Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2012-443.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2012:0917-1)

2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
JSON

Mozilla Thunderbird was updated to version 14.0 (bnc#771583)

  • MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous memory safety hazards

  • MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-20 12-1952 Gecko memory corruption

  • MFSA 2012-45/CVE-2012-1955 (bmo#757376) Spoofing issue with location

  • MFSA 2012-47/CVE-2012-1957 (bmo#750096) Improper filtering of JavaScript in HTML feed-view

  • MFSA 2012-48/CVE-2012-1958 (bmo#750820) use-after-free in nsGlobalWindow::PageHidden

  • MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559) Same-compartment Security Wrappers can be bypassed

  • MFSA 2012-50/CVE-2012-1960 (bmo#761014) Out of bounds read in QCMS

  • MFSA 2012-51/CVE-2012-1961 (bmo#761655) X-Frame-Options header ignored when duplicated

  • MFSA 2012-52/CVE-2012-1962 (bmo#764296) JSDependentString::undepend string conversion results in memory corruption

  • MFSA 2012-53/CVE-2012-1963 (bmo#767778) Content Security Policy 1.0 implementation errors cause data leakage

  • MFSA 2012-56/CVE-2012-1967 (bmo#758344) Code execution through javascript: URLs

  • relicensed to MPL-2.0

  • update Enigmail to 1.4.3

  • no crashreport on %arm, fixing build

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2012-443.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(74691);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2012-1948", "CVE-2012-1949", "CVE-2012-1951", "CVE-2012-1953", "CVE-2012-1954", "CVE-2012-1955", "CVE-2012-1957", "CVE-2012-1958", "CVE-2012-1959", "CVE-2012-1960", "CVE-2012-1961", "CVE-2012-1962", "CVE-2012-1963", "CVE-2012-1967");

  script_name(english:"openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2012:0917-1)");
  script_summary(english:"Check for the openSUSE-2012-443 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Mozilla Thunderbird was updated to version 14.0 (bnc#771583)

  - MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous
    memory safety hazards

  - MFSA
    2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-20
    12-1952 Gecko memory corruption

  - MFSA 2012-45/CVE-2012-1955 (bmo#757376) Spoofing issue
    with location

  - MFSA 2012-47/CVE-2012-1957 (bmo#750096) Improper
    filtering of JavaScript in HTML feed-view

  - MFSA 2012-48/CVE-2012-1958 (bmo#750820) use-after-free
    in nsGlobalWindow::PageHidden

  - MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559)
    Same-compartment Security Wrappers can be bypassed

  - MFSA 2012-50/CVE-2012-1960 (bmo#761014) Out of bounds
    read in QCMS

  - MFSA 2012-51/CVE-2012-1961 (bmo#761655) X-Frame-Options
    header ignored when duplicated

  - MFSA 2012-52/CVE-2012-1962 (bmo#764296)
    JSDependentString::undepend string conversion results in
    memory corruption

  - MFSA 2012-53/CVE-2012-1963 (bmo#767778) Content Security
    Policy 1.0 implementation errors cause data leakage

  - MFSA 2012-56/CVE-2012-1967 (bmo#758344) Code execution
    through javascript: URLs

  - relicensed to MPL-2.0

  - update Enigmail to 1.4.3

  - no crashreport on %arm, fixing build"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=771583"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2012-07/msg00050.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected MozillaThunderbird packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/07/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-14.0-33.26.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-buildsymbols-14.0-33.26.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-debuginfo-14.0-33.26.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-debugsource-14.0-33.26.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-devel-14.0-33.26.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-devel-debuginfo-14.0-33.26.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-translations-common-14.0-33.26.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-translations-other-14.0-33.26.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"enigmail-1.4.3+14.0-33.26.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"enigmail-debuginfo-1.4.3+14.0-33.26.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"MozillaThunderbird-14.0-33.26.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"MozillaThunderbird-buildsymbols-14.0-33.26.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"MozillaThunderbird-debuginfo-14.0-33.26.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"MozillaThunderbird-debugsource-14.0-33.26.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"MozillaThunderbird-devel-14.0-33.26.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"MozillaThunderbird-devel-debuginfo-14.0-33.26.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"MozillaThunderbird-translations-common-14.0-33.26.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"MozillaThunderbird-translations-other-14.0-33.26.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"enigmail-1.4.3+14.0-33.26.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"enigmail-debuginfo-1.4.3+14.0-33.26.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaThunderbird");
}
VendorProductVersionCPE
novellopensusemozillathunderbirdp-cpe:/a:novell:opensuse:mozillathunderbird
novellopensusemozillathunderbird-buildsymbolsp-cpe:/a:novell:opensuse:mozillathunderbird-buildsymbols
novellopensusemozillathunderbird-debuginfop-cpe:/a:novell:opensuse:mozillathunderbird-debuginfo
novellopensusemozillathunderbird-debugsourcep-cpe:/a:novell:opensuse:mozillathunderbird-debugsource
novellopensusemozillathunderbird-develp-cpe:/a:novell:opensuse:mozillathunderbird-devel
novellopensusemozillathunderbird-devel-debuginfop-cpe:/a:novell:opensuse:mozillathunderbird-devel-debuginfo
novellopensusemozillathunderbird-translations-commonp-cpe:/a:novell:opensuse:mozillathunderbird-translations-common
novellopensusemozillathunderbird-translations-otherp-cpe:/a:novell:opensuse:mozillathunderbird-translations-other
novellopensuseenigmailp-cpe:/a:novell:opensuse:enigmail
novellopensuseenigmail-debuginfop-cpe:/a:novell:opensuse:enigmail-debuginfo
Rows per page:
1-10 of 111

References

Related

suse 7
nessus 38
openvas 63
ubuntu 3
oraclelinux 2
redhat 2
centos 2
freebsd 1
veracode 17
securityvulns 1
debian 3
osv 3
mozilla 11
ubuntucve 14
prion 14
cve 14
gentoo 1
suse
suse
MozillaThunderbird: update to Thunderbird 14.0 (important)
2012-07-27 13:08:18
seamonkey: Update to Seamonkey 2.11 (important)
2012-08-01 18:08:34
xulrunner to 14.0.1 (critical)
2012-07-30 17:08:56
nessus
nessus
Mozilla Thunderbird < 14.0 Multiple Vulnerabilities
2012-07-23 00:00:00
openSUSE Security Update : seamonkey (openSUSE-SU-2012:0935-1)
2014-06-13 00:00:00
Mozilla Thunderbird 13.x < 13 Multiple Vulnerabilities
2012-07-23 00:00:00
openvas
openvas
openSUSE: Security Advisory for seamonkey (openSUSE-SU-2012:0935-1)
2012-12-13 00:00:00
Ubuntu: Security Advisory (USN-1510-1)
2012-07-19 00:00:00
SuSE Update for seamonkey openSUSE-SU-2012:0935-1 (seamonkey)
2012-12-13 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2012-07-17 00:00:00
Firefox vulnerabilities
2012-07-17 00:00:00
ubufox update
2012-07-18 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2012-07-17 00:00:00
firefox security update
2012-07-17 00:00:00
redhat
redhat
(RHSA-2012:1089) Critical: thunderbird security update
2012-07-17 00:00:00
(RHSA-2012:1088) Critical: firefox security update
2012-07-17 00:00:00
centos
centos
thunderbird security update
2012-07-17 21:25:02
firefox, xulrunner security update
2012-07-17 20:41:16
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-07-17 00:00:00
veracode
veracode
Spoofing Vulnerability
2019-05-02 04:42:26
Cross Site Scripting (XSS)
2019-05-02 04:42:29
Cross Site Scripting (XSS)
2019-05-02 04:42:26
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-08-13 00:00:00
debian
debian
[SECURITY] [DSA 2513-1] iceape security update
2012-07-17 19:55:29
[SECURITY] [DSA 2528-1] icedove security update
2012-08-14 19:26:56
[SECURITY] [DSA 2514-1] iceweasel security update
2012-07-17 20:04:25
osv
osv
iceape - several vulnerabilities
2012-07-17 00:00:00
icedove - several
2012-08-14 00:00:00
iceweasel - several vulnerabilities
2012-07-17 00:00:00
mozilla
mozilla
Gecko memory corruption — Mozilla
2012-07-17 00:00:00
Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6) — Mozilla
2012-07-17 00:00:00
Content Security Policy 1.0 implementation errors cause data leakage — Mozilla
2012-07-17 00:00:00
ubuntucve
ubuntucve
CVE-2012-1963
2012-07-17 00:00:00
CVE-2012-1951
2012-07-17 00:00:00
CVE-2012-1949
2012-07-17 00:00:00
prion
prion
Heap overflow
2012-07-18 10:26:00
Design/Logic Flaw
2012-07-18 10:26:00
Design/Logic Flaw
2012-07-18 10:26:00
cve
cve
CVE-2012-1951
2012-07-18 10:26:00
CVE-2012-1963
2012-07-18 10:26:00
CVE-2012-1948
2012-07-18 10:26:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
JSON
Related for OPENSUSE-2012-443.NASL
suse7nessus38openvas63ubuntu3oraclelinux2redhat2centos2freebsd1veracode17securityvulns1debian3osv3mozilla11ubuntucve14prion14cve14gentoo1