Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.MOZILLA_FIREFOX_108.NASL
HistoryDec 21, 2007 - 12:00 a.m.

Firefox < 1.0.8 Multiple Vulnerabilities

2007-12-2100:00:00
This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
www.tenable.com
15
JSON

The installed version of Firefox contains various security issues, some of which may lead to execution of arbitrary code on the affected host subject to the user’s privileges.

#
# (C) Tenable Network Security, Inc.
#

if (NASL_LEVEL < 3004) exit(1);


include("compat.inc");

if (description)
{
  script_id(29744);
  script_version("1.14");

  script_cve_id("CVE-2005-4134", "CVE-2006-0292", "CVE-2006-0296", "CVE-2006-0748", "CVE-2006-0749",
                "CVE-2006-1727", "CVE-2006-1728", "CVE-2006-1729", "CVE-2006-1730", "CVE-2006-1731",
                "CVE-2006-1732", "CVE-2006-1733", "CVE-2006-1734", "CVE-2006-1735", "CVE-2006-1736",
                "CVE-2006-1737", "CVE-2006-1738", "CVE-2006-1739", "CVE-2006-1740", "CVE-2006-1741",
                "CVE-2006-1742", "CVE-2006-1790");
  script_bugtraq_id(15773, 16476, 17516);

  script_name(english:"Firefox < 1.0.8 Multiple Vulnerabilities");
  script_summary(english:"Checks Firefox version number");

 script_set_attribute(attribute:"synopsis", value:
"A web browser on the remote host is prone to multiple flaws." );
 script_set_attribute(attribute:"description", value:
"The installed version of Firefox contains various security issues,
some of which may lead to execution of arbitrary code on the affected
host subject to the user's privileges." );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-01/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-03/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-05/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-09/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-10/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-11/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-12/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-13/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-14/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-15/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-16/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-17/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-18/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-19/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-22/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-23/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-24/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-25/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-27/" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to Firefox 1.0.8 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"metasploit_name", value:'Firefox location.QueryInterface() Code Execution');
 script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
 script_cwe_id(20, 79, 119, 189, 264, 399);

 script_set_attribute(attribute:"plugin_publication_date", value: "2007/12/21");
 script_set_attribute(attribute:"vuln_publication_date", value: "2005/12/07");
 script_cvs_date("Date: 2018/07/16 14:09:14");
 script_set_attribute(attribute:"patch_publication_date", value: "2006/04/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");
  script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("Mozilla/Firefox/Version");
  exit(0);
}

include("mozilla_version.inc");
port = get_kb_item_or_exit("SMB/transport"); 

installs = get_kb_list("SMB/Mozilla/Firefox/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");

mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'1.0.8', severity:SECURITY_HOLE);
VendorProductVersionCPE
mozillafirefoxcpe:/a:mozilla:firefox

References

Related

ubuntu 3
gentoo 3
openvas 16
nessus 42
osv 3
debian 8
suse 3
redhat 5
centos 7
freebsd 1
securityvulns 3
mozilla 15
cert 8
cve 18
debiancve 17
kaspersky 1
ubuntucve 18
prion 18
checkpoint_advisories 8
zdi 2
ubuntu
ubuntu
Firefox vulnerabilities
2006-04-20 00:00:00
Mozilla vulnerabilities
2006-04-28 00:00:00
Thunderbird vulnerabilities
2006-05-03 00:00:00
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2006-04-23 00:00:00
Mozilla Suite: Multiple vulnerabilities
2006-04-28 00:00:00
Mozilla Thunderbird: Multiple vulnerabilities
2006-05-08 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200604-12 (mozilla-firefox)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200604-12 (mozilla-firefox)
2008-09-24 00:00:00
Debian Security Advisory DSA 1044-1 (mozilla-firefox)
2008-01-17 00:00:00
nessus
nessus
GLSA-200604-12 : Mozilla Firefox: Multiple vulnerabilities
2006-04-26 00:00:00
Debian DSA-1044-1 : mozilla-firefox - several vulnerabilities
2006-10-14 00:00:00
Ubuntu 4.10 / 5.04 / 5.10 : mozilla vulnerabilities (USN-275-1)
2006-04-28 00:00:00
osv
osv
mozilla-firefox - several
2006-04-26 00:00:00
mozilla-thunderbird - several vulnerabilities
2006-05-04 00:00:00
mozilla - several
2006-04-27 00:00:00
debian
debian
[SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilities
2006-04-26 16:02:42
[SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilities
2006-04-26 16:58:22
[SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilities
2006-04-26 16:02:42
suse
suse
remote code execution in MozillaFirefox,mozilla
2006-04-20 13:13:08
remote code execution in MozillaThunderbird
2006-04-25 13:15:04
remote code execution in phpMyAdmin
2006-01-26 13:53:52
redhat
redhat
(RHSA-2006:0328) firefox security update
2006-04-14 00:00:00
(RHSA-2006:0329) mozilla security update
2006-04-18 00:00:00
(RHSA-2006:0330) thunderbird security update
2006-04-21 00:00:00
centos
centos
firefox security update
2006-04-14 18:00:35
thunderbird security update
2006-04-21 17:41:34
galeon, mozilla security update
2006-04-18 23:53:59
freebsd
freebsd
mozilla -- multiple vulnerabilities
2006-04-13 00:00:00
securityvulns
securityvulns
US-CERT Technical Cyber Security Alert TA06-107A -- Mozilla Products Contain Multiple Vulnerabilities
2006-04-18 00:00:00
[Full-disclosure] ZDI-06-011: Mozilla Firefox Table Rebuilding Code Execution Vulnerability
2006-04-26 00:00:00
[Full-disclosure] ZDI-06-010: Mozilla Firefox CSS Letter-Spacing Heap Overflow Vulnerability
2006-04-15 00:00:00
mozilla
mozilla
Crashes with evidence of memory corruption (rv:1.8) — Mozilla
2006-04-13 00:00:00
Cross-site scripting using .valueOf.call() — Mozilla
2006-04-13 00:00:00
JavaScript garbage-collection hazard audit — Mozilla
2006-04-13 00:00:00
cert
cert
Mozilla crypto.generateCRMFRequest() vulnerability
2006-04-17 00:00:00
Mozilla products JavaScript engine fail to properly handle garbage-collection
2006-04-17 00:00:00
Mozilla XBL binding vulnerability
2006-04-17 00:00:00
cve
cve
CVE-2006-1731
2006-04-14 10:02:00
CVE-2006-1727
2006-04-14 10:02:00
CVE-2005-4134
2005-12-09 15:03:00
debiancve
debiancve
CVE-2005-4134
2005-12-09 15:03:00
CVE-2006-1742
2006-04-14 10:02:00
CVE-2006-1727
2006-04-14 10:02:00
kaspersky
kaspersky
KLA10231 DoS vulnerability in browser
2005-12-09 00:00:00
ubuntucve
ubuntucve
CVE-2006-1731
2006-04-14 00:00:00
CVE-2005-4134
2005-12-09 00:00:00
CVE-2006-1742
2006-04-14 00:00:00
prion
prion
Memory corruption
2006-04-14 10:02:00
Code injection
2006-04-14 10:02:00
Design/Logic Flaw
2006-04-14 10:02:00
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox Javascript XBL Compilation Code Execution - Ver2 (CVE-2006-1733)
2014-02-03 00:00:00
Mozilla Firefox CSS letter-spacing Heap Overflow - Ver2 (CVE-2006-1730)
2014-03-31 00:00:00
Mozilla Firefox CSS Border Width Memory Corruption - Ver2 (CVE-2006-1739)
2014-01-07 00:00:00
zdi
zdi
Mozilla Firefox Table Rebuilding Code Execution Vulnerability
2006-04-25 00:00:00
Mozilla Firefox CSS Letter-Spacing Heap Overflow Vulnerability
2006-04-17 00:00:00
JSON
Related for MOZILLA_FIREFOX_108.NASL
ubuntu3gentoo3openvas16nessus42osv3debian8suse3redhat5centos7freebsd1securityvulns3mozilla15cert8cve18debiancve17kaspersky1ubuntucve18prion18checkpoint_advisories8zdi2