Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MOZILLA_FIREFOX_1709_ESR.NASL
HistorySep 19, 2013 - 12:00 a.m.

Firefox ESR 17.x < 17.0.9 Multiple Vulnerabilities

2013-09-1900:00:00
This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.174 Low

EPSS

Percentile

96.1%

JSON

The installed version of Firefox ESR 17.x is earlier than 17.0.9, and is, therefore, potentially affected by the following vulnerabilities :

  • Memory issues exist in the browser engine that could allow for denial of service or arbitrary code execution.
    (CVE-2013-1718, CVE-2013-1719)

  • Multiple use-after-free problems exist that could result in denial of service attacks or arbitrary code execution. (CVE-2013-1735, CVE-2013-1736)

  • A buffer overflow is possible because of an issue with multi-column layouts. (CVE-2013-1732)

  • A JavaScript compartment mismatch could result in a denial of service or arbitrary code execution.
    Versions of Firefox 20 or greater are not susceptible to the arbitrary code execution mentioned above.
    (CVE-2013-1730)

  • Incorrect scope handling for JavaScript objects with compartments could result in denial of service or possibly arbitrary code execution. (CVE-2013-1725)

  • An object is not properly identified during use of user-defined getter methods on DOM proxies. This could result in access restrictions being bypassed.
    (CVE-2013-1737)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(69992);
  script_version("1.9");
  script_cvs_date("Date: 2019/11/27");

  script_cve_id(
    "CVE-2013-1718",
    "CVE-2013-1719",
    "CVE-2013-1725",
    "CVE-2013-1730",
    "CVE-2013-1732",
    "CVE-2013-1735",
    "CVE-2013-1736",
    "CVE-2013-1737"
  );
  script_bugtraq_id(
    62462,
    62463,
    62467,
    62469,
    62473,
    62475,
    62478,
    62479
  );

  script_name(english:"Firefox ESR 17.x < 17.0.9 Multiple Vulnerabilities");
  script_summary(english:"Checks version of Firefox");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a web browser that is potentially
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The installed version of Firefox ESR 17.x is earlier than 17.0.9, and
is, therefore, potentially affected by the following vulnerabilities :

  - Memory issues exist in the browser engine that could
    allow for denial of service or arbitrary code execution.
    (CVE-2013-1718, CVE-2013-1719)

  - Multiple use-after-free problems exist that could result
    in denial of service attacks or arbitrary code
    execution. (CVE-2013-1735, CVE-2013-1736)

  - A buffer overflow is possible because of an issue with
    multi-column layouts. (CVE-2013-1732)

  - A JavaScript compartment mismatch could result in a
    denial of service or arbitrary code execution.
    Versions of Firefox 20 or greater are not susceptible to
    the arbitrary code execution mentioned above.
    (CVE-2013-1730)

  - Incorrect scope handling for JavaScript objects with
    compartments could result in denial of service or
    possibly arbitrary code execution. (CVE-2013-1725)

  - An object is not properly identified during use of
    user-defined getter methods on DOM proxies.  This could
    result in access restrictions being bypassed.
    (CVE-2013-1737)");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-76/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-82/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-88/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-89/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-90/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-91/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Firefox 17.0.9 ESR or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1736");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/09/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/09/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox_esr");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("Mozilla/Firefox/Version");

  exit(0);
}

include("mozilla_version.inc");

port = get_kb_item("SMB/transport");
if (!port) port = 445;

installs = get_kb_list("SMB/Mozilla/Firefox/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");

mozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'17.0.9', min:'17.0', severity:SECURITY_HOLE, xss:FALSE);
VendorProductVersionCPE
mozillafirefox_esrcpe:/a:mozilla:firefox_esr

Related

nessus 35
oraclelinux 2
openvas 45
centos 2
debian 2
mageia 2
osv 2
veracode 8
redhat 2
suse 3
ubuntu 2
ibm 2
mozilla 6
securityvulns 1
freebsd 1
nvd 8
cve 8
cvelist 8
ubuntucve 8
prion 8
gentoo 1
kitploit 1
nessus
nessus
Firefox ESR 17.x < 17.0.9 Multiple Vulnerabilities (Mac OS X)
2013-09-19 00:00:00
Thunderbird ESR 17.x < 17.0.9 Multiple Vulnerabilities (Mac OS X)
2013-09-19 00:00:00
Mozilla Thunderbird ESR 17.x < 17.0.9 Multiple Vulnerabilities
2013-09-19 00:00:00
oraclelinux
oraclelinux
firefox security update
2013-09-17 00:00:00
thunderbird security update
2013-09-17 00:00:00
openvas
openvas
Debian Security Advisory DSA 2762-1 (icedove - several vulnerabilities)
2013-09-23 00:00:00
Oracle: Security Advisory (ELSA-2013-1269)
2015-10-06 00:00:00
Debian: Security Advisory (DSA-2762-1)
2013-09-22 00:00:00
centos
centos
thunderbird security update
2013-09-17 21:34:04
firefox, xulrunner security update
2013-09-17 21:32:06
debian
debian
[SECURITY] [DSA 2759-1] iceweasel security update
2013-09-18 13:39:15
[SECURITY] [DSA 2762-1] icedove security update
2013-09-23 15:41:12
mageia
mageia
Updated firefox and thunderbird packages fix security vulnerabilities
2013-09-19 13:49:58
Updated iceape packages fix many vulnerabilities
2013-11-21 00:16:49
osv
osv
iceweasel - several
2013-09-18 00:00:00
icedove - several
2013-09-23 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:52:21
Memory Corruption
2019-05-02 04:52:22
Arbitrary Code Execution
2019-05-02 04:52:21
redhat
redhat
(RHSA-2013:1268) Critical: firefox security update
2013-09-17 00:00:00
(RHSA-2013:1269) Important: thunderbird security update
2013-09-17 00:00:00
suse
suse
Security update for Mozilla Firefox (important)
2013-09-27 22:04:14
Mozilla Suite: Update to October 2013 release (important)
2013-11-07 10:04:11
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
ubuntu
ubuntu
Firefox vulnerabilities
2013-09-17 00:00:00
Thunderbird vulnerabilities
2013-09-18 00:00:00
ibm
ibm
Security Bulletin: IBM Storwize V7000 Unified V1.4.2.1 Includes Fixes for Multiple Vendor Security Vulnerabilities.
2022-09-26 04:23:14
Security Bulletin: IBM Scale Out Network Attached Storage V1.4.2.1 Includes Fixes for Multiple Vendor Security Vulnerabilities.
2022-09-26 04:23:14
mozilla
mozilla
Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9) — Mozilla
2013-09-17 00:00:00
Memory corruption involving scrolling — Mozilla
2013-09-17 00:00:00
Compartment mismatch re-attaching XBL-backed nodes — Mozilla
2013-09-17 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-10-01 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-08-17 00:00:00
nvd
nvd
CVE-2013-1736
2013-09-18 10:08:24
CVE-2013-1719
2013-09-18 10:08:24
CVE-2013-1730
2013-09-18 10:08:24
cve
cve
CVE-2013-1732
2013-09-18 10:08:24
CVE-2013-1718
2013-09-18 10:08:22
CVE-2013-1736
2013-09-18 10:08:24
cvelist
cvelist
CVE-2013-1730
2013-09-18 10:00:00
CVE-2013-1719
2013-09-18 10:00:00
CVE-2013-1736
2013-09-18 10:00:00
ubuntucve
ubuntucve
CVE-2013-1719
2013-09-18 00:00:00
CVE-2013-1736
2013-09-17 00:00:00
CVE-2013-1730
2013-09-17 00:00:00
prion
prion
Memory corruption
2013-09-18 10:08:00
Memory corruption
2013-09-18 10:08:00
Design/Logic Flaw
2013-09-18 10:08:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-09-27 00:00:00
kitploit
kitploit
Radamsa - A General-Purpose Fuzzer
2024-03-25 11:30:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.174 Low

EPSS

Percentile

96.1%

JSON
Related for MOZILLA_FIREFOX_1709_ESR.NASL
nessus35oraclelinux2openvas45centos2debian2mageia2osv2veracode8redhat2suse3ubuntu2ibm2mozilla6securityvulns1freebsd1nvd8cve8cvelist8ubuntucve8prion8gentoo1kitploit1