Lucene search
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20070718_SEAMONKEY_ON_SL4_X.NASLHistoryAug 01, 2012 - 12:00 a.m.
Scientific Linux Security Update : seamonkey on SL4.x, SL3.x i386/x86_64
2012-08-0100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.949 High
EPSS
Percentile
99.3%
Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738)
Several content injection flaws were found in the way SeaMonkey handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages.
(CVE-2007-3736, CVE-2007-3089)
A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsingsession if the user reloads a targeted site. (CVE-2007-3656)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(60229);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2007-3089", "CVE-2007-3656", "CVE-2007-3734", "CVE-2007-3735", "CVE-2007-3736", "CVE-2007-3737", "CVE-2007-3738");
script_name(english:"Scientific Linux Security Update : seamonkey on SL4.x, SL3.x i386/x86_64");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Scientific Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Several flaws were found in the way SeaMonkey processed certain
malformed JavaScript code. A web page containing malicious JavaScript
code could cause SeaMonkey to crash or potentially execute arbitrary
code as the user running SeaMonkey. (CVE-2007-3734, CVE-2007-3735,
CVE-2007-3737, CVE-2007-3738)
Several content injection flaws were found in the way SeaMonkey
handled certain JavaScript code. A web page containing malicious
JavaScript code could inject arbitrary content into other web pages.
(CVE-2007-3736, CVE-2007-3089)
A flaw was found in the way SeaMonkey cached web pages on the local
disk. A malicious web page may be able to inject arbitrary HTML into a
browsingsession if the user reloads a targeted site. (CVE-2007-3656)"
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind0707&L=scientific-linux-errata&T=0&P=563
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?eccc558e"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_cwe_id(200);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"patch_publication_date", value:"2007/07/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL3", reference:"seamonkey-1.0.9-0.3.SL3")) flag++;
if (rpm_check(release:"SL3", reference:"seamonkey-chat-1.0.9-0.3.SL3")) flag++;
if (rpm_check(release:"SL3", reference:"seamonkey-devel-1.0.9-0.3.SL3")) flag++;
if (rpm_check(release:"SL3", reference:"seamonkey-dom-inspector-1.0.9-0.3.SL3")) flag++;
if (rpm_check(release:"SL3", reference:"seamonkey-js-debugger-1.0.9-0.3.SL3")) flag++;
if (rpm_check(release:"SL3", reference:"seamonkey-mail-1.0.9-0.3.SL3")) flag++;
if (rpm_check(release:"SL3", reference:"seamonkey-nspr-1.0.9-0.3.SL3")) flag++;
if (rpm_check(release:"SL3", reference:"seamonkey-nspr-devel-1.0.9-0.3.SL3")) flag++;
if (rpm_check(release:"SL3", reference:"seamonkey-nss-1.0.9-0.3.SL3")) flag++;
if (rpm_check(release:"SL3", reference:"seamonkey-nss-devel-1.0.9-0.3.SL3")) flag++;
if (rpm_check(release:"SL4", reference:"seamonkey-1.0.9-4.el4")) flag++;
if (rpm_check(release:"SL4", reference:"seamonkey-chat-1.0.9-4.el4")) flag++;
if (rpm_check(release:"SL4", reference:"seamonkey-devel-1.0.9-4.el4")) flag++;
if (rpm_check(release:"SL4", reference:"seamonkey-dom-inspector-1.0.9-4.el4")) flag++;
if (rpm_check(release:"SL4", reference:"seamonkey-js-debugger-1.0.9-4.el4")) flag++;
if (rpm_check(release:"SL4", reference:"seamonkey-mail-1.0.9-4.el4")) flag++;
if (rpm_check(release:"SL4", reference:"seamonkey-nspr-1.0.9-4.el4")) flag++;
if (rpm_check(release:"SL4", reference:"seamonkey-nspr-devel-1.0.9-4.el4")) flag++;
if (rpm_check(release:"SL4", reference:"seamonkey-nss-1.0.9-4.el4")) flag++;
if (rpm_check(release:"SL4", reference:"seamonkey-nss-devel-1.0.9-4.el4")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fermilab | scientific_linux | x-cpe:/o:fermilab:scientific_linux |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3089
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3656
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3734
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3735
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3736
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3737
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3738
www.nessus.org/u?eccc558e
Related
nessus
nessus
Fedora 7 : seamonkey-1.1.3-1.fc7 (2007-1181)
2007-11-06 00:00:00
Oracle Linux 4 / 5 : firefox (ELSA-2007-0724)
2013-07-12 00:00:00
RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2007:0722)
2007-07-23 00:00:00
oraclelinux
oraclelinux
Critical: seamonkey security update
2007-07-19 00:00:00
Critical: firefox security update
2007-07-19 00:00:00
Moderate: thunderbird security update
2007-07-19 00:00:00
redhat
redhat
(RHSA-2007:0724) Critical: firefox security update
2007-07-18 00:00:00
(RHSA-2007:0722) Critical: seamonkey security update
2007-07-18 00:00:00
(RHSA-2007:0723) Moderate: thunderbird security update
2007-07-18 00:00:00
openvas
openvas
Fedora Update for seamonkey FEDORA-2007-1181
2009-02-27 00:00:00
Fedora Update for epiphany-extensions FEDORA-2007-1155
2009-02-27 00:00:00
Debian Security Advisory DSA 1339-1 (iceape)
2008-01-17 00:00:00
centos
centos
seamonkey security update
2007-07-20 05:54:56
firefox security update
2007-07-19 13:36:22
seamonkey security update
2007-07-19 11:53:21
fedora
fedora
[SECURITY] Fedora 7 Update: firefox-2.0.0.5-1.fc7
2007-07-18 20:56:30
[SECURITY] Fedora 7 Update: yelp-2.18.1-5.fc7
2007-07-18 20:56:52
[SECURITY] Fedora 7 Update: epiphany-extensions-2.18.3-2
2007-07-19 16:45:42
osv
osv
debian
debian
[SECURITY] [DSA 1338-1] New iceweasel packages fix several vulnerabilities
2007-07-23 17:27:52
[SECURITY] [DSA 1339-1] New iceape packages fix several vulnerabilities
2007-07-24 00:00:33
[SECURITY] [DSA 1337-1] New xulrunner packages fix several vulnerabilities
2007-07-22 19:19:22
freebsd
freebsd
mozilla -- multiple vulnerabilities
2007-07-17 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2007-07-20 00:00:00
Thunderbird vulnerabilities
2007-08-25 00:00:00
gentoo
gentoo
Mozilla products: Multiple vulnerabilities
2007-08-14 00:00:00
seebug
seebug
Mozilla Firefox 2.0.0.4多个远程安全漏洞
2007-07-19 00:00:00
Firefox about:blank IFRME帧跨域访问漏洞
2007-07-20 00:00:00
securityvulns
securityvulns
Mozilla Firefox, Thunderbird, Seamonkey multiple securityvulnerabilities
2007-07-19 00:00:00
Mozilla Foundation Security Advisory 2007-18
2007-07-19 00:00:00
Mozilla Foundation Security Advisory 2007-20
2007-07-19 00:00:00
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,Seamonkey
2007-08-02 16:31:06
mozilla
mozilla
Crashes with evidence of memory corruption (rv:1.8.1.5) — Mozilla
2007-07-17 00:00:00
Unauthorized access to wyciwyg:// documents — Mozilla
2007-07-17 00:00:00
Frame spoofing while window is loading — Mozilla
2007-07-17 00:00:00
checkpoint_advisories
checkpoint_advisories
nvd
nvd
prion
prion
Memory corruption
2007-07-18 17:30:00
Design/Logic Flaw
2007-07-10 19:30:00
Memory corruption
2007-07-18 17:30:00
cvelist
cvelist
cve
cve
cert
cert
Mozilla Firefox allows cross-domain iframe access via JavaScript
2007-06-08 00:00:00
veracode
veracode
Arbitrary Code Injection
2020-04-10 00:17:15
Arbitrary Code Execution
2020-04-10 00:17:15
Arbitrary Code Execution
2020-04-10 00:17:16
ubuntucve
ubuntucve
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.949 High
EPSS
Percentile
99.3%
Related for SL_20070718_SEAMONKEY_ON_SL4_X.NASL