MiracleLinux 3 : xulrunner-1.9.0.12-1.1AXS3 (AXSA:2009-365:02)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2009-365:02.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(284457);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/14");

  script_cve_id(
    "CVE-2009-2462",
    "CVE-2009-2463",
    "CVE-2009-2464",
    "CVE-2009-2465",
    "CVE-2009-2466",
    "CVE-2009-2467",
    "CVE-2009-2469",
    "CVE-2009-2471",
    "CVE-2009-2472"
  );

  script_name(english:"MiracleLinux 3 : xulrunner-1.9.0.12-1.1AXS3 (AXSA:2009-365:02)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the
AXSA:2009-365:02 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and
    portability.
    Fixed bugs:
    CVE-2009-2462
    The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a
    denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors
    related to (1) the frame chain and synchronous events, (2) a SetMayHaveFrame assertion and
    nsCSSFrameConstructor::CreateFloatingLetterFrame, (3) nsCSSFrameConstructor::ConstructFrame, (4) the child
    list and initial reflow, (5) GetLastSpecialSibling, (6) nsFrameManager::GetPrimaryFrameFor and MathML, (7)
    nsFrame::GetBoxAscent, (8) nsCSSFrameConstructor::AdjustParentFrame, (9) nsDOMOfflineResourceList, and
    (10) nsContentUtils::ComparePosition.
    CVE-2009-2463
    Integer overflow in a base64 decoding function in Mozilla Firefox before 3.0.12 and Thunderbird allows
    remote attackers to cause a denial of service (memory corruption and application crash) or possibly
    execute arbitrary code via unspecified vectors.
    CVE-2009-2464
    The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey
    2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and
    application crash) or possibly execute arbitrary code via vectors related to loading multiple RDF files in
    a XUL tree element.
    CVE-2009-2465
    Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory
    corruption and application crash) or execute arbitrary code via vectors involving double frame
    construction, related to (1) nsHTMLContentSink.cpp, (2) nsXMLContentSink.cpp, and (3) nsPresShell.cpp, and
    the nsSubDocumentFrame::Reflow function.
    CVE-2009-2466
    The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a
    denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors
    related to (1) nsDOMClassInfo.cpp, (2) JS_HashTableRawLookup, and (3) MirrorWrappedNativeParent and
    js_LockGCThingRT.
    CVE-2009-2467
    Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attackers to cause a denial of service
    (application crash) or possibly execute arbitrary code via vectors involving a Flash object, a slow script
    dialog, and the unloading of the Flash plugin, which triggers attempted use of a deleted object.
    CVE-2009-2469
    Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch
    function and an __defineSetter__ function, which allows remote attackers to cause a denial of service
    (memory corruption and application crash) or possibly execute arbitrary code via a crafted document,
    related to a certain pointer misinterpretation.
    CVE-2009-2471
    The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which
    allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related
    to XPCNativeWrapper.
    CVE-2009-2472
    Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object
    construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site
    scripting (XSS) attacks via a crafted document, related to a cross origin wrapper bypass.
    See also errata 2009-364-02

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/1003");
  script_set_attribute(attribute:"solution", value:
"Update the affected xulrunner package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-2471");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2009-2472");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/07/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/08/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:xulrunner");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:3");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 3.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'xulrunner-1.9.0.12-1.1AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'xulrunner');
}