MiracleLinux 3 : firefox-10.0.11-1.0.1.AXS3, xulrunner-10.0.11-1.0.1.AXS3 (AXSA:2012-979:05)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2012-979:05.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(284404);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/14");

  script_cve_id(
    "CVE-2012-1956",
    "CVE-2012-1970",
    "CVE-2012-1972",
    "CVE-2012-1973",
    "CVE-2012-1974",
    "CVE-2012-1975",
    "CVE-2012-1976",
    "CVE-2012-3956",
    "CVE-2012-3957",
    "CVE-2012-3958",
    "CVE-2012-3959",
    "CVE-2012-3960",
    "CVE-2012-3961",
    "CVE-2012-3962",
    "CVE-2012-3963",
    "CVE-2012-3964",
    "CVE-2012-3966",
    "CVE-2012-3967",
    "CVE-2012-3968",
    "CVE-2012-3969"
  );

  script_name(english:"MiracleLinux 3 : firefox-10.0.11-1.0.1.AXS3, xulrunner-10.0.11-1.0.1.AXS3 (AXSA:2012-979:05)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2012-979:05 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and
    portability.
    XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications that are as
    rich as Firefox and Thunderbird. It provides mechanisms for installing, upgrading, and uninstalling these
    applications. XULRunner also provides libxul, a solution which allows the embedding of Mozilla
    technologies in other projects and products.
    Security issues fixed with this release:
     CVE-2012-1956
    Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the
    Object.defineProperty method to shadow the location object (aka window.location), which makes it easier
    for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.
     CVE-2012-1970
    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR
    10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12
    allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly
    execute arbitrary code via unknown vectors.
     CVE-2012-1972
    Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox
    before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7,
    and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service
    (heap memory corruption) via unspecified vectors.
     CVE-2012-1973
    Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before
    15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and
    SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap
    memory corruption) via unspecified vectors.
     CVE-2012-1974
    Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before
    15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and
    SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap
    memory corruption) via unspecified vectors.
     CVE-2012-1975
    Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0,
    Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey
    before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory
    corruption) via unspecified vectors.
     CVE-2012-1976
    Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox
    before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7,
    and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service
    (heap memory corruption) via unspecified vectors.
     CVE-2012-3956
    Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before
    15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and
    SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap
    memory corruption) via unspecified vectors.
     CVE-2012-3957
    Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0,
    Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey
    before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.
     CVE-2012-3958
    Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox
    before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7,
    and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service
    (heap memory corruption) via unspecified vectors.
     CVE-2012-3959
    Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before
    15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and
    SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap
    memory corruption) via unspecified vectors.
     CVE-2012-3960
    Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox
    before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7,
    and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service
    (heap memory corruption) via unspecified vectors.
     CVE-2012-3961
    Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR
    10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12
    allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption)
    via unspecified vectors.
     CVE-2012-3962
    Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x
    before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run,
    which allows remote attackers to execute arbitrary code via a crafted document.
     CVE-2012-3963
    Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0,
    Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey
    before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.
     CVE-2012-3964
    Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0,
    Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey
    before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory
    corruption) via unspecified vectors.
     CVE-2012-3966
    Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x
    before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a
    denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file,
    related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2)
    improper processing of the alpha channel by the nsBMPDecoder component.
     CVE-2012-3967
    The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird
    before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number
    of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers
    to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site.
     CVE-2012-3968
    Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x
    before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12
    allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by
    its accessor.
     CVE-2012-3969
    Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox
    ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before
    2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that triggers an incorrect
    sum calculation, leading to a heap-based buffer overflow.
     CVE-2012-3970
    Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox
    ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before
    2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory
    corruption) via vectors involving movement of a requiredFeatures attribute from one SVG document to
    another.
     CVE-2012-3972
    The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR
    10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12
    allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based
    buffer over-read.
     CVE-2012-3976
    Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly
    handle onLocationChange events during navigation between different https sites, which allows remote
    attackers to spoof the X.509 certificate information in the address bar via a crafted web page.
     CVE-2012-3978
    The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7,
    Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly
    follow the security model of the location object, which allows remote attackers to bypass intended
    content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code.
     CVE-2012-3980
    The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0,
    and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary
    JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval
    operation.
     CVE-2012-3982
    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR
    10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13
    allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly
    execute arbitrary code via unknown vectors.
     CVE-2012-3986
    Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x
    before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka
    nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via
    crafted JavaScript code.
     CVE-2012-3988
    Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird
    before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted
    remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter
    full-screen mode, and use of the history.back method for backwards history navigation.
     CVE-2012-3990
    Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0,
    Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey
    before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, related to the
    nsIContent::GetNameSpaceID function.
     CVE-2012-3991
    Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x
    before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty
    function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified
    other impact via a crafted web site.
     CVE-2012-3992
    Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x
    before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote
    attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors
    involving a location.hash write operation and history navigation that triggers the loading of a URL into
    the history object.
     CVE-2012-3993
    The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before
    10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not
    properly interact with failures of InstallTrigger methods, which allows remote attackers to execute
    arbitrary JavaScript code with chrome privileges via a crafted web site, related to an XrayWrapper
    pollution issue.
     CVE-2012-3994
    Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x
    before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS)
    attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the
    relationship between top.location and the location property.
     CVE-2012-3995
    The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8,
    Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote
    attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified
    vectors.
     CVE-2012-4179
    Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox
    before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8,
    and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service
    (heap memory corruption) via unspecified vectors.
     CVE-2012-4180
    Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox
    before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8,
    and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.
     CVE-2012-4181
    Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before
    16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and
    SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap
    memory corruption) via unspecified vectors.
     CVE-2012-4182
    Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0,
    Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey
    before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory
    corruption) via unspecified vectors.
     CVE-2012-4183
    Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before
    16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and
    SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap
    memory corruption) via unspecified vectors.
     CVE-2012-4184
    The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before
    10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not
    prevent access to properties of a prototype for a standard class, which allows remote attackers to execute
    arbitrary JavaScript code with chrome privileges via a crafted web site.
     CVE-2012-4185
    Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x
    before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13
    allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption)
    via unspecified vectors.
     CVE-2012-4186
    Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0,
    Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey
    before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.
     CVE-2012-4187
    Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x
    before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows
    remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and
    assertion failure) via unspecified vectors.
     CVE-2012-4188
    Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x
    before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13
    allows remote attackers to execute arbitrary code via unspecified vectors.
     CVE-2012-4193
    Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR
    10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during
    the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and
    read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.
     CVE-2012-4194
    Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR
    10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the
    location object (aka window.location), which makes it easier for remote attackers to conduct cross-site
    scripting (XSS) attacks via vectors involving a plugin.
     CVE-2012-4195
    The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10,
    Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not
    properly determine the calling document and principal in its return value, which makes it easier for
    remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier
    for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior.
     CVE-2012-4196
    Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR
    10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy
    and read the Location object via a prototype property-injection attack that defeats certain protection
    mechanisms for this object.
     CVE-2012-4201
    The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11,
    Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect
    context during the handling of JavaScript code that sets the location.href property, which allows remote
    attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed
    add-on.
     CVE-2012-4202
    Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0,
    Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and
    SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image.
     CVE-2012-4207
    The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before
    10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not
    properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to
    conduct cross-site scripting (XSS) attacks via a crafted document.
     CVE-2012-4209
    Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR
    10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a top frame name-attribute value to
    access the location property, which makes it easier for remote attackers to conduct cross-site scripting
    (XSS) attacks via vectors involving a binary plugin.
     CVE-2012-4210
    The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly
    restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-
    assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted
    stylesheet.
     CVE-2012-4214
    Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before
    17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and
    SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap
    memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-5840.
     CVE-2012-4215
    Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox
    before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before
    10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of
    service (heap memory corruption) via unspecified vectors.
     CVE-2012-4216
    Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox
    ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey
    before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory
    corruption) via unspecified vectors.
     CVE-2012-5829
    Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox
    ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey
    before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.
     CVE-2012-5830
    Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird
    before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote
    attackers to execute arbitrary code via an HTML document.
     CVE-2012-5833
    The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x
    before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14
    does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or
    cause a denial of service (memory corruption and application crash) via function calls involving certain
    values of the level parameter.
     CVE-2012-5835
    Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11,
    Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote
    attackers to execute arbitrary code or cause a denial of service (invalid write operation) via crafted
    data.
     CVE-2012-5839
    Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla
    Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before
    10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified
    vectors.
     CVE-2012-5840
    Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before
    17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and
    SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap
    memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214.
     CVE-2012-5841
    Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR
    10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior
    that does not properly restrict write actions, which allows remote attackers to conduct cross-site
    scripting (XSS) attacks via a crafted web site.
     CVE-2012-5842
    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR
    10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before
    2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or
    possibly execute arbitrary code via unknown vectors.
    Fixed bugs:
     Added the new configuration option, storage.nfs_filesystem, to use when personal Firefox configuration
    files (~/.mozilla/) are stored on a NFS share.
     The out-of-process plug-ins feature are now enabled by default to prevent Firefox from crashing when
    accessing a page containinga flash object and the flash plug-in and the nswrapperplugin plug-in viewer
    were installed

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/3573");
  script_set_attribute(attribute:"solution", value:
"Update the affected firefox and / or xulrunner packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-3968");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2012-1956");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/12/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:firefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:xulrunner");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:3");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 3.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'firefox-10.0.11-1.0.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0', 'allowmaj':TRUE},
      {'reference':'xulrunner-10.0.11-1.0.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox / xulrunner');
}