Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.MOZILLA_179.NASL
HistoryJul 13, 2005 - 12:00 a.m.

Mozilla Browser < 1.7.9 Multiple Vulnerabilities

2005-07-1300:00:00
This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
www.tenable.com
16
JSON

The remote version of this software contains various security issues, one of which may allow an attacker to execute arbitrary code on the remote host.

#
# (C) Tenable Network Security, Inc.
#



include("compat.inc");

if (description) {
  script_id(18813);
  script_version("1.25");

  script_cve_id(
    "CVE-2004-0718", 
    "CVE-2005-1937", 
    "CVE-2005-2260", 
    "CVE-2005-2261", 
    "CVE-2005-2263", 
    "CVE-2005-2265", 
    "CVE-2005-2266", 
    "CVE-2005-2268", 
    "CVE-2005-2269", 
    "CVE-2005-2270"
  );
  script_bugtraq_id(14242);

  script_name(english:"Mozilla Browser < 1.7.9 Multiple Vulnerabilities");
 
 script_set_attribute(attribute:"synopsis", value:
"A web browser installed on the remote host contains multiple
vulnerabilities." );
 script_set_attribute(attribute:"description", value:
"The remote version of this software contains various security issues,
one of which may allow an attacker to execute arbitrary code on the
remote host." );
 script_set_attribute(attribute:"see_also", value:"https://www-archive.mozilla.org:443/security/announce/2005/mfsa2005-45.html" );
 script_set_attribute(attribute:"see_also", value:"https://www-archive.mozilla.org:443/security/announce/2005/mfsa2005-46.html" );
 script_set_attribute(attribute:"see_also", value:"https://www-archive.mozilla.org:443/security/announce/2005/mfsa2005-48.html" );
 script_set_attribute(attribute:"see_also", value:"https://www-archive.mozilla.org:443/security/announce/2005/mfsa2005-50.html" );
 script_set_attribute(attribute:"see_also", value:"https://www-archive.mozilla.org:443/security/announce/2005/mfsa2005-51.html" );
 script_set_attribute(attribute:"see_also", value:"https://www-archive.mozilla.org:443/security/announce/2005/mfsa2005-52.html" );
 script_set_attribute(attribute:"see_also", value:"https://www-archive.mozilla.org:443/security/announce/2005/mfsa2005-54.html" );
 script_set_attribute(attribute:"see_also", value:"https://www-archive.mozilla.org:443/security/announce/2005/mfsa2005-55.html" );
 script_set_attribute(attribute:"see_also", value:"https://www-archive.mozilla.org:443/security/announce/2005/mfsa2005-56.html" );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2005/Sep/235");
 script_set_attribute(attribute:"solution", value:
"Upgrade to Mozilla 1.7.9 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploited_by_malware", value:"true");
 script_set_attribute(attribute:"metasploit_name", value:'Mozilla Suite/Firefox compareTo() Code Execution');
 script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value: "2005/07/13");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/06/30");
 script_set_attribute(attribute:"patch_publication_date", value: "2004/06/22");
 script_cvs_date("Date: 2018/11/15 20:50:27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe",value:"cpe:/a:mozilla:mozilla");
script_set_attribute(attribute:"cpe",value:"cpe:/a:mozilla:firefox");
script_set_attribute(attribute:"cpe",value:"cpe:/a:mozilla:thunderbird");
script_set_attribute(attribute:"cpe",value:"cpe:/a:mozilla:firebirdsql:firebird");
script_set_attribute(attribute:"cpe",value:"cpe:/a:netscape:navigator");
script_end_attributes();

  script_summary(english:"Checks for Mozilla < 1.7.9");
  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");
  script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("Mozilla/Version");
  exit(0);
}

#

include("misc_func.inc");


ver = read_version_in_kb("Mozilla/Version");
if (isnull(ver)) exit(0);

if (
  ver[0] < 1 ||
  (
    ver[0] == 1 &&
    (
      ver[1] < 7 ||
      (ver[1] == 7 && ver[2] < 9)
    )
  )
) security_hole(get_kb_item("SMB/transport"));
VendorProductVersionCPE
mozillamozillacpe:/a:mozilla:mozilla
mozillafirefoxcpe:/a:mozilla:firefox
mozillathunderbirdcpe:/a:mozilla:thunderbird
mozillafirebirdsqlfirebirdcpe:/a:mozilla:firebirdsql:firebird
netscapenavigatorcpe:/a:netscape:navigator

References

Related

debian 12
openvas 26
osv 6
nessus 33
redhat 4
ubuntu 4
centos 4
suse 10
freebsd 2
cve 10
ubuntucve 10
securityvulns 1
packetstorm 1
cert 1
slackware 1
debian
debian
[SECURITY] [DSA 810-1] New Mozilla packages fix several vulnerabilities
2005-09-13 12:55:40
[SECURITY] [DSA 810-1] New Mozilla packages fix several vulnerabilities
2005-09-13 12:55:40
[SECURITY] [DSA 779-2] New Mozilla Firefox packages fix several vulnerabilities
2005-09-01 14:06:47
openvas
openvas
Debian: Security Advisory (DSA-810-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 810-1 (mozilla)
2008-01-17 00:00:00
Ubuntu: Security Advisory (USN-149-1)
2022-08-26 00:00:00
osv
osv
mozilla - several
2005-09-13 00:00:00
mozilla-firefox - several
2005-08-20 00:00:00
mozilla-firefox - several
2005-08-20 00:00:00
nessus
nessus
Fedora Core 4 : mozilla-1.7.10-1.5.1 (2005-619)
2005-07-22 00:00:00
Fedora Core 3 : mozilla-1.7.10-1.3.1 (2005-616)
2005-07-22 00:00:00
Ubuntu 5.04 : mozilla-firefox vulnerabilities (USN-149-1)
2006-01-15 00:00:00
redhat
redhat
(RHSA-2005:587) mozilla security update
2005-07-22 00:00:00
(RHSA-2005:586) firefox security update
2005-07-21 00:00:00
(RHSA-2005:601) thunderbird security update
2005-07-21 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2005-07-21 00:00:00
Mozilla vulnerabilities
2005-07-27 00:00:00
Mozilla Thunderbird vulnerabilities
2005-08-01 00:00:00
centos
centos
devhelp, mozilla security update
2005-07-22 15:23:45
galeon, mozilla security update
2005-07-25 01:17:58
firefox security update
2005-07-21 21:28:02
suse
suse
information leak in mozilla,MozillaFirefox,epiphany,galeon
2005-08-11 15:28:02
remote code execution in MozillaThunderbird
2006-04-25 13:15:04
remote code execution in phpMyAdmin
2006-01-26 13:53:52
freebsd
freebsd
firefox & mozilla -- multiple vulnerabilities
2005-07-12 00:00:00
Mutiple browser frame injection vulnerability
2004-08-11 00:00:00
cve
cve
CVE-2005-1937
2005-06-14 04:00:00
CVE-2005-2260
2005-07-13 04:00:00
CVE-2005-2261
2005-07-13 04:00:00
ubuntucve
ubuntucve
CVE-2005-1937
2005-06-14 00:00:00
CVE-2005-2265
2005-07-13 00:00:00
CVE-2005-2261
2005-07-13 00:00:00
securityvulns
securityvulns
[NEWS] XBL Implementation Allows Script Execution &#40;Gecko&#41;
2005-07-27 00:00:00
packetstorm
packetstorm
Mozilla Firefox Code Execution
2009-10-27 00:00:00
cert
cert
Mozilla insecurely clones objects and member functions
2005-08-01 00:00:00
slackware
slackware
[slackware-security] Mozilla
2004-08-10 21:17:12
JSON
Related for MOZILLA_179.NASL
debian12openvas26osv6nessus33redhat4ubuntu4centos4suse10freebsd2cve10ubuntucve10securityvulns1packetstorm1cert1slackware1