequiring confirmation. (CAN-2004-0759)\n\nMindlock Security reported a flaw in ftp URI handling. By using a NULL\ncharacter (%00) in a ftp URI, Mozilla can be confused into opening a\nresource as a different MIME type. (CAN-2004-0760)\n\nMozilla does not properly prevent a frame in one domain from injecting\ncontent into a frame that belongs to another domain, which facilitates\nwebsite spoofing and other attacks, also known as the frame injection\nvulnerability. (CAN-2004-0718)\n\nTolga Tarhan reported a flaw that can allow a malicious webpage to use a\nredirect sequence to spoof the security lock icon that makes a webpage\nappear to be encrypted. (CAN-2004-0761)\n\nJesse Ruderman reported a security issue that affects a number of browsers\nincluding Mozilla that could allow malicious websites to install arbitrary\nextensions by using interactive events to manipulate the XPInstall Security\ndialog box. (CAN-2004-0762)\n\nEmmanouel Kellinis discovered a caching flaw in Mozilla which allows\nmalicious websites to spoof certificates of trusted websites via\nredirects and Javascript that uses the \"onunload\" method. (CAN-2004-0763)\n\nMozilla allowed malicious websites to hijack the user interface via the\n\"chrome\" flag and XML User Interface Language (XUL) files. (CAN-2004-0764)\n\nThe cert_TestHostName function in Mozilla only checks the hostname portion\nof a certificate when the hostname portion of the URI is not a fully\nqualified domain name (FQDN). This flaw could be used for spoofing if an\nattacker had control of machines on a default DNS search path. (CAN-2004-0765)\n\nAll users are advised to update to these erratum packages which contain a\nsnapshot of Mozilla 1.4.3 including backported fixes and are not vulnerable\nto these issues.", "published": "2004-08-04T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2004:421", "cvelist": ["CVE-2004-0597", "CVE-2004-0599", "CVE-2004-0718", "CVE-2004-0722", "CVE-2004-0757", "CVE-2004-0758", "CVE-2004-0759", "CVE-2004-0760", "CVE-2004-0761", "CVE-2004-0762", "CVE-2004-0763", "CVE-2004-0764", "CVE-2004-0765"], "lastseen": "2017-08-02T22:58:23"}], "slackware": [{"id": "SSA-2004-223-01", "type": "slackware", "title": "Mozilla", "description": "New Mozilla packages are available for Slackware 9.1, 10.0, and -current\nto fix a number of security issues. Slackware 10.0 and -current were\nupgraded to Mozilla 1.7.2, and Slackware 9.1 was upgraded to Mozilla 1.4.3.\nAs usual, new versions of Mozilla require new versions of things that link\nwith the Mozilla libraries, so for Slackware 10.0 and -current new versions\nof epiphany, galeon, gaim, and mozilla-plugins have also been provided.\nThere don't appear to be epiphany and galeon versions that are compatible\nwith Mozilla 1.4.3 and the GNOME in Slackware 9.1, so these are not\nprovided and Epiphany and Galeon will be broken on Slackware 9.1 if the\nnew Mozilla package is installed. Furthermore, earlier versions of\nMozilla (such as the 1.3 series) were not fixed upstream, so versions\nof Slackware earlier than 9.1 will remain vulnerable to these browser\nissues. If you still use Slackware 9.0 or earlier, you may want to\nconsider removing Mozilla or upgrading to a newer version.\n\nMore details about these issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n Issues fixed in Mozilla 1.7.2:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0763\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0758\n\n Issues fixed in Mozilla 1.4.3:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0718\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0722\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0757\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0758\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0759\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0760\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0761\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0762\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0763\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0764\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0765\n\n\nHere are the details from the Slackware 10.0 ChangeLog:\n\nMon Aug 9 01:56:43 PDT 2004\npatches/packages/epiphany-1.2.7-i486-1.tgz: Upgraded to epiphany-1.2.7.\n (compiled against Mozilla 1.7.2)\npatches/packages/gaim-0.81-i486-1.tgz: Upgraded to gaim-0.81.\n (compiled against Mozilla 1.7.2)\npatches/packages/galeon-1.3.17-i486-1.tgz: Upgraded to galeon-1.3.17.\n (compiled against Mozilla 1.7.2)\npatches/packages/mozilla-1.7.2-i486-1.tgz: Upgraded to Mozilla 1.7.2. This\n fixes three security vulnerabilities. For details, see:\n http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.2\n (* Security fix *)\npatches/packages/mozilla-plugins-1.7.2-noarch-1.tgz: Changed plugin symlinks\n for Mozilla 1.7.2.\n\nWhere to find the new packages:\n\nUpdated packages for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mozilla-1.4.3-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mozilla-plugins-1.4.3-noarch-1.tgz\n\nUpdated packages for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mozilla-1.7.2-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mozilla-plugins-1.7.2-noarch-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/epiphany-1.2.7-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gaim-0.81-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/galeon-1.3.17-i486-1.tgz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-1.7.2-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-plugins-1.7.2-noarch-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/gnome/epiphany-1.2.7-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/gnome/galeon-1.3.17-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/gaim-0.81-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 9.1 packages:\n29515193166b9b618be405a71b5e9a59 mozilla-1.4.3-i486-1.tgz\n49d537be814de72a3d62a5cc9f6e3b15 mozilla-plugins-1.4.3-noarch-1.tgz\n\nSlackware 10.0 packages:\n612a65758f03fe08a44e004b1ae92d70 mozilla-1.7.2-i486-1.tgz\n55da20d3c7acdd50a3b4abfe12191069 mozilla-plugins-1.7.2-noarch-1.tgz\n86034039fbf6b52584e05701a0598ca4 epiphany-1.2.7-i486-1.tgz\nc3f238fdba8684948d8817d7cf0db567 gaim-0.81-i486-1.tgz\n0e8393b8f1b992dc7804fe925a839755 galeon-1.3.17-i486-1.tgz\n\nSlackware -current packages:\n612a65758f03fe08a44e004b1ae92d70 mozilla-1.7.2-i486-1.tgz\n55da20d3c7acdd50a3b4abfe12191069 mozilla-plugins-1.7.2-noarch-1.tgz\n86034039fbf6b52584e05701a0598ca4 epiphany-1.2.7-i486-1.tgz\n0e8393b8f1b992dc7804fe925a839755 galeon-1.3.17-i486-1.tgz\nddb7281b985c6b7efb20afc69e5c2ffb gaim-0.81-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg mozilla-1.7.2-i486-1.tgz \\\n mozilla-plugins-1.7.2-noarch-1.tgz \\\n epiphany-1.2.7-i486-1.tgz \\\n gaim-0.81-i486-1.tgz \\\n galeon-1.3.17-i486-1.tgz", "published": "2004-08-10T14:17:12", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.667659", "cvelist": ["CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0599", "CVE-2004-0597", "CVE-2004-0760", "CVE-2004-0598", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2016-09-07T19:54:47"}], "suse": [{"id": "SUSE-SA:2004:036", "type": "suse", "title": "various vulnerabilities in mozilla", "description": "During the last months a number of security problems have been fixed in Mozilla and Mozilla based brwosers. These include:\n#### Solution\nSince there is no workaround, we recommend an update in any case if you use the mozilla browser.", "published": "2004-10-06T13:11:21", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2004-10/msg00006.html", "cvelist": ["CVE-2004-0909", "CVE-2004-0765", "CVE-2004-0906", "CVE-2004-0905", "CVE-2004-0903", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0908", "CVE-2004-0902", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0760", "CVE-2004-0904", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2016-04-13T01:00:44"}, {"id": "SUSE-SA:2004:030", "type": "suse", "title": "remote DoS condition in apache2", "description": "The mod_ssl apache module, as part of our apache2 package, enables the apache webserver to handle the HTTPS protocol. Within the mod_ssl module, two Denial of Service conditions in the input filter have been found. The CVE project assigned the identifiers CAN-2004-0748 and CAN-2004-0751 to these issues.\n#### Solution\nAs temporary workaround you may disable the mod_ssl module in your apache configuration and restart the apache process without SSL support.", "published": "2004-09-06T13:51:41", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2004-09/msg00009.html", "cvelist": ["CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0718", "CVE-2004-0748", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0597", "CVE-2004-0760", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0751", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2016-09-04T12:45:49"}, {"id": "SUSE-SA:2004:031", "type": "suse", "title": "remote code execution in cups", "description": "The Common Unix Printing System (CUPS) enables local and remote users to obtain printing functionallity via the Internet Printing Protocol (IPP). Alvaro Martinez Echevarria has found a remote Denial of Service condition within CUPS which allows remote users to make the cups server unresponsive. Additionally the SUSE Security Team has discovered a flaw in the foomatic-rip print filter which is commonly installed along with cups. It allows remote attackers, which are listed in the printing ACLs, to execute arbitrary commands as the printing user 'lp'.\n#### Solution\nIf you use CUPS, we recommend an update in any case. Additionally the IPP port (TCP port 631) should be firewalled and the printing ACLs should be set up in a way to reflect the local security policy.", "published": "2004-09-15T14:45:26", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2004-09/msg00010.html", "cvelist": ["CVE-2004-0558", "CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0827", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0805", "CVE-2004-0801", "CVE-2004-0597", "CVE-2004-0760", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2016-09-04T11:41:56"}, {"id": "SUSE-SA:2004:035", "type": "suse", "title": "remote file disclosure in samba", "description": "The Samba server, which allows to share files and resources via the SMB/CIFS protocol, contains a bug in the sanitation code of path names which allows remote attackers to access files outside of the defined share. In order to access these files, they must be readable by the account used for the SMB session. CAN-2004-0815 has been assigned to this issue.\n#### Solution\nAs a temporary workaround you can set the wide links = no option in smb.conf and restart the samba server. However an update is recommended nevertheless.", "published": "2004-10-05T14:57:32", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2004-10/msg00005.html", "cvelist": ["CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0691", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0815", "CVE-2004-0757", "CVE-2004-0599", "CVE-2004-0746", "CVE-2004-0597", "CVE-2004-0760", "CVE-2004-0598", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2016-09-04T12:10:59"}, {"id": "SUSE-SA:2004:034", "type": "suse", "title": "remote command execution in XFree86-libs, xshared", "description": "Chris Evans reported three vulnerabilities in libXpm which can be exploited remotely by providing malformed XPM image files. The function xpmParseColors() is vulnerable to an integer overflow and a stack-based buffer overflow. The functions ParseAndPutPixels() as well as ParsePixels() is vulnerable to a stack-based buffer overflow too. Additionally Matthieu Herrb found two one-byte buffer overflows.\n#### Solution\nThere is no workaround known.", "published": "2004-09-17T13:37:17", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2004-09/msg00013.html", "cvelist": ["CVE-2004-0688", "CVE-2004-0765", "CVE-2004-1170", "CVE-2004-0687", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0784", "CVE-2004-0807", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0494", "CVE-2004-0808", "CVE-2004-0597", "CVE-2004-0722", "CVE-2004-0832", "CVE-2004-0785", "CVE-2004-0759", "CVE-2004-0754", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2016-09-04T12:19:39"}, {"id": "SUSE-SA:2004:033", "type": "suse", "title": "remote code execution in gtk2, gdk-pixbuf", "description": "gdk-pixbuf is an image loading and rendering library mostly used by GTK and GNOME applications. It is distributed as a separate package for gtk1 and integrated into the gtk2 package. Chris Evans has discovered a heap based, a stack based and an integer overflow in the XPM and ICO loaders of those libraries. The overflows can be exploited by tricking an application to display a malformed image to make it crash or to execute code.\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2004-09-17T10:02:50", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2004-09/msg00012.html", "cvelist": ["CVE-2004-0788", "CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0784", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0494", "CVE-2004-0782", "CVE-2004-0783", "CVE-2004-0597", "CVE-2004-0722", "CVE-2004-0832", "CVE-2004-0785", "CVE-2004-0759", "CVE-2004-0754", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2016-09-04T12:19:06"}, {"id": "SUSE-SA:2004:032", "type": "suse", "title": "remote denial-of-service in apache2", "description": "The Apache daemon is running on most of the web-servers used in the Internet today. The Red Hat ASF Security-Team and the Swedish IT Incident Center within the National Post and Telecom Agency (SITIC) have found a bug in apache2 each. The first vulnerability appears in the apr_uri_parse() function while handling IPv6 addresses. The affected code passes a negative length argument to the memcpy() function. On BSD systems this can lead to remote command execution due to the nature of the memcpy() implementation. On Linux this bug will result in a remote denial-of-service condition. The second bug is a local buffer overflow that occurs while expanding ${ENVVAR} in the .htaccess and httpd.conf file. Both files are not writeable by normal user by default.\n#### Solution\nThere is no known workaround.", "published": "2004-09-15T15:46:39", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2004-09/msg00011.html", "cvelist": ["CVE-2004-0788", "CVE-2004-0786", "CVE-2004-0765", "CVE-2004-0747", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0784", "CVE-2004-0807", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0494", "CVE-2004-0808", "CVE-2004-0782", "CVE-2004-0783", "CVE-2004-0597", "CVE-2004-0722", "CVE-2004-0832", "CVE-2004-0785", "CVE-2004-0759", "CVE-2004-0754", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2016-09-04T11:57:20"}]}}