GLSA-200606-12 : Mozilla Firefox: Multiple vulnerabilities

2006-06-1600:00:00

www.tenable.com

The remote host is affected by the vulnerability described in GLSA-200606-12 (Mozilla Firefox: Multiple vulnerabilities)

A number of vulnerabilities were found and fixed in Mozilla     Firefox. For details please consult the references below.

Impact :

By enticing the user to visit a malicious website, a remote     attacker can inject arbitrary HTML and JavaScript Code into the user's     browser, execute JavaScript code with elevated privileges and possibly     execute arbitrary code with the permissions of the user running the     application.

Workaround :

There is no known workaround at this time.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200606-12.
#
# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(21705);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2006-2775", "CVE-2006-2776", "CVE-2006-2777", "CVE-2006-2778", "CVE-2006-2779", "CVE-2006-2780", "CVE-2006-2782", "CVE-2006-2783", "CVE-2006-2784", "CVE-2006-2785", "CVE-2006-2786", "CVE-2006-2787");
  script_xref(name:"GLSA", value:"200606-12");

  script_name(english:"GLSA-200606-12 : Mozilla Firefox: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200606-12
(Mozilla Firefox: Multiple vulnerabilities)

    A number of vulnerabilities were found and fixed in Mozilla
    Firefox. For details please consult the references below.
  
Impact :

    By enticing the user to visit a malicious website, a remote
    attacker can inject arbitrary HTML and JavaScript Code into the user's
    browser, execute JavaScript code with elevated privileges and possibly
    execute arbitrary code with the permissions of the user running the
    application.
  
Workaround :

    There is no known workaround at this time."
  );
  # http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?9101c648"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200606-12"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All Mozilla Firefox users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-1.5.0.4'
    All Mozilla Firefox binary users should upgrade to the latest
    version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-bin-1.5.0.4'
    Note: There is no stable fixed version for the Alpha
    architecture yet. Users of Mozilla Firefox on Alpha should consider
    unmerging it until such a version is available."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_cwe_id(20, 94);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-firefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-firefox-bin");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/06/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/06/16");
  script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"www-client/mozilla-firefox-bin", unaffected:make_list("ge 1.5.0.4"), vulnerable:make_list("lt 1.5.0.4"))) flag++;
if (qpkg_check(package:"www-client/mozilla-firefox", unaffected:make_list("ge 1.5.0.4"), vulnerable:make_list("lt 1.5.0.4"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla Firefox");
}

VendorProductVersionCPE
gentoolinuxmozilla-firefoxp-cpe:/a:gentoo:linux:mozilla-firefox
gentoolinuxmozilla-firefox-binp-cpe:/a:gentoo:linux:mozilla-firefox-bin
gentoolinuxcpe:/o:gentoo:linux

Vendor	Product	Version	CPE
gentoo	linux	mozilla-firefox	p-cpe:/a:gentoo:linux:mozilla-firefox
gentoo	linux	mozilla-firefox-bin	p-cpe:/a:gentoo:linux:mozilla-firefox-bin
gentoo	linux		cpe:/o:gentoo:linux