Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2006-0200.NASL
HistoryFeb 05, 2006 - 12:00 a.m.

RHEL 4 : firefox (RHSA-2006:0200)

2006-02-0500:00:00
This script is Copyright (C) 2006-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16

6.6 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.961 High

EPSS

Percentile

99.5%

JSON

The remote Redhat Enterprise Linux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2006:0200 advisory.

  • security flaw (CVE-2005-4134, CVE-2006-0292, CVE-2006-0296)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2006:0200. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(20858);
  script_version("1.26");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/21");

  script_cve_id("CVE-2005-4134", "CVE-2006-0292", "CVE-2006-0296");
  script_xref(name:"RHSA", value:"2006:0200");

  script_name(english:"RHEL 4 : firefox (RHSA-2006:0200)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for firefox.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 4 host has a package installed that is affected by multiple vulnerabilities as
referenced in the RHSA-2006:0200 advisory.

  - security flaw (CVE-2005-4134, CVE-2006-0292, CVE-2006-0296)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://access.redhat.com/security/data/csaf/v2/advisories/2006/rhsa-2006_0200.json
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?70e29fa8");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#critical");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=179171");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=179173");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=179175");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2006:0200");
  script_set_attribute(attribute:"solution", value:
"Update the RHEL firefox package based on the guidance in RHSA-2006:0200.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2006-0292");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2005-4134");
  script_set_attribute(attribute:"vendor_severity", value:"Critical");

  script_set_attribute(attribute:"vuln_publication_date", value:"2005/12/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2006/02/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/02/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2006-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("redhat_repos.nasl", "ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '4')) audit(AUDIT_OS_NOT, 'Red Hat 4.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'repo_relative_urls': [
      'content/dist/rhel/as/4/4AS/i386/os',
      'content/dist/rhel/as/4/4AS/i386/source/SRPMS',
      'content/dist/rhel/as/4/4AS/x86_64/os',
      'content/dist/rhel/as/4/4AS/x86_64/source/SRPMS',
      'content/dist/rhel/desktop/4/4Desktop/i386/os',
      'content/dist/rhel/desktop/4/4Desktop/i386/source/SRPMS',
      'content/dist/rhel/desktop/4/4Desktop/x86_64/os',
      'content/dist/rhel/desktop/4/4Desktop/x86_64/source/SRPMS',
      'content/dist/rhel/es/4/4ES/i386/os',
      'content/dist/rhel/es/4/4ES/i386/source/SRPMS',
      'content/dist/rhel/es/4/4ES/x86_64/os',
      'content/dist/rhel/es/4/4ES/x86_64/source/SRPMS',
      'content/dist/rhel/power/4/4AS/ppc/os',
      'content/dist/rhel/power/4/4AS/ppc/source/SRPMS',
      'content/dist/rhel/system-z/4/4AS/s390/os',
      'content/dist/rhel/system-z/4/4AS/s390/source/SRPMS',
      'content/dist/rhel/system-z/4/4AS/s390x/os',
      'content/dist/rhel/system-z/4/4AS/s390x/source/SRPMS',
      'content/dist/rhel/ws/4/4WS/i386/os',
      'content/dist/rhel/ws/4/4WS/i386/source/SRPMS',
      'content/dist/rhel/ws/4/4WS/x86_64/os',
      'content/dist/rhel/ws/4/4WS/x86_64/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'firefox-1.0.7-1.4.3', 'cpu':'i386', 'release':'4', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
      {'reference':'firefox-1.0.7-1.4.3', 'cpu':'ppc', 'release':'4', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
      {'reference':'firefox-1.0.7-1.4.3', 'cpu':'s390', 'release':'4', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
      {'reference':'firefox-1.0.7-1.4.3', 'cpu':'s390x', 'release':'4', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
      {'reference':'firefox-1.0.7-1.4.3', 'cpu':'x86_64', 'release':'4', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}
    ]
  }
];

var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);

var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
  foreach var pkg ( constraint_array['pkgs'] ) {
    var reference = NULL;
    var _release = NULL;
    var sp = NULL;
    var _cpu = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var epoch = NULL;
    var allowmaj = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        _release &&
        rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
        (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
        rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
  else extra = rpm_report_get();
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : extra
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');
}
VendorProductVersionCPE
redhatenterprise_linuxfirefoxp-cpe:/a:redhat:enterprise_linux:firefox
redhatenterprise_linux4cpe:/o:redhat:enterprise_linux:4

Related

centos 4
nessus 29
redhat 3
mozilla 3
nvd 3
ubuntucve 3
cve 3
debiancve 3
cvelist 3
kaspersky 1
cert 1
prion 2
securityvulns 1
ubuntu 3
openvas 14
gentoo 3
osv 3
debian 8
suse 2
centos
centos
firefox security update
2006-02-02 19:37:08
mozilla security update
2006-02-03 00:37:23
mozilla security update
2006-02-02 18:17:59
nessus
nessus
Fedora Core 4 : firefox-1.0.7-1.2.fc4 (2006-076)
2006-02-05 00:00:00
RHEL 2.1 / 3 / 4 : mozilla (RHSA-2006:0199)
2006-02-05 00:00:00
CentOS 4 : firefox (CESA-2006:0200)
2006-07-05 00:00:00
redhat
redhat
(RHSA-2006:0199) mozilla security update
2006-02-02 00:00:00
(RHSA-2006:0200) firefox security update
2006-02-02 00:00:00
(RHSA-2006:0330) thunderbird security update
2006-04-21 00:00:00
mozilla
mozilla
Long document title causes startup denial of service — Mozilla
2006-02-01 00:00:00
Localstore.rdf XML injection through XULDocument.persist() — Mozilla
2006-02-01 00:00:00
JavaScript garbage-collection hazards — Mozilla
2006-02-01 00:00:00
nvd
nvd
CVE-2005-4134
2005-12-09 15:03:00
CVE-2006-0296
2006-02-02 20:06:00
CVE-2006-0292
2006-02-02 20:06:00
ubuntucve
ubuntucve
CVE-2005-4134
2005-12-09 00:00:00
CVE-2006-0296
2006-02-02 00:00:00
CVE-2006-0292
2006-02-02 00:00:00
cve
cve
CVE-2005-4134
2005-12-09 15:03:00
CVE-2006-0296
2006-02-02 20:06:00
CVE-2006-0292
2006-02-02 20:06:00
debiancve
debiancve
CVE-2005-4134
2005-12-09 15:03:00
CVE-2006-0296
2006-02-02 20:06:00
CVE-2006-0292
2006-02-02 20:06:00
cvelist
cvelist
CVE-2005-4134
2005-12-09 15:00:00
CVE-2006-0296
2006-02-02 20:00:00
CVE-2006-0292
2006-02-02 20:00:00
kaspersky
kaspersky
KLA10231 DoS vulnerability in browser
2005-12-09 00:00:00
cert
cert
Mozilla-based products fail to validate user input to the attribute name in "XULDocument.persist"
2006-02-03 00:00:00
prion
prion
Design/Logic Flaw
2006-02-02 20:06:00
Design/Logic Flaw
2006-02-02 20:06:00
securityvulns
securityvulns
US-CERT Technical Cyber Security Alert TA06-038A -- Multiple Vulnerabilities in Mozilla Products
2006-02-08 00:00:00
ubuntu
ubuntu
Mozilla vulnerabilities
2006-04-28 00:00:00
Firefox vulnerabilities
2006-04-20 00:00:00
Thunderbird vulnerabilities
2006-05-03 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200604-12 (mozilla-firefox)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200604-12 (mozilla-firefox)
2008-09-24 00:00:00
Debian Security Advisory DSA 1044-1 (mozilla-firefox)
2008-01-17 00:00:00
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2006-04-23 00:00:00
Mozilla Suite: Multiple vulnerabilities
2006-04-28 00:00:00
Mozilla Thunderbird: Multiple vulnerabilities
2006-05-08 00:00:00
osv
osv
mozilla-firefox - several
2006-04-26 00:00:00
mozilla-thunderbird - several vulnerabilities
2006-05-04 00:00:00
mozilla - several
2006-04-27 00:00:00
debian
debian
[SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilities
2006-04-26 16:02:42
[SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilities
2006-04-26 16:58:22
[SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilities
2006-04-26 16:58:22
suse
suse
remote code execution in MozillaThunderbird
2006-04-25 13:15:04
remote code execution in phpMyAdmin
2006-01-26 13:53:52

6.6 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.961 High

EPSS

Percentile

99.5%

JSON
Related for REDHAT-RHSA-2006-0200.NASL
centos4nessus29redhat3mozilla3nvd3ubuntucve3cve3debiancve3cvelist3kaspersky1cert1prion2securityvulns1ubuntu3openvas14gentoo3osv3debian8suse2