Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.MOZILLA_FIREFOX_369.NASL
HistorySep 08, 2010 - 12:00 a.m.

Firefox 3.6 < 3.6.9 Multiple Vulnerabilities

2010-09-0800:00:00
This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
www.tenable.com
8
JSON

The installed version of Firefox 3.6 is earlier than 3.6.9. Such versions are potentially affected by the following security issues :

  • The pseudo-random number generator is only seeded once per browsing session and ‘Math.random()’ may be used to recover the seed value allowing the browser instance to be tracked across different websites. This was originally covered by MFSA 2010-33, but was reportedly fixed incorrectly until version 3.6.9. (CVE-2010-3171)

  • Multiple memory safety bugs could lead to memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-49)

  • An integer overflow vulnerability in HTML frameset element implementation could lead to arbitrary code execution.
    (MFSA 2010-50)

  • A dangling pointer vulnerability in ‘navigator.plugins’ could lead to arbitrary code execution. (MFSA 2010-51)

  • It is possible to perform DLL hijacking attacks via dwmapi.dll. (MFSA 2010-52)

  • A heap overflow vulnerability in function ‘nsTextFrameUtils::TransformText’ could result in arbitrary code execution on the remote system.
    (MFSA 2010-53)

  • A dangling pointer vulnerability reported in MFSA 2010-40 was incorrectly fixed. (MFSA 2010-54)

  • By manipulating XUL <tree> objects it may be possible to crash the browser or run arbitrary code on the remote system. (MFSA 2010-55)

  • A dangling pointer vulnerability affects XUL <tree>'s content view implementation, which could allow arbitrary code execution on the remote system. (MFSA 2010-56)

  • Code used to normalize a document could lead to a crash or arbitrary code execution on the remote system.
    (MFSA 2010-57)

  • A specially crafted font could trigger memory corruption on Mac systems, potentially resulting in arbitrary code execution on the remote system. (MFSA 2010-58)

  • It may be possible to run arbitrary JavaScript with chrome privileges via wrapper class XPCSafeJSObjectWrapper (SJOW). (MFSA 2010-59)

  • The ‘type’ attribute of an <object> tag could override charset of a framed HTML document, which could allow an attacker to inject and execute UTF-7 encoded JavaScript code into a website. (MFSA 2010-61)

  • Copy-and-paste or drag-and-drop of an HTML selection containing JavaScript into a designMode document could trigger a cross-site scripting vulnerability. (MFSA 2010-62)

  • It is possible to read sensitive information via ‘statusText’ property of an XMLHttpRequest object.
    (MFSA 2010-63)

#
# (C) Tenable Network Security, Inc.
#

if (NASL_LEVEL < 3000) exit(1, "The plugin description is longer than 3191 characters.");

include("compat.inc");

if (description)
{
  script_id(49146);
  script_version("1.24");
  script_cvs_date("Date: 2018/07/16 14:09:14");
  script_cve_id(
    "CVE-2008-5913",
    "CVE-2010-2760",
    "CVE-2010-2762",
    "CVE-2010-2764",
    "CVE-2010-2765",
    "CVE-2010-2766",
    "CVE-2010-2767",
    "CVE-2010-2768",
    "CVE-2010-2769",
    "CVE-2010-2770",
    "CVE-2010-3131",
    "CVE-2010-3166",
    "CVE-2010-3167",
    "CVE-2010-3168",
    "CVE-2010-3169",
    "CVE-2010-3171"
  );
  script_bugtraq_id(
    42654,
    43091,
    43092,
    43093,
    43095,
    43096,
    43097,
    43100,
    43101,
    43102,
    43104,
    43106,
    43108,
    43118,
    43222
  );
  script_xref(name:"Secunia", value:"41297");

  script_name(english:"Firefox 3.6 < 3.6.9 Multiple Vulnerabilities");
  script_summary(english:"Checks version of Firefox");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a web browser that is affected by 
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The installed version of Firefox 3.6 is earlier than 3.6.9.  Such
versions are potentially affected by the following security issues :

  - The pseudo-random number generator is only seeded once
    per browsing session and 'Math.random()' may be used to
    recover the seed value allowing the browser instance
    to be tracked across different websites.  This was
    originally covered by MFSA 2010-33, but was reportedly
    fixed incorrectly until version 3.6.9. (CVE-2010-3171)

  - Multiple memory safety bugs could lead to memory
    corruption, potentially resulting in arbitrary
    code execution. (MFSA 2010-49)

  - An integer overflow vulnerability in HTML frameset element
    implementation could lead to arbitrary code execution.
    (MFSA 2010-50)

  - A dangling pointer vulnerability in 'navigator.plugins'
    could lead to arbitrary code execution. (MFSA 2010-51)

  - It is possible to perform DLL hijacking attacks via
    dwmapi.dll. (MFSA 2010-52)

  - A heap overflow vulnerability in function
    'nsTextFrameUtils::TransformText' could result in
    arbitrary code execution on the remote system.
    (MFSA 2010-53)

  - A dangling pointer vulnerability reported in
    MFSA 2010-40 was incorrectly fixed. (MFSA 2010-54)

  - By manipulating XUL <tree> objects it may be possible
    to crash the browser or run arbitrary code on the
    remote system. (MFSA 2010-55)

  - A dangling pointer vulnerability affects XUL <tree>'s
    content view implementation, which could allow arbitrary
    code execution on the remote system. (MFSA 2010-56)

  - Code used to normalize a document could lead to a crash
    or arbitrary code execution on the remote system.
    (MFSA 2010-57)

  - A specially crafted font could trigger memory corruption
    on Mac systems, potentially resulting in arbitrary code
    execution on the remote system. (MFSA 2010-58)

  - It may be possible to run arbitrary JavaScript with
    chrome privileges via wrapper class XPCSafeJSObjectWrapper
    (SJOW). (MFSA 2010-59)

  - The 'type' attribute of an <object> tag could override
    charset of a framed HTML document, which could allow
    an attacker to inject and execute UTF-7 encoded
    JavaScript code into a website. (MFSA 2010-61)

  - Copy-and-paste or drag-and-drop of an HTML selection
    containing JavaScript into a designMode document
    could trigger a cross-site scripting vulnerability. 
    (MFSA 2010-62)

  - It is possible to read sensitive information via
    'statusText' property of an XMLHttpRequest object.
    (MFSA 2010-63)");

  # https://web.archive.org/web/20120418081101/http://www.trusteer.com/sites/default/files/Cross_domain_Math_Random_leakage_in_FF_3.6.4-3.6.8.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4f8f3492");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-49/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-50/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-51/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-52/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-53/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-54/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-55/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-56/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-57/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-58/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-59/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-61/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-62/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-63/");
  # http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.9
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cc3818ca");
   
  script_set_attribute(attribute:"solution", value:"Upgrade to Firefox 3.6.9 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"vuln_publication_date", value:"2010/09/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/09/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/08");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");
  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("Mozilla/Firefox/Version");
  exit(0);
}

include("mozilla_version.inc");
port = get_kb_item_or_exit("SMB/transport"); 

installs = get_kb_list("SMB/Mozilla/Firefox/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");

mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'3.6.9', min:'3.6', severity:SECURITY_HOLE);
VendorProductVersionCPE
mozillafirefoxcpe:/a:mozilla:firefox

References

Related

nessus 48
openvas 57
ubuntu 4
freebsd 1
centos 3
securityvulns 13
redhat 3
oraclelinux 3
fedora 7
suse 2
debian 5
osv 1
prion 12
mozilla 10
ubuntucve 8
cve 11
veracode 9
zdi 2
nessus
nessus
Mozilla Thunderbird 3.1 < 3.1.3 Multiple Vulnerabilities
2010-09-08 00:00:00
Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64
2012-08-01 00:00:00
Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 regression (USN-975-2)
2010-09-17 00:00:00
openvas
openvas
RedHat Update for firefox RHSA-2010:0681-01
2010-09-10 00:00:00
FreeBSD Ports: firefox
2010-10-10 00:00:00
Ubuntu: Security Advisory (USN-975-1)
2010-09-10 00:00:00
ubuntu
ubuntu
Firefox and Xulrunner vulnerabilities
2010-09-08 00:00:00
Firefox and Xulrunner regression
2010-09-16 00:00:00
Thunderbird regression
2010-09-16 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2010-09-07 00:00:00
centos
centos
firefox, nspr, nss, xulrunner security update
2010-09-08 22:50:48
thunderbird security update
2010-09-08 22:58:38
seamonkey security update
2010-09-08 21:19:58
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / SeaMonkey multiple security vulnerabilities
2010-09-16 00:00:00
Mozilla Foundation Security Advisory 2010-55
2010-09-10 00:00:00
Mozilla Foundation Security Advisory 2010-33
2010-06-25 00:00:00
redhat
redhat
(RHSA-2010:0681) Critical: firefox security update
2010-09-07 00:00:00
(RHSA-2010:0682) Moderate: thunderbird security update
2010-09-07 00:00:00
(RHSA-2010:0680) Critical: seamonkey security update
2010-09-07 00:00:00
oraclelinux
oraclelinux
firefox security update
2010-09-08 00:00:00
thunderbird security update
2010-09-08 00:00:00
seamonkey security update
2010-09-08 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: mozvoikko-1.0-12.fc12
2010-09-09 01:23:44
[SECURITY] Fedora 12 Update: gnome-web-photo-0.9-9.fc12
2010-09-09 01:23:44
[SECURITY] Fedora 12 Update: xulrunner-1.9.1.12-1.fc12
2010-09-09 01:23:44
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey
2010-10-12 16:13:47
remote code execution in MozillaFirefox,seamonkey,MozillaThunderbird
2010-11-08 11:27:17
debian
debian
BSA-002 Security Update for iceweasel
2010-09-29 06:47:29
BSA-002 Security Update for iceweasel
2010-09-29 06:47:13
[SECURITY] [DSA-2106-2] New xulrunner packages fix regression
2010-09-19 19:35:13
osv
osv
xulrunner - several vulnerabilities
2010-09-08 00:00:00
prion
prion
Code injection
2010-09-15 20:00:00
Sql injection
2010-11-22 13:00:00
Memory corruption
2010-09-09 19:00:00
mozilla
mozilla
User tracking across sites using Math.random() — Mozilla
2010-06-22 00:00:00
Crash on Mac using fuzzed font in data: URL — Mozilla
2010-09-07 00:00:00
Windows XP DLL loading vulnerability — Mozilla
2010-09-07 00:00:00
ubuntucve
ubuntucve
CVE-2010-3171
2010-09-15 00:00:00
CVE-2010-3804
2010-11-22 00:00:00
CVE-2010-2768
2010-09-07 00:00:00
cve
cve
CVE-2010-3171
2010-09-15 20:00:00
CVE-2010-3804
2010-11-22 13:00:00
CVE-2008-5913
2009-01-20 16:30:00
veracode
veracode
Insecure Randomness
2020-04-10 00:43:41
Information Disclosure
2020-04-10 00:48:09
Arbitrary Code Execution
2020-04-10 00:48:18
zdi
zdi
Mozilla Firefox tree Object Removal Remote Code Execution Vulnerability
2010-09-13 00:00:00
Mozilla Firefox normalizeDocument Remote Code Execution Vulnerability
2010-09-13 00:00:00
JSON
Related for MOZILLA_FIREFOX_369.NASL
nessus48openvas57ubuntu4freebsd1centos3securityvulns13redhat3oraclelinux3fedora7suse2debian5osv1prion12mozilla10ubuntucve8cve11veracode9zdi2