Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MACOSX_FIREFOX_31_3_ESR.NASL
HistoryDec 02, 2014 - 12:00 a.m.

Firefox ESR 31.x < 31.3 Multiple Vulnerabilities (Mac OS X)

2014-12-0200:00:00
This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
JSON

The version of Firefox ESR 31.x installed on the remote Mac OS X host is prior to 31.3. It is, therefore, affected by the following vulnerabilities :

  • Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1587, CVE-2014-1588)

  • A denial of service vulnerability exists due to improper parsing of a JavaScript object to the XMLHttpRequest API which can result in a crash.
    (CVE-2014-1590)

  • A use-after-free error exists due the creation of a second XML root element when parsing HTML written to a document created with ‘document.open()’ function which can result in arbitrary code execution. (CVE-2014-1592)

  • A buffer overflow vulnerability exists in the ‘mozilla::FileBlockCache::Read’ function when parsing media which can result in arbitrary code execution.
    (CVE-2014-1593)

  • A casting error exists when casting from the ‘BasicThebesLayer’ layer to the ‘BasicContainerLayer’ layer which can result in arbitrary code execution.
    (CVE-2014-1594)

  • An information disclosure vulnerability exists due to the CoreGraphic framework creating log files containing sensitive information in the ‘/tmp’ directory.
    (CVE-2014-1595)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(79661);
  script_version("1.7");
  script_cvs_date("Date: 2019/11/25");

  script_cve_id(
    "CVE-2014-1587",
    "CVE-2014-1588",
    "CVE-2014-1590",
    "CVE-2014-1592",
    "CVE-2014-1593",
    "CVE-2014-1594",
    "CVE-2014-1595"
  );
  script_bugtraq_id(
    71391,
    71392,
    71394,
    71395,
    71396,
    71397,
    71398
  );

  script_name(english:"Firefox ESR 31.x < 31.3 Multiple Vulnerabilities (Mac OS X)");
  script_summary(english:"Checks the version of Firefox.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Mac OS X host contains a web browser that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Firefox ESR 31.x installed on the remote Mac OS X host
is prior to 31.3. It is, therefore, affected by the following
vulnerabilities :

  - Multiple memory safety flaws exist within the browser
    engine. Exploiting these, an attacker can cause a denial
    of service or execute arbitrary code. (CVE-2014-1587,
    CVE-2014-1588)

  - A denial of service vulnerability exists due to
    improper parsing of a JavaScript object to the
    XMLHttpRequest API which can result in a crash.
    (CVE-2014-1590)

  - A use-after-free error exists due the creation of a
    second XML root element when parsing HTML written to a
    document created with 'document.open()' function which
    can result in arbitrary code execution. (CVE-2014-1592)

  - A buffer overflow vulnerability exists in the
    'mozilla::FileBlockCache::Read' function when parsing
    media which can result in arbitrary code execution.
    (CVE-2014-1593)

  - A casting error exists when casting from the
    'BasicThebesLayer' layer to the 'BasicContainerLayer'
    layer which can result in arbitrary code execution.
    (CVE-2014-1594)

  - An information disclosure vulnerability exists due to
    the CoreGraphic framework creating log files containing
    sensitive information in the '/tmp' directory.
    (CVE-2014-1595)");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-83.html");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-85.html");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-87.html");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-88.html");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-89.html");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-90.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Firefox ESR 31.3 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-1594");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/12/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox_esr");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_firefox_installed.nasl");
  script_require_keys("MacOSX/Firefox/Installed");

  exit(0);
}

include("mozilla_version.inc");

kb_base = "MacOSX/Firefox";
get_kb_item_or_exit(kb_base+"/Installed");

version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);

is_esr = get_kb_item(kb_base+"/is_esr");
if (isnull(is_esr)) audit(AUDIT_NOT_INST, "Mozilla Firefox ESR");

mozilla_check_version(product:'firefox', version:version, path:path, esr:TRUE, fix:'31.3', min:'31.0', severity:SECURITY_WARNING, xss:FALSE);
VendorProductVersionCPE
mozillafirefox_esrcpe:/a:mozilla:firefox_esr

Related

nessus 26
openvas 27
oraclelinux 2
redhat 2
centos 2
freebsd 1
securityvulns 3
mageia 2
archlinux 1
mozilla 6
ubuntucve 7
prion 7
cve 7
cvelist 7
veracode 5
ibm 1
gentoo 1
nessus
nessus
Mozilla Thunderbird < 31.3 Multiple Vulnerabilities
2014-12-04 00:00:00
openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2014:1654-1)
2014-12-18 00:00:00
Oracle Linux 6 : thunderbird (ELSA-2014-1924)
2014-12-03 00:00:00
openvas
openvas
Mozilla Firefox ESR Multiple Vulnerabilities-01 (Dec 2014) - Mac OS X
2014-12-16 00:00:00
Mozilla Thunderbird Multiple Vulnerabilities-01 (Dec 2014) - Mac OS X
2014-12-16 00:00:00
Debian Security Advisory DSA 3090-1 (iceweasel - security update)
2014-12-04 00:00:00
oraclelinux
oraclelinux
firefox security update
2014-12-03 00:00:00
thunderbird security update
2014-12-02 00:00:00
redhat
redhat
(RHSA-2014:1924) Important: thunderbird security update
2014-12-02 00:00:00
(RHSA-2014:1919) Critical: firefox security update
2014-12-02 00:00:00
centos
centos
thunderbird security update
2014-12-03 22:57:24
firefox security update
2014-12-03 22:51:38
freebsd
freebsd
mozilla -- multiple vulnerabilities
2014-12-01 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2014-12-08 00:00:00
Apple Mac OS X multiple security vulnerabilities
2015-02-02 00:00:00
APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001
2015-02-02 00:00:00
mageia
mageia
Updated firefox & thunderbird packages fix security vulnerabilities
2014-12-03 22:27:32
Updated iceape package fixes security vulnerabilities
2014-12-09 23:12:41
archlinux
archlinux
firefox: multiple issues
2014-12-03 00:00:00
mozilla
mozilla
Miscellaneous memory safety hazards (rv:34.0 / rv:31.3) — Mozilla
2014-12-02 00:00:00
Bad casting from the BasicThebesLayer to BasicContainerLayer — Mozilla
2014-12-02 00:00:00
XMLHttpRequest crashes with some input streams — Mozilla
2014-12-02 00:00:00
ubuntucve
ubuntucve
CVE-2014-1588
2014-12-02 00:00:00
CVE-2014-1595
2014-12-11 00:00:00
CVE-2014-1594
2014-12-02 00:00:00
prion
prion
Memory corruption
2014-12-11 11:59:00
Code injection
2014-12-11 11:59:00
Code injection
2014-12-11 11:59:00
cve
cve
CVE-2014-1588
2014-12-11 11:59:01
CVE-2014-1594
2014-12-11 11:59:08
CVE-2014-1590
2014-12-11 11:59:04
cvelist
cvelist
CVE-2014-1595
2014-12-11 11:00:00
CVE-2014-1588
2014-12-11 11:00:00
CVE-2014-1594
2014-12-11 11:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:05:37
Arbitrary Code Execution
2019-05-02 05:05:37
Arbitrary Code Execution
2019-05-02 05:05:37
ibm
ibm
Security Bulletin: Mozilla Firefox vulnerability issues in IBM SONAS (CVE-2014-1574, CVE-2014-1576, CVE-2014-1577, CVE-2014-1578, CVE-2014-1581, CVE-2014-1583, CVE-2014-1587, CVE-2014-1588, and 11 more)
2018-06-18 00:09:21
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
JSON
Related for MACOSX_FIREFOX_31_3_ESR.NASL
nessus26openvas27oraclelinux2redhat2centos2freebsd1securityvulns3mageia2archlinux1mozilla6ubuntucve7prion7cve7cvelist7veracode5ibm1gentoo1