Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2005-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2005-170.NASL
HistoryOct 05, 2005 - 12:00 a.m.

Mandrake Linux Security Advisory : mozilla (MDKSA-2005:170)

2005-10-0500:00:00
This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.
www.tenable.com
11
JSON

A number of vulnerabilities have been discovered in Mozilla that have been corrected in version 1.7.12 :

A bug in the way Mozilla processes XBM images could be used to execute arbitrary code via a specially crafted XBM image file (CVE-2005-2701).

A bug in the way Mozilla handles certain Unicode sequences could be used to execute arbitrary code via viewing a specially crafted Unicode sequence (CVE-2005-2702).

A bug in the way Mozilla makes XMLHttp requests could be abused by a malicious web page to exploit other proxy or server flaws from the victim’s machine; however, the default behaviour of the browser is to disallow this (CVE-2005-2703).

A bug in the way Mozilla implemented its XBL interface could be abused by a malicious web page to create an XBL binding in such a way as to allow arbitrary JavaScript execution with chrome permissions (CVE-2005-2704).

An integer overflow in Mozilla’s JavaScript engine could be manipulated in certain conditions to allow a malicious web page to execute arbitrary code (CVE-2005-2705).

A bug in the way Mozilla displays about: pages could be used to execute JavaScript with chrome privileges (CVE-2005-2706).

A bug in the way Mozilla opens new windows could be used by a malicious web page to construct a new window without any user interface elements (such as address bar and status bar) that could be used to potentially mislead the user (CVE-2005-2707).

Tom Ferris reported that Firefox would crash when processing a domain name consisting solely of soft-hyphen characters due to a heap overflow when IDN processing results in an empty string after removing non- wrapping chracters, such as soft-hyphens. This could be exploited to run or or install malware on the user’s computer (CVE-2005-2871).

The updated packages have been patched to address these issues and all users are urged to upgrade immediately.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2005:170. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(19923);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2005-2701", "CVE-2005-2702", "CVE-2005-2703", "CVE-2005-2704", "CVE-2005-2705", "CVE-2005-2706", "CVE-2005-2707", "CVE-2005-2871");
  script_xref(name:"MDKSA", value:"2005:170");

  script_name(english:"Mandrake Linux Security Advisory : mozilla (MDKSA-2005:170)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A number of vulnerabilities have been discovered in Mozilla that have
been corrected in version 1.7.12 :

A bug in the way Mozilla processes XBM images could be used to execute
arbitrary code via a specially crafted XBM image file (CVE-2005-2701).

A bug in the way Mozilla handles certain Unicode sequences could be
used to execute arbitrary code via viewing a specially crafted Unicode
sequence (CVE-2005-2702).

A bug in the way Mozilla makes XMLHttp requests could be abused by a
malicious web page to exploit other proxy or server flaws from the
victim's machine; however, the default behaviour of the browser is to
disallow this (CVE-2005-2703).

A bug in the way Mozilla implemented its XBL interface could be abused
by a malicious web page to create an XBL binding in such a way as to
allow arbitrary JavaScript execution with chrome permissions
(CVE-2005-2704).

An integer overflow in Mozilla's JavaScript engine could be
manipulated in certain conditions to allow a malicious web page to
execute arbitrary code (CVE-2005-2705).

A bug in the way Mozilla displays about: pages could be used to
execute JavaScript with chrome privileges (CVE-2005-2706).

A bug in the way Mozilla opens new windows could be used by a
malicious web page to construct a new window without any user
interface elements (such as address bar and status bar) that could be
used to potentially mislead the user (CVE-2005-2707).

Tom Ferris reported that Firefox would crash when processing a domain
name consisting solely of soft-hyphen characters due to a heap
overflow when IDN processing results in an empty string after removing
non- wrapping chracters, such as soft-hyphens. This could be exploited
to run or or install malware on the user's computer (CVE-2005-2871).

The updated packages have been patched to address these issues and all
users are urged to upgrade immediately."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.mozilla.org/security/announce/mfsa2005-57.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.mozilla.org/security/announce/mfsa2005-58.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_cwe_id(94);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nspr4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nspr4-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nss3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nss3-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnspr4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnspr4-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnss3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnss3-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-dom-inspector");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-enigmail");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-enigmime");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-irc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-js-debugger");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-mail");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-spellchecker");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/09/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64nspr4-1.7.8-0.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64nspr4-devel-1.7.8-0.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64nss3-1.7.8-0.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64nss3-devel-1.7.8-0.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libnspr4-1.7.8-0.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libnspr4-devel-1.7.8-0.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libnss3-1.7.8-0.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libnss3-devel-1.7.8-0.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"mozilla-1.7.8-0.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"mozilla-devel-1.7.8-0.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"mozilla-dom-inspector-1.7.8-0.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"mozilla-enigmail-1.7.8-0.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"mozilla-enigmime-1.7.8-0.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"mozilla-irc-1.7.8-0.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"mozilla-js-debugger-1.7.8-0.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"mozilla-mail-1.7.8-0.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"mozilla-spellchecker-1.7.8-0.3.101mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxlib64nspr4p-cpe:/a:mandriva:linux:lib64nspr4
mandrivalinuxlib64nspr4-develp-cpe:/a:mandriva:linux:lib64nspr4-devel
mandrivalinuxlib64nss3p-cpe:/a:mandriva:linux:lib64nss3
mandrivalinuxlib64nss3-develp-cpe:/a:mandriva:linux:lib64nss3-devel
mandrivalinuxlibnspr4p-cpe:/a:mandriva:linux:libnspr4
mandrivalinuxlibnspr4-develp-cpe:/a:mandriva:linux:libnspr4-devel
mandrivalinuxlibnss3p-cpe:/a:mandriva:linux:libnss3
mandrivalinuxlibnss3-develp-cpe:/a:mandriva:linux:libnss3-devel
mandrivalinuxmozillap-cpe:/a:mandriva:linux:mozilla
mandrivalinuxmozilla-develp-cpe:/a:mandriva:linux:mozilla-devel
Rows per page:
1-10 of 181

Related

nessus 36
gentoo 1
openvas 19
debian 8
freebsd 2
suse 3
osv 4
ubuntu 2
centos 7
redhat 5
ubuntucve 8
cvelist 8
checkpoint_advisories 5
cve 8
securityvulns 1
packetstorm 1
cert 1
nessus
nessus
GLSA-200509-11 : Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities
2005-10-05 00:00:00
Fedora Core 4 : mozilla-1.7.12-1.5.1 (2005-927)
2005-10-05 00:00:00
FreeBSD : firefox & mozilla -- multiple vulnerabilities (8f5dd74b-2c61-11da-a263-0001020eed82)
2006-05-13 00:00:00
gentoo
gentoo
Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities
2005-09-18 00:00:00
openvas
openvas
Debian Security Advisory DSA 838-1 (mozilla-firefox)
2008-01-17 00:00:00
FreeBSD Ports: firefox
2008-09-04 00:00:00
SLES9: Security update for Mozilla
2009-10-10 00:00:00
debian
debian
[SECURITY] [DSA 838-1] New mozilla-firefox packages fox multiple vulnerabilities
2005-10-03 00:48:53
[SECURITY] [DSA 838-1] New mozilla-firefox packages fox multiple vulnerabilities
2005-10-02 00:00:00
[SECURITY] [DSA 868-1] New Mozilla Thunderbird packages fix several vulnerabilities
2005-10-20 15:11:33
freebsd
freebsd
firefox & mozilla -- multiple vulnerabilities
2005-09-22 00:00:00
firefox & mozilla -- buffer overflow vulnerability
2005-09-08 00:00:00
suse
suse
remote code execution in mozilla,MozillaFirefox
2005-09-30 09:06:58
remote code execution in MozillaThunderbird
2006-04-25 13:15:04
remote code execution in phpMyAdmin
2006-01-26 13:53:52
osv
osv
mozilla-firefox - multiple vulnerabilities
2005-10-02 00:00:00
mozilla-thunderbird - several
2005-10-20 00:00:00
mozilla - several
2005-10-20 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2005-10-11 00:00:00
Mozilla products vulnerability
2005-09-12 00:00:00
centos
centos
devhelp, mozilla security update
2005-09-22 22:45:24
thunderbird security update
2005-10-06 23:10:29
galeon, mozilla security update
2005-09-23 00:52:45
redhat
redhat
(RHSA-2005:791) thunderbird security update
2005-10-06 00:00:00
(RHSA-2005:789) mozilla security update
2005-09-22 00:00:00
(RHSA-2005:785) firefox security update
2005-09-22 00:00:00
ubuntucve
ubuntucve
CVE-2005-2701
2005-09-23 00:00:00
CVE-2005-2705
2005-09-23 00:00:00
CVE-2005-2706
2005-09-23 00:00:00
cvelist
cvelist
CVE-2005-2701
2005-09-23 04:00:00
CVE-2005-2704
2005-09-23 04:00:00
CVE-2005-2702
2005-09-23 04:00:00
checkpoint_advisories
checkpoint_advisories
Firefox XBM Image Processing Buffer Overflow (CVE-2005-2701)
2010-03-01 00:00:00
Mozilla Firefox Chrome Page Loading Restriction Bypass (CVE-2005-2706)
2009-11-05 00:00:00
Mozilla Firefox Unicode Sequence Handling Stack Corruption (CVE-2005-2702)
2009-10-06 00:00:00
cve
cve
CVE-2005-2701
2005-09-23 19:03:00
CVE-2005-2704
2005-09-23 19:03:00
CVE-2005-2707
2005-09-23 19:03:00
securityvulns
securityvulns
[NEWS] Gecko based browsers Stack Corruption
2005-09-26 00:00:00
packetstorm
packetstorm
pwnzilla.txt
2005-09-23 00:00:00
cert
cert
Mozilla-based browsers contain a buffer overflow in handling URIs containing a malformed IDN hostname
2005-09-09 00:00:00
JSON
Related for MANDRAKE_MDKSA-2005-170.NASL
nessus36gentoo1openvas19debian8freebsd2suse3osv4ubuntu2centos7redhat5ubuntucve8cvelist8checkpoint_advisories5cve8securityvulns1packetstorm1cert1