Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2015-92.NASL
HistoryFeb 03, 2015 - 12:00 a.m.

openSUSE Security Update : seamonkey (openSUSE-SU-2015:0192-1)

2015-02-0300:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

Mozilla seamonkey was updated to SeaMonkey 2.32 (bnc#910669)

  • MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 Miscellaneous memory safety hazards

  • MFSA 2015-02/CVE-2014-8637 (bmo#1094536) Uninitialized memory use during bitmap rendering

  • MFSA 2015-03/CVE-2014-8638 (bmo#1080987) sendBeacon requests lack an Origin header

  • MFSA 2015-04/CVE-2014-8639 (bmo#1095859) Cookie injection through Proxy Authenticate responses

  • MFSA 2015-05/CVE-2014-8640 (bmo#1100409) Read of uninitialized memory in Web Audio

  • MFSA 2015-06/CVE-2014-8641 (bmo#1108455) Read-after-free in WebRTC

  • MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only) Gecko Media Plugin sandbox escape

  • MFSA 2015-08/CVE-2014-8642 (bmo#1079658) Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension

  • MFSA 2015-09/CVE-2014-8636 (bmo#987794) XrayWrapper bypass through DOM objects

  • use GStreamer 1.0 from 13.2 on

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2015-92.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(81142);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2014-8634", "CVE-2014-8635", "CVE-2014-8636", "CVE-2014-8637", "CVE-2014-8638", "CVE-2014-8639", "CVE-2014-8640", "CVE-2014-8641", "CVE-2014-8642", "CVE-2014-8643");

  script_name(english:"openSUSE Security Update : seamonkey (openSUSE-SU-2015:0192-1)");
  script_summary(english:"Check for the openSUSE-2015-92 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Mozilla seamonkey was updated to SeaMonkey 2.32 (bnc#910669)

  - MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 Miscellaneous
    memory safety hazards

  - MFSA 2015-02/CVE-2014-8637 (bmo#1094536) Uninitialized
    memory use during bitmap rendering

  - MFSA 2015-03/CVE-2014-8638 (bmo#1080987) sendBeacon
    requests lack an Origin header

  - MFSA 2015-04/CVE-2014-8639 (bmo#1095859) Cookie
    injection through Proxy Authenticate responses

  - MFSA 2015-05/CVE-2014-8640 (bmo#1100409) Read of
    uninitialized memory in Web Audio

  - MFSA 2015-06/CVE-2014-8641 (bmo#1108455) Read-after-free
    in WebRTC

  - MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only)
    Gecko Media Plugin sandbox escape

  - MFSA 2015-08/CVE-2014-8642 (bmo#1079658) Delegated OCSP
    responder certificates failure with id-pkix-ocsp-nocheck
    extension

  - MFSA 2015-09/CVE-2014-8636 (bmo#987794) XrayWrapper
    bypass through DOM objects

  - use GStreamer 1.0 from 13.2 on"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=910669"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2015-02/msg00008.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected seamonkey packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Firefox Proxy Prototype Privileged Javascript Injection');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-irc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-other");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/01/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/03");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-2.32-44.2") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-debuginfo-2.32-44.2") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-debugsource-2.32-44.2") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-dom-inspector-2.32-44.2") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-irc-2.32-44.2") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-translations-common-2.32-44.2") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-translations-other-2.32-44.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-2.32-8.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-debuginfo-2.32-8.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-debugsource-2.32-8.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-dom-inspector-2.32-8.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-irc-2.32-8.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-translations-common-2.32-8.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-translations-other-2.32-8.2") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey / seamonkey-debuginfo / seamonkey-debugsource / etc");
}
VendorProductVersionCPE
novellopensuseseamonkeyp-cpe:/a:novell:opensuse:seamonkey
novellopensuseseamonkey-debuginfop-cpe:/a:novell:opensuse:seamonkey-debuginfo
novellopensuseseamonkey-debugsourcep-cpe:/a:novell:opensuse:seamonkey-debugsource
novellopensuseseamonkey-dom-inspectorp-cpe:/a:novell:opensuse:seamonkey-dom-inspector
novellopensuseseamonkey-ircp-cpe:/a:novell:opensuse:seamonkey-irc
novellopensuseseamonkey-translations-commonp-cpe:/a:novell:opensuse:seamonkey-translations-common
novellopensuseseamonkey-translations-otherp-cpe:/a:novell:opensuse:seamonkey-translations-other
novellopensuse13.1cpe:/o:novell:opensuse:13.1
novellopensuse13.2cpe:/o:novell:opensuse:13.2

Related

nessus 34
securityvulns 1
openvas 34
suse 8
freebsd 1
archlinux 2
ubuntu 4
mageia 3
debian 2
oraclelinux 2
redhat 2
osv 2
centos 2
mozilla 9
prion 11
ubuntucve 11
cve 11
checkpoint_advisories 2
packetstorm 1
zdt 1
kaspersky 2
metasploit 1
veracode 4
exploitdb 1
ibm 1
googleprojectzero 1
gentoo 1
nessus
nessus
openSUSE Security Update : MozillaFirefox (openSUSE-SU-2015:0077-2)
2015-01-20 00:00:00
Mozilla Firefox ESR < 31.4 Multiple Vulnerabilities
2019-11-06 00:00:00
FreeBSD : mozilla -- multiple vulnerabilities (bd62c640-9bb9-11e4-a5ad-000c297fb80f)
2015-01-15 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-01-19 00:00:00
openvas
openvas
openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2015:0077-1)
2015-01-20 00:00:00
openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2015:0077-2)
2015-09-18 00:00:00
Mozilla Firefox Multiple Vulnerabilities-01 Jan15 (Windows)
2015-01-20 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2015-01-19 14:04:43
Security update for seamonkey (important)
2015-02-02 12:05:27
Security update for MozillaFirefox (important)
2015-01-19 15:04:39
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-01-13 00:00:00
archlinux
archlinux
firefox: multiple issues
2015-01-14 00:00:00
thunderbird: multiple issues
2015-01-14 00:00:00
ubuntu
ubuntu
Firefox regression
2015-01-27 00:00:00
Ubufox update
2015-01-14 00:00:00
Firefox vulnerabilities
2015-01-14 00:00:00
mageia
mageia
Updated iceape package fixes security vulnerabilities
2015-01-19 19:47:36
Updated firefox and thunderbird packages fixes security vulnerabilities
2015-01-18 01:31:08
Updated iceape packages fix security vulnerabilities
2015-09-08 10:20:40
debian
debian
[SECURITY] [DSA 3127-1] iceweasel security update
2015-01-14 19:02:00
[SECURITY] [DSA 3132-1] icedove security update
2015-01-19 16:58:23
oraclelinux
oraclelinux
firefox security and bug fix update
2015-01-14 00:00:00
thunderbird security update
2015-01-13 00:00:00
redhat
redhat
(RHSA-2015:0046) Critical: firefox security and bug fix update
2015-01-13 00:00:00
(RHSA-2015:0047) Important: thunderbird security update
2015-01-13 00:00:00
osv
osv
iceweasel - security update
2015-01-14 00:00:00
icedove - security update
2015-01-19 00:00:00
centos
centos
firefox, xulrunner security update
2015-01-14 16:08:25
thunderbird security update
2015-01-14 15:52:57
mozilla
mozilla
Miscellaneous memory safety hazards (rv:35.0 / rv:31.4) — Mozilla
2015-01-13 00:00:00
Uninitialized memory use during bitmap rendering — Mozilla
2015-01-13 00:00:00
Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension — Mozilla
2015-01-13 00:00:00
prion
prion
Information disclosure
2015-01-14 11:59:00
Design/Logic Flaw
2015-01-14 11:59:00
Design/Logic Flaw
2015-01-14 11:59:00
ubuntucve
ubuntucve
CVE-2014-8637
2015-01-14 00:00:00
CVE-2014-8642
2015-01-14 00:00:00
CVE-2014-8640
2015-01-14 00:00:00
cve
cve
CVE-2014-8642
2015-01-14 11:59:00
CVE-2014-8637
2015-01-14 11:59:00
CVE-2014-8643
2015-01-14 11:59:00
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox XrayWrapper Policy Bypass (CVE-2014-8636)
2015-04-19 00:00:00
Mozilla Firefox Proxy Prototype Remote Code Execution (CVE-2014-8636)
2015-03-26 00:00:00
packetstorm
packetstorm
Firefox Proxy Prototype Privileged Javascript Injection
2015-03-24 00:00:00
zdt
zdt
Firefox Proxy Prototype Privileged Javascript Injection Exploit
2015-03-27 00:00:00
kaspersky
kaspersky
KLA10445 ACE vulnerability in Mozilla
2015-01-13 00:00:00
KLA10446 CI vulnerability in Mozilla products
2015-01-13 00:00:00
metasploit
metasploit
Firefox Proxy Prototype Privileged Javascript Injection
2015-03-23 18:44:41
veracode
veracode
Cross-site Request Forgery (CSRF)
2019-05-02 05:07:07
Denial Of Service (DoS)
2019-01-15 09:04:03
Session Fixation
2019-05-02 05:07:07
exploitdb
exploitdb
Mozilla Firefox - Proxy Prototype Privileged JavaScript Injection (Metasploit)
2015-03-24 00:00:00
ibm
ibm
Security Bulletin: Mozilla Firefox vulnerability issues in IBM SONAS (CVE-2014-1574, CVE-2014-1576, CVE-2014-1577, CVE-2014-1578, CVE-2014-1581, CVE-2014-1583, CVE-2014-1587, CVE-2014-1588, and 11 more)
2018-06-18 00:09:21
googleprojectzero
googleprojectzero
Attacking ECMAScript Engines with Redefinition
2015-08-17 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
JSON
Related for OPENSUSE-2015-92.NASL
nessus34securityvulns1openvas34suse8freebsd1archlinux2ubuntu4mageia3debian2oraclelinux2redhat2osv2centos2mozilla9prion11ubuntucve11cve11checkpoint_advisories2packetstorm1zdt1kaspersky2metasploit1veracode4exploitdb1ibm1googleprojectzero1gentoo1