Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2023 and is owned by Tenable, Inc. or an Affiliate thereof.MOZILLA_FIREFOX_21.NASL
HistoryMay 16, 2013 - 12:00 a.m.

Firefox < 21.0 Multiple Vulnerabilities

2013-05-1600:00:00
This script is Copyright (C) 2013-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

The installed version of Firefox is earlier than 21.0 and is, therefore, potentially affected by the following vulnerabilities :

  • Various memory safety issues exist. (CVE-2013-0801, CVE-2013-1669)

  • It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670)

  • An information leakage exists because the file input control has access to the full path. (CVE-2013-1671)

  • A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672)

  • The Mozilla Maintenance Service on Windows is vulnerable to a previously fixed privilege escalation attack. Note that new installations of Firefox after version 12 are not affected by this issue. (CVE-2013-1673, CVE-2012-1942)

  • A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674)

  • Some β€˜DOMSVGZoomEvent’ functions are used without being properly initialized, which could lead to information disclosure. (CVE-2013-1675)

  • Multiple memory corruption issues exist. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(66480);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/25");

  script_cve_id(
    "CVE-2012-1942",
    "CVE-2013-0801",
    "CVE-2013-1669",
    "CVE-2013-1670",
    "CVE-2013-1671",
    "CVE-2013-1672",
    "CVE-2013-1673",
    "CVE-2013-1674",
    "CVE-2013-1675",
    "CVE-2013-1676",
    "CVE-2013-1677",
    "CVE-2013-1678",
    "CVE-2013-1679",
    "CVE-2013-1680",
    "CVE-2013-1681"
  );
  script_bugtraq_id(
    53803,
    59852,
    59855,
    59858,
    59859,
    59860,
    59861,
    59862,
    59863,
    59864,
    59865,
    59868,
    59869,
    59870,
    59872,
    59873
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/03/24");

  script_name(english:"Firefox < 21.0 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a web browser that is potentially
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The installed version of Firefox is earlier than 21.0 and is,
therefore, potentially affected by the following vulnerabilities :

  - Various memory safety issues exist. (CVE-2013-0801,
    CVE-2013-1669)

  - It is possible to call a content level constructor that
    allows for the constructor to have chrome privileged
    access. (CVE-2013-1670)

  - An information leakage exists because the file input
    control has access to the full path. (CVE-2013-1671)

  - A local privilege escalation issues exists in the
    Mozilla Maintenance Service. (CVE-2013-1672)

  - The Mozilla Maintenance Service on Windows is vulnerable
    to a previously fixed privilege escalation attack.  Note
    that new installations of Firefox after version 12 are
    not affected by this issue. (CVE-2013-1673,
    CVE-2012-1942)

  - A use-after-free vulnerability exists when resizing
    video while playing. (CVE-2013-1674)

  - Some 'DOMSVGZoomEvent' functions are used without being
    properly initialized, which could lead to information
    disclosure. (CVE-2013-1675)

  - Multiple memory corruption issues exist. (CVE-2013-1676,
    CVE-2013-1677, CVE-2013-1678, CVE-2013-1679,
    CVE-2013-1680, CVE-2013-1681)");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-41/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-42/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-43/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-44/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-45/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-46/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-47/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-48/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Firefox 21.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1681");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/05/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2013-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("Mozilla/Firefox/Version");

  exit(0);
}

include("mozilla_version.inc");

port = get_kb_item_or_exit("SMB/transport");

installs = get_kb_list("SMB/Mozilla/Firefox/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");

mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'21.0', severity:SECURITY_HOLE);
VendorProductVersionCPE
mozillafirefoxcpe:/a:mozilla:firefox

References

Related

securityvulns 2
nessus 40
openvas 64
freebsd 1
suse 9
ubuntu 2
veracode 10
centos 2
redhat 2
oraclelinux 2
mozilla 9
ibm 2
debian 1
prion 15
seebug 2
cve 15
ubuntucve 14
cisa_kev 1
attackerkb 1
zdt 1
packetstorm 1
metasploit 1
exploitdb 1
gentoo 1
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-07-10 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-06-13 00:00:00
nessus
nessus
Mozilla Firefox 20.x <= 20 Multiple Vulnerabilities
2013-05-16 00:00:00
Mozilla Firefox < 21.0 Multiple Vulnerabilities
2013-05-16 00:00:00
Firefox < 21.0 Multiple Vulnerabilities (Mac OS X)
2013-05-16 00:00:00
openvas
openvas
Mozilla Firefox Multiple Vulnerabilities -01 May13 (Windows)
2013-05-27 00:00:00
Mozilla Firefox Multiple Vulnerabilities -01 May13 (Mac OS X)
2013-05-27 00:00:00
Mozilla Firefox Multiple Vulnerabilities -01 (May 2013) - Windows
2013-05-27 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-05-14 00:00:00
suse
suse
MozillaFirefox: update to version 21.0 (important)
2013-06-10 18:13:40
MozillaThunderbird: update to 17.0.6 (important)
2013-06-10 17:12:08
MozillaFirefox: update to version 21.0 (important)
2013-05-24 17:06:47
ubuntu
ubuntu
Firefox vulnerabilities
2013-05-14 00:00:00
Thunderbird vulnerabilities
2013-05-14 00:00:00
veracode
veracode
Out-Of-Bounds Read
2019-05-02 04:54:42
Cross-Site Scripting (XSS)
2019-05-02 04:54:40
Use-After-Free
2019-05-02 04:54:41
centos
centos
thunderbird security update
2013-05-14 22:42:14
firefox, xulrunner security update
2013-05-14 22:39:45
redhat
redhat
(RHSA-2013:0821) Important: thunderbird security update
2013-05-14 00:00:00
(RHSA-2013:0820) Critical: firefox security update
2013-05-14 00:00:00
oraclelinux
oraclelinux
firefox security update
2013-05-14 00:00:00
thunderbird security update
2013-05-14 00:00:00
mozilla
mozilla
Memory corruption found using Address Sanitizer β€” Mozilla
2013-05-14 00:00:00
Mozilla Updater fails to update some Windows Registry entries β€” Mozilla
2013-05-14 00:00:00
Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6) β€” Mozilla
2013-05-14 00:00:00
ibm
ibm
Security Bulletin: IBM SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities.
2022-09-26 04:23:14
Security Bulletin: IBM Storwize V7000 Unified Update Includes Fixes for Multiple Vendor Security Vulnerabilities.
2022-09-26 04:23:14
debian
debian
[SECURITY] [DSA 2699-1] iceweasel security update
2013-06-02 16:37:52
prion
prion
Design/Logic Flaw
2013-05-16 11:45:00
Code injection
2012-06-05 23:55:00
Input validation
2013-05-16 11:45:00
seebug
seebug
Mozilla Firefox SeaMonkeyε’ŒThunderbirdζœ¬εœ°ζƒι™ζε‡ζΌζ΄ž
2012-06-06 00:00:00
Firefox toString console.time Privileged Javascript Injection
2014-08-20 00:00:00
cve
cve
CVE-2012-1942
2012-06-05 23:55:00
CVE-2013-1677
2013-05-16 11:45:00
CVE-2013-1673
2013-05-16 11:45:00
ubuntucve
ubuntucve
CVE-2013-1671
2013-05-14 00:00:00
CVE-2013-1673
2013-05-16 00:00:00
CVE-2013-1676
2013-05-14 00:00:00
cisa_kev
cisa_kev
Mozilla Firefox Information Disclosure Vulnerability
2022-03-03 00:00:00
attackerkb
attackerkb
CVE-2013-1675
2013-05-16 00:00:00
zdt
zdt
Firefox toString console.time Privileged Javascript Injection Exploit
2014-08-18 00:00:00
packetstorm
packetstorm
Firefox toString console.time Privileged Javascript Injection
2014-08-18 00:00:00
metasploit
metasploit
Firefox toString console.time Privileged Javascript Injection
2014-08-15 20:17:37
exploitdb
exploitdb
Mozilla Firefox - toString console.time Privileged JavaScript Injection (Metasploit)
2014-08-19 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-09-27 00:00:00
JSON
Related for MOZILLA_FIREFOX_21.NASL
securityvulns2nessus40openvas64freebsd1suse9ubuntu2veracode10centos2redhat2oraclelinux2mozilla9ibm2debian1prion15seebug2cve15ubuntucve14cisa_kev1attackerkb1zdt1packetstorm1metasploit1exploitdb1gentoo1