Lucene search

K
nessusThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.MOZILLA_FIREFOX_1002.NASL
HistoryFeb 17, 2012 - 12:00 a.m.

Firefox 10.x < 10.0.2 'png_decompress_chunk' Integer Overflow

2012-02-1700:00:00
This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
www.tenable.com
16

The installed version of Firefox 10.x is earlier than 10.0.2 and is, therefore, potentially affected by an integer overflow vulnerability.

An integer overflow error exists in ‘libpng’, a library used by this application. When decompressing certain PNG image files, this error can allow a heap-based buffer overflow which can crash the application or potentially allow code execution.

#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(58005);
  script_version("1.7");
  script_cvs_date("Date: 2018/07/16 14:09:14");

  script_cve_id("CVE-2011-3026");
  script_bugtraq_id(52049);

  script_name(english:"Firefox 10.x < 10.0.2 'png_decompress_chunk' Integer Overflow");
  script_summary(english:"Checks version of Firefox");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote Windows host contains a web browser that is potentially
affected by an integer overflow vulnerability."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The installed version of Firefox 10.x is earlier than 10.0.2 and is,
therefore, potentially affected by an integer overflow vulnerability.

An integer overflow error exists in 'libpng', a library used by this
application. When decompressing certain PNG image files, this error
can allow a heap-based buffer overflow which can crash the
application or potentially allow code execution.");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-11/");
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6846f277");
  script_set_attribute(attribute:"solution", value:"Upgrade to Firefox 10.0.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/02/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/02/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");

  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("Mozilla/Firefox/Version");

  exit(0);
}

include("mozilla_version.inc");
port = get_kb_item_or_exit("SMB/transport"); 

installs = get_kb_list("SMB/Mozilla/Firefox/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");

mozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'10.0.2', min:'10.0', severity:SECURITY_HOLE);
VendorProductVersion
mozillafirefox
Related for MOZILLA_FIREFOX_1002.NASL