Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.MOZILLA_FIREFOX_1505.NASL
HistoryJul 27, 2006 - 12:00 a.m.

Firefox < 1.5.0.5 Multiple Vulnerabilities

2006-07-2700:00:00
This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
www.tenable.com
25
JSON

The installed version of Firefox is affected by various security issues, some of which may lead to execution of arbitrary code on the affected host subject to the user’s privileges.

#
# (C) Tenable Network Security, Inc.
#


if (NASL_LEVEL < 3004) exit(0);



include("compat.inc");

if (description)
{
  script_id(22095);
  script_version("1.23");
 script_cvs_date("Date: 2018/07/16 14:09:14");

  script_cve_id("CVE-2006-3113", "CVE-2006-3677", "CVE-2006-3801", "CVE-2006-3802", "CVE-2006-3803",
                "CVE-2006-3805", "CVE-2006-3806", "CVE-2006-3807", "CVE-2006-3808", "CVE-2006-3809",
                "CVE-2006-3810", "CVE-2006-3811", "CVE-2006-3812");
  script_bugtraq_id(19181, 19192, 19197);
  script_xref(name:"CERT", value:"655892");

  script_name(english:"Firefox < 1.5.0.5 Multiple Vulnerabilities");
  script_summary(english:"Checks version of Firefox");

 script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.");
 script_set_attribute(attribute:"description", value:
"The installed version of Firefox is affected by various security
issues, some of which may lead to execution of arbitrary code on the
affected host subject to the user's privileges.");
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-44/");
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-45/");
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-46/");
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-47/");
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-48/");
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-50/");
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-51/");
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-52/");
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-53/");
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-54/");
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-55/");
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-56/");
 script_set_attribute(attribute:"solution", value:
"Upgrade to Firefox 1.5.0.5 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
 script_set_attribute(attribute:"metasploit_name", value:'Mozilla Suite/Firefox Navigator Object Code Execution');
 script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

 script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/27");
 script_set_attribute(attribute:"patch_publication_date", value:"2006/07/25");
 script_set_attribute(attribute:"vuln_publication_date", value:"2006/07/25");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");
  script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("Mozilla/Firefox/Version");
  exit(0);
}

include("mozilla_version.inc");
port = get_kb_item_or_exit("SMB/transport");

installs = get_kb_list("SMB/Mozilla/Firefox/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");

mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'1.5.0.5', severity:SECURITY_HOLE);
VendorProductVersionCPE
mozillafirefoxcpe:/a:mozilla:firefox

References

Related

openvas 26
ubuntu 4
gentoo 3
nessus 34
suse 1
centos 5
freebsd 1
redhat 5
debian 6
osv 3
securityvulns 4
oraclelinux 2
mozilla 12
ubuntucve 13
cve 15
cert 10
checkpoint_advisories 6
debiancve 13
saint 4
seebug 3
exploitpack 1
packetstorm 1
zdi 1
exploitdb 1
prion 2
openvas
openvas
Gentoo Security Advisory GLSA 200608-03 (Firefox)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200608-03 (Firefox)
2008-09-24 00:00:00
Ubuntu: Security Advisory (USN-327-1)
2022-08-26 00:00:00
ubuntu
ubuntu
firefox vulnerabilities
2006-07-28 00:00:00
Thunderbird vulnerabilities
2006-07-29 00:00:00
Thunderbird vulnerabilities
2006-09-22 00:00:00
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2006-08-03 00:00:00
Mozilla SeaMonkey: Multiple vulnerabilities
2006-08-03 00:00:00
Mozilla Thunderbird: Multiple vulnerabilities
2006-08-03 00:00:00
nessus
nessus
GLSA-200608-03 : Mozilla Firefox: Multiple vulnerabilities
2006-08-04 00:00:00
GLSA-200608-02 : Mozilla SeaMonkey: Multiple vulnerabilities
2006-08-04 00:00:00
openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-1981)
2007-10-17 00:00:00
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,Seamonkey
2006-08-16 15:11:18
centos
centos
seamonkey security update
2006-08-04 20:56:41
firefox security update
2006-07-29 11:51:13
devhelp, seamonkey security update
2006-08-05 15:16:05
freebsd
freebsd
mozilla -- multiple vulnerabilities
2006-07-25 00:00:00
redhat
redhat
(RHSA-2006:0608) seamonkey security update
2006-07-27 00:00:00
(RHSA-2006:0610) firefox security update
2006-07-28 00:00:00
(RHSA-2006:0609) seamonkey security update
2006-08-02 00:00:00
debian
debian
[SECURITY] [DSA 1161-1] New Mozilla Firefox packages fix several vulnerabilities
2006-08-29 17:17:51
[SECURITY] [DSA 1161-2] New Mozilla Firefox packages fix several vulnerabilities
2006-09-13 11:03:17
[SECURITY] [DSA 1160-1] New Mozilla packages fix several vulnerabilities
2006-08-29 05:26:35
osv
osv
mozilla-firefox - several vulnerabilities
2006-08-29 00:00:00
mozilla - several
2006-08-29 00:00:00
mozilla-thunderbird - several
2006-08-28 00:00:00
securityvulns
securityvulns
US-CERT Technical Cyber Security Alert TA06-208A -- Mozilla Products Contain Multiple Vulnerabilities
2006-07-28 00:00:00
[Full-disclosure] Secunia Research: Mozilla Firefox XPCOM Event Handling Memory Corruption
2006-07-27 00:00:00
Netscape/K-Meleon/Flock JavaScript navigator Vulnerability
2006-08-02 00:00:00
oraclelinux
oraclelinux
Critical firefox security update
2006-12-07 00:00:00
Critical thunderbird security update
2006-12-07 00:00:00
mozilla
mozilla
JavaScript engine vulnerabilities — Mozilla
2006-07-25 00:00:00
Code execution through deleted frame reference — Mozilla
2006-07-25 00:00:00
XSS with XPCNativeWrapper(window).Function(...) — Mozilla
2006-07-25 00:00:00
ubuntucve
ubuntucve
CVE-2006-3803
2006-07-27 00:00:00
CVE-2006-3801
2006-07-27 00:00:00
CVE-2006-3808
2006-07-27 00:00:00
cve
cve
CVE-2006-3801
2006-07-27 20:04:00
CVE-2006-3803
2006-07-27 19:04:00
CVE-2006-3809
2006-07-27 20:04:00
cert
cert
Mozilla products fail to properly handle frame references
2006-07-27 00:00:00
Mozilla products contain a race condition
2006-07-27 00:00:00
Mozilla Firefox fails to properly handle the "XPCNativeWrapper(window).Function(...)"
2006-08-01 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox Javascript Deleted Frame Reference Code Execution - Ver2 (CVE-2006-3801)
2014-03-03 00:00:00
Mozilla Firefox Javascript Engine Code Execution - Ver2 (CVE-2006-3806)
2014-12-28 00:00:00
Mozilla Firefox New Function Garbage Collection Code Execution - Ver2 (CVE-2006-3803)
2014-01-07 00:00:00
debiancve
debiancve
CVE-2006-3801
2006-07-27 20:04:00
CVE-2006-3808
2006-07-27 20:04:00
CVE-2006-3806
2006-07-27 19:04:00
saint
saint
Mozilla Firefox JavaScript Navigator object vulnerability
2006-08-14 00:00:00
Mozilla Firefox JavaScript Navigator object vulnerability
2006-08-14 00:00:00
Mozilla Firefox JavaScript Navigator object vulnerability
2006-08-14 00:00:00
seebug
seebug
Mozilla Firefox &lt;= 1.5.0.4 Javascript Navigator Object Code Execution PoC
2006-07-28 00:00:00
Mozilla Firefox Javascript Navigator Object Remote Code Execution Vulnerability
2006-10-24 00:00:00
Mozilla Firefox <= 1.5.0.4 - Javascript Navigator Object Code Execution PoC
2014-07-01 00:00:00
exploitpack
exploitpack
Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution
2006-07-28 00:00:00
packetstorm
packetstorm
Mozilla Suite/Firefox Navigator Object Code Execution
2009-10-27 00:00:00
zdi
zdi
Mozilla Firefox Javascript navigator Object Vulnerability
2006-07-26 00:00:00
exploitdb
exploitdb
Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution
2006-07-28 00:00:00
prion
prion
Design/Logic Flaw
2007-04-02 22:19:00
Design/Logic Flaw
2008-02-12 21:00:00
JSON
Related for MOZILLA_FIREFOX_1505.NASL
openvas26ubuntu4gentoo3nessus34suse1centos5freebsd1redhat5debian6osv3securityvulns4oraclelinux2mozilla12ubuntucve13cve15cert10checkpoint_advisories6debiancve13saint4seebug3exploitpack1packetstorm1zdi1exploitdb1prion2