Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.MOZILLA_FIREFOX_307.NASL
HistoryMar 05, 2009 - 12:00 a.m.

Firefox 3.0.x < 3.0.7 Multiple Vulnerabilities

2009-03-0500:00:00
This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
www.tenable.com
78
JSON

The installed version of Firefox 3.0.x is earlier than 3.0.7. Such versions are potentially affected by the following security issues :

  • By exploiting stability bugs in the browser engine, it might be possible for an attacker to execute arbitrary code on the remote system under certain conditions. (MFSA 2009-07)

  • A vulnerability in Mozilla’s garbage collection process could be exploited to run arbitrary code on the remote system. (MFSA 2009-08)

  • It may be possible for a website to read arbitrary XML data from another domain by using nsIRDFService and a cross-domain redirect. (MFSA 2009-09)

  • Vulnerabilities in the PNG libraries used by Mozilla could be exploited to execute arbitrary code on the remote system. (MFSA 2009-10)

  • Certain invisible characters are decoded before being displayed on the location bar. An attacker may be able to exploit this flaw to spoof the location bar and display a link to a malicious URL. (MFSA 2009-11)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(35778);
  script_version("1.18");

  script_cve_id(
    "CVE-2009-0040",
    "CVE-2009-0771",
    "CVE-2009-0772",
    "CVE-2009-0773",
    "CVE-2009-0774",
    "CVE-2009-0775",
    "CVE-2009-0776",
    "CVE-2009-0777"
  );
  script_bugtraq_id(33990);

  script_name(english:"Firefox 3.0.x < 3.0.7 Multiple Vulnerabilities");
  script_summary(english:"Checks version of Firefox");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a web browser that is affected by
multiple vulnerabilities." );
  script_set_attribute(attribute:"description", value:
"The installed version of Firefox 3.0.x is earlier than 3.0.7. Such 
versions are potentially affected by the following security  issues :

  - By exploiting stability bugs in the browser engine, it 
    might be possible for an attacker to execute arbitrary 
    code on the remote system under certain conditions. 
    (MFSA 2009-07)

  - A vulnerability in Mozilla's garbage collection process
    could be exploited to run arbitrary code on the remote
    system. (MFSA 2009-08)

  - It may be possible for a website to read arbitrary XML
    data from another domain by using nsIRDFService and a 
    cross-domain redirect. (MFSA 2009-09)

  - Vulnerabilities in the PNG libraries used by Mozilla
    could be exploited to execute arbitrary code on the 
    remote system. (MFSA 2009-10)

  - Certain invisible characters are decoded before being
    displayed on the location bar. An attacker may be able
    to exploit this flaw to spoof the location bar and 
    display a link to a malicious URL. (MFSA 2009-11)" );
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-07/" );
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-08/" );
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-09/" );
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-10/" );
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-11/" );
  script_set_attribute(attribute:"solution", value:
"Upgrade to Firefox 3.0.7 or later." );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 94, 200, 399);
  script_set_attribute(attribute:"plugin_publication_date", value: "2009/03/05");
  script_set_attribute(attribute:"patch_publication_date", value: "2009/03/04");
 script_cvs_date("Date: 2018/07/16 14:09:14");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
  script_end_attributes();
 
  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");
  script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("Mozilla/Firefox/Version");
  exit(0);
}


include("mozilla_version.inc");
port = get_kb_item_or_exit("SMB/transport"); 

installs = get_kb_list("SMB/Mozilla/Firefox/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");

mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'3.0.7', min:'3.0', severity:SECURITY_HOLE);
VendorProductVersionCPE
mozillafirefoxcpe:/a:mozilla:firefox

Related

nessus 41
openvas 86
suse 2
ubuntu 4
oraclelinux 3
centos 4
fedora 43
redhat 3
osv 2
debian 2
securityvulns 2
mozilla 1
prion 1
ubuntucve 1
cve 1
f5 1
cert 1
veracode 1
nessus
nessus
Oracle Linux 4 / 5 : firefox (ELSA-2009-0315)
2013-07-12 00:00:00
RHEL 4 / 5 : firefox (RHSA-2009:0315)
2009-03-05 00:00:00
SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 656)
2009-09-24 00:00:00
openvas
openvas
SLES11: Security update for MozillaFirefox
2009-10-11 00:00:00
Ubuntu USN-728-1 (xulrunner-1.9)
2009-03-07 00:00:00
SUSE: Security Advisory for MozillaFirefox (SUSE-SA:2009:012)
2009-03-20 00:00:00
suse
suse
remote code execution in MozillaFirefox
2009-03-16 14:15:07
remote code execution in MozillaFirefox
2009-04-20 12:01:40
ubuntu
ubuntu
Firefox and Xulrunner vulnerabilities
2009-03-05 00:00:00
Firefox vulnerabilities
2009-03-06 00:00:00
Firefox vulnerabilities
2009-03-06 00:00:00
oraclelinux
oraclelinux
firefox security update
2009-03-05 00:00:00
seamonkey security update
2009-03-05 00:00:00
thunderbird security update
2009-03-24 00:00:00
centos
centos
firefox, xulrunner security update
2009-03-06 22:05:42
seamonkey security update
2009-03-05 13:43:36
seamonkey security update
2009-03-11 03:59:33
fedora
fedora
[SECURITY] Fedora 10 Update: blam-1.8.5-7.fc10
2009-03-08 19:37:29
[SECURITY] Fedora 9 Update: mozvoikko-0.9.5-7.fc9
2009-03-08 19:36:13
[SECURITY] Fedora 10 Update: epiphany-2.24.3-3.fc10
2009-03-08 19:37:29
redhat
redhat
(RHSA-2009:0315) Critical: firefox security update
2009-03-04 00:00:00
(RHSA-2009:0325) Critical: seamonkey security update
2009-03-04 00:00:00
(RHSA-2009:0258) Moderate: thunderbird security update
2009-03-24 00:00:00
osv
osv
xulrunner - several vulnerabilities
2009-03-22 00:00:00
icedove - several vulnerabilities
2009-07-12 00:00:00
debian
debian
[SECURITY] [DSA 1751-1] New xulrunner packages fix several vulnerabilities
2009-03-22 21:30:20
[SECURITY] [DSA 1830-1] New icedove packages fix several vulnerabilities
2009-07-12 11:21:02
securityvulns
securityvulns
Mozilla Firefox / Seamonkey / Thunderbird multiple security vulnerabilities
2009-04-01 00:00:00
Mozilla Foundation Security Advisory 2009-07
2009-03-06 00:00:00
mozilla
mozilla
Crashes with evidence of memory corruption (rv:1.9.0.7) — Mozilla
2009-03-04 00:00:00
prion
prion
Design/Logic Flaw
2009-03-05 02:30:00
ubuntucve
ubuntucve
CVE-2009-0774
2009-03-04 00:00:00
cve
cve
CVE-2009-0774
2009-03-05 02:30:00
f5
f5
K9988 : libpng vulnerability CVE-2009-0040
2013-03-27 00:00:00
cert
cert
libpng fails to properly initialize element pointers
2009-03-02 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:30:13
JSON
Related for MOZILLA_FIREFOX_307.NASL
nessus41openvas86suse2ubuntu4oraclelinux3centos4fedora43redhat3osv2debian2securityvulns2mozilla1prion1ubuntucve1cve1f51cert1veracode1