Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 Tenable Network Security, Inc.SUSE_11_FIREFOX-2014-06-140612.NASL
HistoryJun 23, 2014 - 12:00 a.m.

SuSE 11.3 Security Update : MozillaFirefox (SAT Patch Number 9370)

2014-06-2300:00:00
This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.
www.tenable.com
14
JSON

Mozilla Firefox was updated to version 24.6.0 to fix six security issues :

  • Miscellaneous memory safety hazards. (CVE-2014-1533 / CVE-2014-1534)

  • Use-after-free and out of bounds issues found using Address Sanitizer. (CVE-2014-1536 / CVE-2014-1537 / CVE-2014-1538)

  • Use-after-free with SMIL Animation Controller.
    (CVE-2014-1541) mozilla-nspr was updated to version 4.10.6 to fix one security issue :

  • Out of bounds write in NSPR. (CVE-2014-1545) Further information can be found at https://www.mozilla.org/security/announce/ .

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(76188);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2014-1533", "CVE-2014-1534", "CVE-2014-1536", "CVE-2014-1537", "CVE-2014-1538", "CVE-2014-1541", "CVE-2014-1545");

  script_name(english:"SuSE 11.3 Security Update : MozillaFirefox (SAT Patch Number 9370)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Mozilla Firefox was updated to version 24.6.0 to fix six security
issues :

  - Miscellaneous memory safety hazards. (CVE-2014-1533 /
    CVE-2014-1534)

  - Use-after-free and out of bounds issues found using
    Address Sanitizer. (CVE-2014-1536 / CVE-2014-1537 /
    CVE-2014-1538)

  - Use-after-free with SMIL Animation Controller.
    (CVE-2014-1541) mozilla-nspr was updated to version
    4.10.6 to fix one security issue :

  - Out of bounds write in NSPR. (CVE-2014-1545) Further
    information can be found at
    https://www.mozilla.org/security/announce/ ."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=881874"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1533.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1534.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1536.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1537.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1538.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1541.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1545.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply SAT patch number 9370.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:MozillaFirefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-branding-SLED");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libfreebl3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libsoftokn3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libsoftokn3-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nspr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nspr-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nss");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nss-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");


flag = 0;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"MozillaFirefox-24.6.0esr-0.8.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"MozillaFirefox-branding-SLED-24-0.7.48")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"MozillaFirefox-translations-24.6.0esr-0.8.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libfreebl3-3.16.1-0.8.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libsoftokn3-3.16.1-0.8.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mozilla-nspr-4.10.6-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mozilla-nss-3.16.1-0.8.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mozilla-nss-tools-3.16.1-0.8.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"MozillaFirefox-24.6.0esr-0.8.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"MozillaFirefox-branding-SLED-24-0.7.48")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"MozillaFirefox-translations-24.6.0esr-0.8.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libfreebl3-3.16.1-0.8.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libfreebl3-32bit-3.16.1-0.8.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libsoftokn3-3.16.1-0.8.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libsoftokn3-32bit-3.16.1-0.8.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mozilla-nspr-4.10.6-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mozilla-nspr-32bit-4.10.6-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mozilla-nss-3.16.1-0.8.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mozilla-nss-32bit-3.16.1-0.8.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mozilla-nss-tools-3.16.1-0.8.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"MozillaFirefox-24.6.0esr-0.8.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"MozillaFirefox-branding-SLED-24-0.7.48")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"MozillaFirefox-translations-24.6.0esr-0.8.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"libfreebl3-3.16.1-0.8.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"libsoftokn3-3.16.1-0.8.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"mozilla-nspr-4.10.6-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"mozilla-nss-3.16.1-0.8.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"mozilla-nss-tools-3.16.1-0.8.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libfreebl3-32bit-3.16.1-0.8.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libsoftokn3-32bit-3.16.1-0.8.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"mozilla-nspr-32bit-4.10.6-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"mozilla-nss-32bit-3.16.1-0.8.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libfreebl3-32bit-3.16.1-0.8.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libsoftokn3-32bit-3.16.1-0.8.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"mozilla-nspr-32bit-4.10.6-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"mozilla-nss-32bit-3.16.1-0.8.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:mozillafirefox
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:mozillafirefox-branding-sled
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:mozillafirefox-translations
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:libfreebl3
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:libsoftokn3
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:libsoftokn3-32bit
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:mozilla-nspr
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:mozilla-nspr-32bit
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:mozilla-nss
Rows per page:
1-10 of 131

Related

openvas 38
suse 6
nessus 43
osv 4
debian 4
ubuntu 3
freebsd 1
securityvulns 2
veracode 4
mageia 2
centos 4
oraclelinux 4
mozilla 4
redhat 5
amazon 1
ubuntucve 7
cve 7
prion 7
debiancve 1
ibm 6
f5 2
gentoo 1
openvas
openvas
SUSE: Security Advisory for MozillaFirefox (SUSE-SU-2014:0824-1)
2015-10-13 00:00:00
openSUSE: Security Advisory for Mozilla (openSUSE-SU-2014:0797-1)
2014-06-17 00:00:00
SUSE: Security Advisory for MozillaFirefox (SUSE-SU-2014:0824-3)
2015-10-16 00:00:00
suse
suse
Mozilla updates 2014/06 (critical)
2014-06-16 08:04:13
Security update for MozillaFirefox (important)
2014-06-21 01:04:47
Security update for MozillaFirefox (important)
2014-06-25 00:04:17
nessus
nessus
openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2014:0858-1)
2014-07-02 00:00:00
Thunderbird < 24.6 Multiple Vulnerabilities (Mac OS X)
2014-06-11 00:00:00
Mozilla Thunderbird < 24.6 Multiple Vulnerabilities
2014-06-11 00:00:00
osv
osv
iceweasel - security update
2014-06-11 00:00:00
icedove - security update
2014-06-16 00:00:00
nspr - security update
2014-06-17 00:00:00
debian
debian
[SECURITY] [DSA 2955-1] iceweasel security update
2014-06-11 14:33:41
[SECURITY] [DSA 2960-1] icedove security update
2014-06-16 17:13:24
[SECURITY] [DSA 2962-1] nspr security update
2014-06-17 19:31:15
ubuntu
ubuntu
Firefox vulnerabilities
2014-06-11 00:00:00
Thunderbird vulnerabilities
2014-06-19 00:00:00
NSPR vulnerability
2014-07-02 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2014-06-10 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2014-06-13 00:00:00
ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities
2015-02-02 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:58:34
Use-After-Free
2019-05-02 04:58:34
Remote Code Execution (RCE)
2019-01-15 08:53:46
mageia
mageia
Updated firefox & thunderbird packages fix multiple security vulnerabilities
2014-06-11 21:13:59
Updated iceape package fixes security vulnerabilities
2014-10-23 17:27:57
centos
centos
firefox security update
2014-06-11 10:49:01
thunderbird security update
2014-06-11 10:54:29
nss security update
2014-09-30 11:21:57
oraclelinux
oraclelinux
thunderbird security update
2014-06-10 00:00:00
firefox security update
2014-06-10 00:00:00
nss and nspr security, bug fix, and enhancement update
2014-09-17 00:00:00
mozilla
mozilla
Use-after-free and out of bounds issues found using Address Sanitizer — Mozilla
2014-06-10 00:00:00
Miscellaneous memory safety hazards (rv:30.0 / rv:24.6) — Mozilla
2014-06-10 00:00:00
Out of bounds write in NSPR — Mozilla
2014-06-10 00:00:00
redhat
redhat
(RHSA-2014:0741) Critical: firefox security update
2014-06-10 00:00:00
(RHSA-2014:0742) Important: thunderbird security update
2014-06-10 00:00:00
(RHSA-2014:1246) Moderate: nss and nspr security, bug fix, and enhancement update
2014-09-16 00:00:00
amazon
amazon
Critical: nspr
2014-07-23 14:07:00
ubuntucve
ubuntucve
CVE-2014-1536
2014-06-11 00:00:00
CVE-2014-1534
2014-06-11 00:00:00
CVE-2014-1533
2014-06-11 00:00:00
cve
cve
CVE-2014-1545
2014-06-11 10:57:00
CVE-2014-1536
2014-06-11 10:57:00
CVE-2014-1534
2014-06-11 10:57:00
prion
prion
Memory corruption
2014-06-11 10:57:00
Out-of-bounds
2014-06-11 10:57:00
Memory corruption
2014-06-11 10:57:00
debiancve
debiancve
CVE-2014-1545
2014-06-11 10:57:00
ibm
ibm
Security Bulletin: Mozilla firefox vulnerability issues on IBM SONAS (CVE-2014-1518, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532, CVE-2014-1533, CVE-2014-1538, CVE-2014-1541)
2018-06-18 00:08:33
Security Bulletin: IBM Storwize V7000 Unified security vulnerabilities related to Mozilla Firefox (CVE-2014-1518, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532, CVE-2014-1533, CVE-2014-1538, CVE-2014-1541)
2018-06-18 00:08:28
Security Bulletin: Vulnerabilities in Network Security Services (NSS) and Netscape Portable Runtime (NSPR) affect IBM SAN Volume Controller and Storwize Family (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545)
2023-03-29 01:48:02
f5
f5
SOL16716 - Multiple Mozilla NSS vulnerabilities
2015-06-05 00:00:00
K16716 : Multiple Mozilla NSS vulnerabilities
2015-09-17 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
JSON
Related for SUSE_11_FIREFOX-2014-06-140612.NASL
openvas38suse6nessus43osv4debian4ubuntu3freebsd1securityvulns2veracode4mageia2centos4oraclelinux4mozilla4redhat5amazon1ubuntucve7cve7prion7debiancve1ibm6f52gentoo1