Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MOZILLA_FIREFOX_30.NASL
HistoryJun 11, 2014 - 12:00 a.m.

Firefox < 30.0 Multiple Vulnerabilities

2014-06-1100:00:00
This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

The version of Firefox installed on the remote host is a version prior to 30.0 and is, therefore, affected by the following vulnerabilities :

  • Memory issues exist that could lead to arbitrary code execution. Note that these issues only affect Firefox 29. (CVE-2014-1533, CVE-2014-1534)

  • An out-of-bounds read issue exists in ‘PropertyProvider::FindJustificationRange’.
    (CVE-2014-1536)

  • Use-after-free memory issues exist in ‘mozilla::dom::workers::WorkerPrivateParent’, ‘nsTextEditRules::CreateMozBR’, and the SMIL Animation Controller that could lead to code execution.
    (CVE-2014-1537, CVE-2014-1538, CVE-2014-1541)

  • A use-after-free memory issue exists in the event listener manager. Note that this issue only affects Firefox 29. (CVE-2014-1540)

  • A buffer overflow issue exists in the Speex resampler for Web Audio that could lead to code execution.
    (CVE-2014-1542)

  • A buffer overflow issue exists in the Gamepad API that could lead to code execution. Note that this issue only affects Firefox 29 on Windows 8 when a physical or virtual gamepad is attached. (CVE-2014-1543)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(74440);
  script_version("1.4");
  script_cvs_date("Date: 2019/11/26");

  script_cve_id(
    "CVE-2014-1533",
    "CVE-2014-1534",
    "CVE-2014-1536",
    "CVE-2014-1537",
    "CVE-2014-1538",
    "CVE-2014-1540",
    "CVE-2014-1541",
    "CVE-2014-1542",
    "CVE-2014-1543"
  );
  script_bugtraq_id(
    67964,
    67965,
    67966,
    67968,
    67969,
    67971,
    67976,
    67978,
    67979
  );

  script_name(english:"Firefox < 30.0 Multiple Vulnerabilities");
  script_summary(english:"Checks version of Firefox.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Firefox installed on the remote host is a version prior
to 30.0 and is, therefore, affected by the following vulnerabilities :

  - Memory issues exist that could lead to arbitrary code
    execution. Note that these issues only affect Firefox
    29. (CVE-2014-1533, CVE-2014-1534)

  - An out-of-bounds read issue exists in
    'PropertyProvider::FindJustificationRange'.
    (CVE-2014-1536)

  - Use-after-free memory issues exist in
    'mozilla::dom::workers::WorkerPrivateParent',
    'nsTextEditRules::CreateMozBR', and the SMIL Animation
    Controller that could lead to code execution.
    (CVE-2014-1537, CVE-2014-1538, CVE-2014-1541)

  - A use-after-free memory issue exists in the event
    listener manager. Note that this issue only affects
    Firefox 29. (CVE-2014-1540)

  - A buffer overflow issue exists in the Speex resampler
    for Web Audio that could lead to code execution.
    (CVE-2014-1542)

  - A buffer overflow issue exists in the Gamepad API that
    could lead to code execution. Note that this issue
    only affects Firefox 29 on Windows 8 when a physical or
    virtual gamepad is attached. (CVE-2014-1543)");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-48.html");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-49.html");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-51.html");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-52.html");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-53.html");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-54.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Firefox 30.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-1541");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("Mozilla/Firefox/Version");

  exit(0);
}

include("mozilla_version.inc");

port = get_kb_item("SMB/transport");
if (!port) port = 445;

installs = get_kb_list("SMB/Mozilla/Firefox/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");

mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'30.0', severity:SECURITY_HOLE, xss:FALSE);
VendorProductVersionCPE
mozillafirefoxcpe:/a:mozilla:firefox

References

Related

nessus 27
openvas 26
ubuntu 2
freebsd 1
securityvulns 2
suse 6
oraclelinux 2
centos 2
mozilla 6
veracode 3
mageia 2
redhat 2
osv 2
debian 2
prion 9
cve 9
ubuntucve 9
ibm 2
gentoo 1
nessus
nessus
SeaMonkey < 2.26.1 Multiple Vulnerabilities
2014-08-20 00:00:00
Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2243-1)
2014-06-12 00:00:00
Mozilla Firefox < 30.0 Multiple Vulnerabilities
2014-06-10 00:00:00
openvas
openvas
Mozilla Firefox Multiple Vulnerabilities-01 July14 (Windows)
2014-07-01 00:00:00
Ubuntu Update for firefox USN-2243-1
2014-06-17 00:00:00
Mozilla Firefox Multiple Vulnerabilities-01 July14 (Mac OS X)
2014-07-01 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2014-06-11 00:00:00
Thunderbird vulnerabilities
2014-06-19 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2014-06-10 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2014-06-13 00:00:00
ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities
2015-02-02 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2014-06-21 01:04:47
Security update for MozillaFirefox (important)
2014-06-25 00:04:17
Security update for Mozilla Firefox (important)
2014-07-17 02:04:25
oraclelinux
oraclelinux
thunderbird security update
2014-06-10 00:00:00
firefox security update
2014-06-10 00:00:00
centos
centos
thunderbird security update
2014-06-11 10:54:29
firefox security update
2014-06-11 10:49:01
mozilla
mozilla
Use-after-free and out of bounds issues found using Address Sanitizer — Mozilla
2014-06-10 00:00:00
Miscellaneous memory safety hazards (rv:30.0 / rv:24.6) — Mozilla
2014-06-10 00:00:00
Buffer overflow in Web Audio Speex resampler — Mozilla
2014-06-10 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:58:34
Use-After-Free
2019-05-02 04:58:34
Remote Code Execution (RCE)
2019-01-15 08:53:46
mageia
mageia
Updated firefox & thunderbird packages fix multiple security vulnerabilities
2014-06-11 21:13:59
Updated iceape package fixes security vulnerabilities
2014-10-23 17:27:57
redhat
redhat
(RHSA-2014:0741) Critical: firefox security update
2014-06-10 00:00:00
(RHSA-2014:0742) Important: thunderbird security update
2014-06-10 00:00:00
osv
osv
iceweasel - security update
2014-06-11 00:00:00
icedove - security update
2014-06-16 00:00:00
debian
debian
[SECURITY] [DSA 2955-1] iceweasel security update
2014-06-11 14:33:41
[SECURITY] [DSA 2960-1] icedove security update
2014-06-16 17:13:24
prion
prion
Buffer overflow
2014-06-11 10:57:00
Design/Logic Flaw
2014-06-11 10:57:00
Memory corruption
2014-06-11 10:57:00
cve
cve
CVE-2014-1542
2014-06-11 10:57:00
CVE-2014-1536
2014-06-11 10:57:00
CVE-2014-1540
2014-06-11 10:57:00
ubuntucve
ubuntucve
CVE-2014-1543
2014-06-11 00:00:00
CVE-2014-1542
2014-06-11 00:00:00
CVE-2014-1540
2014-06-11 00:00:00
ibm
ibm
Security Bulletin: Mozilla firefox vulnerability issues on IBM SONAS (CVE-2014-1518, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532, CVE-2014-1533, CVE-2014-1538, CVE-2014-1541)
2018-06-18 00:08:33
Security Bulletin: IBM Storwize V7000 Unified security vulnerabilities related to Mozilla Firefox (CVE-2014-1518, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532, CVE-2014-1533, CVE-2014-1538, CVE-2014-1541)
2018-06-18 00:08:28
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
JSON
Related for MOZILLA_FIREFOX_30.NASL
nessus27openvas26ubuntu2freebsd1securityvulns2suse6oraclelinux2centos2mozilla6veracode3mageia2redhat2osv2debian2prion9cve9ubuntucve9ibm2gentoo1