GLSA-200612-07 : Mozilla Firefox: Multiple vulnerabilities

2006-12-14T00:00:00
ID GENTOO_GLSA-200612-07.NASL
Type nessus
Reporter This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.
Modified 2021-01-06T00:00:00

Description

The remote host is affected by the vulnerability described in GLSA-200612-07 (Mozilla Firefox: Multiple vulnerabilities)

Mozilla Firefox improperly handles Script objects while they are being     executed. Mozilla Firefox has also been found to be vulnerable to     various possible buffer overflows. Lastly, the binary release of     Mozilla Firefox is vulnerable to a low exponent RSA signature forgery     issue because it is bundled with a vulnerable version of NSS.

Impact :

An attacker could entice a user to view specially crafted JavaScript     and execute arbitrary code with the rights of the user running Mozilla     Firefox. An attacker could also entice a user to view a specially     crafted web page that causes a buffer overflow and again executes     arbitrary code. It is also possible for an attacker to make up SSL/TLS     certificates that would not be detected as invalid by the binary     release of Mozilla Firefox, raising the possibility for     Man-in-the-Middle attacks.

Workaround :

There is no known workaround at this time.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200612-07.
#
# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(23859);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2006-5462", "CVE-2006-5463", "CVE-2006-5464", "CVE-2006-5747", "CVE-2006-5748");
  script_bugtraq_id(19849);
  script_xref(name:"GLSA", value:"200612-07");

  script_name(english:"GLSA-200612-07 : Mozilla Firefox: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200612-07
(Mozilla Firefox: Multiple vulnerabilities)

    Mozilla Firefox improperly handles Script objects while they are being
    executed. Mozilla Firefox has also been found to be vulnerable to
    various possible buffer overflows. Lastly, the binary release of
    Mozilla Firefox is vulnerable to a low exponent RSA signature forgery
    issue because it is bundled with a vulnerable version of NSS.
  
Impact :

    An attacker could entice a user to view specially crafted JavaScript
    and execute arbitrary code with the rights of the user running Mozilla
    Firefox. An attacker could also entice a user to view a specially
    crafted web page that causes a buffer overflow and again executes
    arbitrary code. It is also possible for an attacker to make up SSL/TLS
    certificates that would not be detected as invalid by the binary
    release of Mozilla Firefox, raising the possibility for
    Man-in-the-Middle attacks.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200612-07"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All Mozilla Firefox users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-1.5.0.8'
    All Mozilla Firefox binary release users should upgrade to the latest
    version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-bin-1.5.0.8'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-firefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-firefox-bin");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/12/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/14");
  script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/14");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"www-client/mozilla-firefox-bin", unaffected:make_list("ge 1.5.0.8"), vulnerable:make_list("lt 1.5.0.8"))) flag++;
if (qpkg_check(package:"www-client/mozilla-firefox", unaffected:make_list("ge 1.5.0.8"), vulnerable:make_list("lt 1.5.0.8"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla Firefox");
}