CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.5%
The installed version of Firefox is earlier than 10.0.4 and thus, is potentially affected by the following security issues :
An off-by-one error exists in the βOpenType Sanitizerβ which can lead to out-bounds-reads and possible code execution. (CVE-2011-3062)
Memory safety issues exist that could lead to arbitrary code execution. (CVE-2012-0467)
A use-after-free error exists related to βIDBKeyRangeβ of βindexedDBβ. (CVE-2012-0469)
Heap-corruption errors exist related to βgfxImageSurfaceβ which can lead to possible code execution. (CVE-2012-0470)
A multi-octet encoding issue exists that could allow cross-site scripting attacks as certain octets in multibyte character sets can destroy following octets.
(CVE-2012-0471)
An error exists in βWebGLBufferβ that can lead to the reading of illegal video memory. (CVE-2012-0473)
An unspecified error can allow URL bar spoofing.
(CVE-2012-0474)
A decoding issue exists related to βISO-2022-KRβ and βISO-2022-CNβ character sets which can lead to cross- site scripting attacks. (CVE-2012-0477)
An error exists related to βWebGLβ and βtexImage2Dβ that can allow application crashes and possibly code execution when βJSVAL_TO_OBJECTβ is used on ordinary objects. (CVE-2012-0478)
Address bar spoofing is possible when βAtom XMLβ or βRSSβ data is loaded over HTTPS leading to phishing attacks. (CVE-2012-0479)
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(58893);
script_version("1.14");
script_cvs_date("Date: 2018/07/16 12:48:31");
script_cve_id(
"CVE-2011-3062",
"CVE-2012-0467",
"CVE-2012-0469",
"CVE-2012-0470",
"CVE-2012-0471",
"CVE-2012-0473",
"CVE-2012-0474",
"CVE-2012-0477",
"CVE-2012-0478",
"CVE-2012-0479"
);
script_bugtraq_id(
53219,
53220,
53222,
53223,
53224,
53225,
53227,
53228,
53229,
53231
);
script_name(english:"Firefox < 10.0.4 Multiple Vulnerabilities (Mac OS X)");
script_summary(english:"Checks version of Firefox");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mac OS X host contains a web browser that is affected by
multiple vulnerabilities."
);
script_set_attribute(
attribute:"description",
value:
"The installed version of Firefox is earlier than 10.0.4 and thus, is
potentially affected by the following security issues :
- An off-by-one error exists in the 'OpenType Sanitizer'
which can lead to out-bounds-reads and possible code
execution. (CVE-2011-3062)
- Memory safety issues exist that could lead
to arbitrary code execution. (CVE-2012-0467)
- A use-after-free error exists related to 'IDBKeyRange'
of 'indexedDB'. (CVE-2012-0469)
- Heap-corruption errors exist related to
'gfxImageSurface' which can lead to possible code
execution. (CVE-2012-0470)
- A multi-octet encoding issue exists that could allow
cross-site scripting attacks as certain octets in
multibyte character sets can destroy following octets.
(CVE-2012-0471)
- An error exists in 'WebGLBuffer' that can lead to the
reading of illegal video memory. (CVE-2012-0473)
- An unspecified error can allow URL bar spoofing.
(CVE-2012-0474)
- A decoding issue exists related to 'ISO-2022-KR' and
'ISO-2022-CN' character sets which can lead to cross-
site scripting attacks. (CVE-2012-0477)
- An error exists related to 'WebGL' and 'texImage2D'
that can allow application crashes and possibly code
execution when 'JSVAL_TO_OBJECT' is used on ordinary
objects. (CVE-2012-0478)
- Address bar spoofing is possible when 'Atom XML' or
'RSS' data is loaded over HTTPS leading to phishing
attacks. (CVE-2012-0479)"
);
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-20/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-22/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-23/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-24/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-26/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-27/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-29/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-30/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-31/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-33/");
script_set_attribute(
attribute:"solution",
value:"Upgrade to Firefox 10.0.4 ESR or later."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/24");
script_set_attribute(attribute:"patch_publication_date", value:"2012/04/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
script_dependencies("macosx_firefox_installed.nasl");
script_require_keys("MacOSX/Firefox/Installed");
exit(0);
}
include("mozilla_version.inc");
kb_base = "MacOSX/Firefox";
get_kb_item_or_exit(kb_base+"/Installed");
version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);
if (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');
mozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'10.0.4', severity:SECURITY_HOLE);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3062
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0467
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0469
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0470
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0471
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0473
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0474
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0477
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0478
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0479
www.mozilla.org/en-US/security/advisories/mfsa2012-20/
www.mozilla.org/en-US/security/advisories/mfsa2012-22/
www.mozilla.org/en-US/security/advisories/mfsa2012-23/
www.mozilla.org/en-US/security/advisories/mfsa2012-24/
www.mozilla.org/en-US/security/advisories/mfsa2012-26/
www.mozilla.org/en-US/security/advisories/mfsa2012-27/
www.mozilla.org/en-US/security/advisories/mfsa2012-29/
www.mozilla.org/en-US/security/advisories/mfsa2012-30/
www.mozilla.org/en-US/security/advisories/mfsa2012-31/
www.mozilla.org/en-US/security/advisories/mfsa2012-33/