MiracleLinux 3 : firefox-3.0.15-3.1AXS3 (AXSA:2009-419:04)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2009-419:04.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(284333);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/14");

  script_cve_id(
    "CVE-2009-3274",
    "CVE-2009-3370",
    "CVE-2009-3372",
    "CVE-2009-3373",
    "CVE-2009-3374",
    "CVE-2009-3375",
    "CVE-2009-3376",
    "CVE-2009-3380",
    "CVE-2009-3382"
  );

  script_name(english:"MiracleLinux 3 : firefox-3.0.15-3.1AXS3 (AXSA:2009-419:04)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2009-419:04 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and
    portability.
    NSPR provides platform independence for non-GUI operating system facilities. These facilities include
    threads, thread synchronization, normal file and network I/O, interval timing and calendar time, basic
    memory management (malloc and free) and shared library linking.
    XULRunner provides the XUL Runtime environment for Gecko applications.
    nspr packages are included
    Security bugs fixed with this release:
    CVE-2009-1563
    Array index error in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows remote attackers to
    execute arbitrary code via a long string that triggers incorrect memory allocation and a heap-based buffer
    overflow during conversion to a floating-point number.
    CVE-2009-3274
    Mozilla Firefox 3.6a1, 3.5.2, and earlier 2.x and 3.x versions on Linux uses a predictable /tmp pathname
    for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded
    file by placing a file in a /tmp location before the download occurs, possibly related to the Archive
    Manager component.
    NOTE: some of these details are obtained from third party information.
    CVE-2009-3370
    Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by
    forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an
    attacker-readable form, with history entries.
    CVE-2009-3372
    Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to
    execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.
    CVE-2009-3373
    Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before
    3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified
    vectors.
    CVE-2009-3374
    The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before
    3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome
    privileged code and objects obtained from remote web sites, which allows remote attackers to execute
    arbitrary JavaScript with chrome privileges via unspecified method calls, related to doubly-wrapped
    objects.
    CVE-2009-3375
    content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4
    allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content
    selection via the document.getSelection function.
    CVE-2009-3376
    Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a
    right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote
    attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable
    extension for an executable file.
    CVE-2009-3380
    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and
    3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application
    crash) or possibly execute arbitrary code via unknown vectors.
    CVE-2009-3382
    layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does
    not properly handle first-letter frames, which allows remote attackers to cause a denial of service
    (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/1057");
  script_set_attribute(attribute:"solution", value:
"Update the affected firefox and / or xulrunner packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-3382");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2009-3380");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/09/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/11/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:firefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:xulrunner");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:3");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 3.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'firefox-3.0.15-3.1AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0', 'allowmaj':TRUE},
      {'reference':'xulrunner-1.9.0.15-3.1AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox / xulrunner');
}