Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.MOZILLA_FIREFOX_90.NASL
HistoryDec 20, 2011 - 12:00 a.m.

Firefox < 9.0 Multiple Vulnerabilities

2011-12-2000:00:00
This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
www.tenable.com
13
JSON

The installed version of Firefox is earlier than 9.0 and thus, is potentially affected by the following security issues :

  • An out-of-bounds memory access error exists in the β€˜SVG’ implementation and can be triggered when β€˜SVG’ elements are removed during a β€˜DOMAttrModified’ event handler. (CVE-2011-3658)

  • Various memory safety errors exist that can lead to memory corruption and possible code execution. (CVE-2011-3660)

  • An error exists in the β€˜YARR’ regular expression library that can cause application crashes when handling certain JavaScript statements. (CVE-2011-3661)

  • It is possible to detect keystrokes using β€˜SVG’ animation β€˜accesskey’ events even when JavaScript is disabled. (CVE-2011-3663)

  • It is possible to crash the application when β€˜OGG’ β€˜video’ elements are scaled to extreme sizes. (CVE-2011-3665)

  • A use-after-free error exists related to the function β€˜nsHTMLSelectElement’ that can allow arbitrary code execution during operations such as removal of a parent node of an element. (CVE-2011-3671)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(57351);
  script_version("1.25");
  script_cvs_date("Date: 2018/11/15 20:50:27");

  script_cve_id(
    "CVE-2011-3658",
    "CVE-2011-3660",
    "CVE-2011-3661",
    "CVE-2011-3663",
    "CVE-2011-3665",
    "CVE-2011-3671"
  );
  script_bugtraq_id(
    51133,
    51134,
    51135,
    51136,
    51138,
    54080
  );
  script_xref(name:"EDB-ID", value:"18847");

  script_name(english:"Firefox < 9.0 Multiple Vulnerabilities");
  script_summary(english:"Checks version of Firefox");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a web browser that is potentially
affected by several vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The installed version of Firefox is earlier than 9.0 and thus, is 
potentially affected by the following security issues :

  - An out-of-bounds memory access error exists in the
    'SVG' implementation and can be triggered when 'SVG'
    elements are removed during a 'DOMAttrModified' event
    handler. (CVE-2011-3658)

  - Various memory safety errors exist that can lead to
    memory corruption and possible code execution. 
    (CVE-2011-3660)

  - An error exists in the 'YARR' regular expression
    library that can cause application crashes when
    handling certain JavaScript statements. (CVE-2011-3661)

  - It is possible to detect keystrokes using 'SVG'
    animation 'accesskey' events even when JavaScript is
    disabled. (CVE-2011-3663)

  - It is possible to crash the application when 'OGG'
    'video' elements are scaled to extreme sizes. 
    (CVE-2011-3665)

  - A use-after-free error exists related to the function
    'nsHTMLSelectElement' that can allow arbitrary code
    execution during operations such as removal of a
    parent node of an element. (CVE-2011-3671)"
  );
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-056/");
  script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-12-128/");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/523754/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-53/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-54/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-55/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-56/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-58/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-41/");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=739343");

  script_set_attribute(attribute:"solution", value:"Upgrade to Firefox 9 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Firefox nsSVGValue Out-of-Bounds Access Vulnerability');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/12/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("Mozilla/Firefox/Version");

  exit(0);
}

include("mozilla_version.inc");
port = get_kb_item_or_exit("SMB/transport"); 

installs = get_kb_list("SMB/Mozilla/Firefox/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");

mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'9.0', skippat:'^3\\.6\\.', severity:SECURITY_HOLE);
VendorProductVersionCPE
mozillafirefoxcpe:/a:mozilla:firefox

References

Related

nessus 19
openvas 38
ubuntu 2
freebsd 1
suse 1
securityvulns 3
cve 6
cvelist 6
mozilla 6
prion 6
ubuntucve 6
seebug 2
zdi 2
packetstorm 1
checkpoint_advisories 1
canvas 1
saint 4
gentoo 1
nessus
nessus
SeaMonkey < 2.6.0 Multiple Vulnerabilities
2011-12-20 00:00:00
Mozilla Thunderbird < 9.0 Multiple Vulnerabilities
2011-12-20 00:00:00
Ubuntu 11.04 / 11.10 : mozvoikko, ubufox update (USN-1306-2)
2012-01-09 00:00:00
openvas
openvas
Ubuntu Update for firefox USN-1306-1
2012-01-09 00:00:00
Ubuntu: Security Advisory (USN-1306-2)
2012-01-09 00:00:00
Ubuntu: Security Advisory (USN-1343-1)
2012-03-16 00:00:00
ubuntu
ubuntu
Mozvoikko and ubufox update
2012-01-06 00:00:00
Thunderbird vulnerabilities
2012-03-23 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2011-12-20 00:00:00
suse
suse
MozillaFirefox (important)
2012-02-09 19:09:53
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-01-02 00:00:00
ZDI-12-128 : Mozilla Firefox nsHTMLSelectElement Remote Code Execution Vulnerability
2012-08-13 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-08-13 00:00:00
cve
cve
CVE-2011-3663
2011-12-21 04:02:01
CVE-2011-3671
2012-06-18 19:55:01
CVE-2011-3661
2011-12-21 04:02:01
cvelist
cvelist
CVE-2011-3663
2011-12-21 02:00:00
CVE-2011-3671
2022-10-03 16:15:08
CVE-2011-3661
2011-12-21 02:00:00
mozilla
mozilla
Key detection without JavaScript via SVG animation β€” Mozilla
2011-12-20 00:00:00
Use-after-free in nsHTMLSelectElement β€” Mozilla
2012-06-18 00:00:00
Potentially exploitable crash in the YARR regular expression library β€” Mozilla
2011-12-20 00:00:00
prion
prion
Code injection
2011-12-21 04:02:00
Design/Logic Flaw
2012-06-18 19:55:00
Code injection
2011-12-21 04:02:00
ubuntucve
ubuntucve
CVE-2011-3661
2011-12-20 00:00:00
CVE-2011-3663
2011-12-20 00:00:00
CVE-2011-3671
2012-06-18 00:00:00
seebug
seebug
Mozilla Firefox/SeaMonkey SVGεŠ¨η”»ε…ƒη΄ δΏ‘ζ―ζ³„ιœ²ζΌζ΄ž
2011-12-21 00:00:00
Mozilla Firefox/Thunderbird/SeaMonkeyθΆŠη•Œε†…ε­˜η ΄εζΌζ΄ž
2011-12-21 00:00:00
zdi
zdi
Mozilla Firefox nsHTMLSelectElement Remote Code Execution Vulnerability
2012-08-03 00:00:00
Mozilla Firefox nsSVGValue Out-of-Bounds Access Remote Code Execution Vulnerability
2012-04-09 00:00:00
packetstorm
packetstorm
Mozilla Firefox 7 / 8 Out-Of-Bounds Access
2012-05-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox Thunderbird SeaMonkey nsSVGValue Memory Corruption (CVE-2011-3658)
2013-03-20 00:00:00
canvas
canvas
Immunity Canvas: FIREFOX_NSSVGVALUE
2011-12-21 04:02:00
saint
saint
Firefox DOMAttrModified nsSVGValue Observer Handling Out-of-bounds Memory Access
2012-05-21 00:00:00
Firefox DOMAttrModified nsSVGValue Observer Handling Out-of-bounds Memory Access
2012-05-21 00:00:00
Firefox DOMAttrModified nsSVGValue Observer Handling Out-of-bounds Memory Access
2012-05-21 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
JSON
Related for MOZILLA_FIREFOX_90.NASL
nessus19openvas38ubuntu2freebsd1suse1securityvulns3cve6cvelist6mozilla6prion6ubuntucve6seebug2zdi2packetstorm1checkpoint_advisories1canvas1saint4gentoo1