Search...

SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8636)

2013-07-06T00:00:00

ID SUSE_FIREFOX-20130628-8636.NASL
Type nessus
Reporter This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2013-07-06T00:00:00

Description

Mozilla Firefox has been updated to the 17.0.7 ESR version, which fixes bugs and security fixes.

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2013-49)

Gary Kwong, Jesse Ruderman, and Andrew McCreight reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 21. (CVE-2013-1682)

Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free and buffer overflow flaws in code introduced during Firefox development. These were fixed before general release. (MFSA 2013-50)

o Heap-use-after-free in mozilla::dom::HTMLMediaElement::LookupMediaElementURITab le (CVE-2013-1684) o Heap-use-after-free in nsIDocument::GetRootElement (CVE-2013-1685) o Heap-use-after-free in mozilla::ResetDir. (CVE-2013-1686)

Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by System Only Wrappers (SOW) and chrome-privileged pages. This could potentially lead to arbitrary code execution. Additionally, Chrome Object Wrappers (COW) can be bypassed by web content to access privileged methods, leading to a cross-site scripting (XSS) attack from privileged pages. (MFSA 2013-51 / CVE-2013-1687)

Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable. (MFSA 2013-53 / CVE-2013-1690)

Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes against the XHR specification. This can potentially be used for Cross-Site Request Forgery (CSRF) attacks against sites which do not distinguish between HEAD and POST requests. (MFSA 2013-54 / CVE-2013-1692)

Security researcher Paul Stone of Context Information Security discovered that timing differences in the processing of SVG format images with filters could allow for pixel values to be read. This could potentially allow for text values to be read across domains, leading to information disclosure. (MFSA 2013-55 / CVE-2013-1693)

Mozilla security researcher moz_bug_r_a4 reported that XrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue. This can lead to unexpected behavior when privileged code acts on the incorrect values. (MFSA 2013-59 / CVE-2013-1697)

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#

if (NASL_LEVEL &lt; 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(67198);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2013-1682", "CVE-2013-1684", "CVE-2013-1685", "CVE-2013-1686", "CVE-2013-1687", "CVE-2013-1690", "CVE-2013-1692", "CVE-2013-1693", "CVE-2013-1697");

  script_name(english:"SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8636)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 10 host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Mozilla Firefox has been updated to the 17.0.7 ESR version, which
fixes bugs and security fixes.

  - Mozilla developers identified and fixed several memory
    safety bugs in the browser engine used in Firefox and
    other Mozilla-based products. Some of these bugs showed
    evidence of memory corruption under certain
    circumstances, and we presume that with enough effort at
    least some of these could be exploited to run arbitrary
    code. (MFSA 2013-49)

    Gary Kwong, Jesse Ruderman, and Andrew McCreight
    reported memory safety problems and crashes that affect
    Firefox ESR 17, and Firefox 21. (CVE-2013-1682)

  - Security researcher Abhishek Arya (Inferno) of the
    Google Chrome Security Team used the Address Sanitizer
    tool to discover a series of use-after-free problems
    rated critical as security issues in shipped software.
    Some of these issues are potentially exploitable,
    allowing for remote code execution. We would also like
    to thank Abhishek for reporting additional
    use-after-free and buffer overflow flaws in code
    introduced during Firefox development. These were fixed
    before general release. (MFSA 2013-50)

    o Heap-use-after-free in
    mozilla::dom::HTMLMediaElement::LookupMediaElementURITab
    le (CVE-2013-1684) o Heap-use-after-free in
    nsIDocument::GetRootElement (CVE-2013-1685) o
    Heap-use-after-free in mozilla::ResetDir.
    (CVE-2013-1686)

  - Security researcher Mariusz Mlynski reported that it is
    possible to compile a user-defined function in the XBL
    scope of a specific element and then trigger an event
    within this scope to run code. In some circumstances,
    when this code is run, it can access content protected
    by System Only Wrappers (SOW) and chrome-privileged
    pages. This could potentially lead to arbitrary code
    execution. Additionally, Chrome Object Wrappers (COW)
    can be bypassed by web content to access privileged
    methods, leading to a cross-site scripting (XSS) attack
    from privileged pages. (MFSA 2013-51 / CVE-2013-1687)

  - Security researcher Nils reported that specially crafted
    web content using the onreadystatechange event and
    reloading of pages could sometimes cause a crash when
    unmapped memory is executed. This crash is potentially
    exploitable. (MFSA 2013-53 / CVE-2013-1690)

  - Security researcher Johnathan Kuskos reported that
    Firefox is sending data in the body of XMLHttpRequest
    (XHR) HEAD requests, which goes against the XHR
    specification. This can potentially be used for
    Cross-Site Request Forgery (CSRF) attacks against sites
    which do not distinguish between HEAD and POST requests.
    (MFSA 2013-54 / CVE-2013-1692)

  - Security researcher Paul Stone of Context Information
    Security discovered that timing differences in the
    processing of SVG format images with filters could allow
    for pixel values to be read. This could potentially
    allow for text values to be read across domains, leading
    to information disclosure. (MFSA 2013-55 /
    CVE-2013-1693)

  - Mozilla security researcher moz_bug_r_a4 reported that
    XrayWrappers can be bypassed to call content-defined
    toString and valueOf methods through DefaultValue. This
    can lead to unexpected behavior when privileged code
    acts on the incorrect values. (MFSA 2013-59 /
    CVE-2013-1697)"
  );
  # http://www.mozilla.org/security/announce/2013/mfsa2013-49.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-49/"
  );
  # http://www.mozilla.org/security/announce/2013/mfsa2013-50.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-50/"
  );
  # http://www.mozilla.org/security/announce/2013/mfsa2013-51.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-51/"
  );
  # http://www.mozilla.org/security/announce/2013/mfsa2013-53.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-53/"
  );
  # http://www.mozilla.org/security/announce/2013/mfsa2013-54.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-54/"
  );
  # http://www.mozilla.org/security/announce/2013/mfsa2013-55.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-55/"
  );
  # http://www.mozilla.org/security/announce/2013/mfsa2013-59.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-59/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1682.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1684.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1685.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1686.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1687.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1690.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1692.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1693.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1697.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 8636.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Firefox onreadystatechange Event DocumentViewerImpl Use After Free');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/06/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/06/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu &gt;!&lt; "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");


flag = 0;
if (rpm_check(release:"SLED10", sp:4, reference:"MozillaFirefox-17.0.7esr-0.6.1")) flag++;
if (rpm_check(release:"SLED10", sp:4, reference:"MozillaFirefox-branding-SLED-7-0.10.28")) flag++;
if (rpm_check(release:"SLED10", sp:4, reference:"MozillaFirefox-translations-17.0.7esr-0.6.1")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"MozillaFirefox-17.0.7esr-0.6.1")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"MozillaFirefox-branding-SLED-7-0.10.28")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"MozillaFirefox-translations-17.0.7esr-0.6.1")) flag++;


if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else exit(0, "The host is not affected.");

JSON Vulners Source

Initial Source

{"id": "SUSE_FIREFOX-20130628-8636.NASL", "bulletinFamily": "scanner", "title": "SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8636)", "description": "Mozilla Firefox has been updated to the 17.0.7 ESR version, which\nfixes bugs and security fixes.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2013-49)\n\n Gary Kwong, Jesse Ruderman, and Andrew McCreight\n reported memory safety problems and crashes that affect\n Firefox ESR 17, and Firefox 21. (CVE-2013-1682)\n\n - Security researcher Abhishek Arya (Inferno) of the\n Google Chrome Security Team used the Address Sanitizer\n tool to discover a series of use-after-free problems\n rated critical as security issues in shipped software.\n Some of these issues are potentially exploitable,\n allowing for remote code execution. We would also like\n to thank Abhishek for reporting additional\n use-after-free and buffer overflow flaws in code\n introduced during Firefox development. These were fixed\n before general release. (MFSA 2013-50)\n\n o Heap-use-after-free in\n mozilla::dom::HTMLMediaElement::LookupMediaElementURITab\n le (CVE-2013-1684) o Heap-use-after-free in\n nsIDocument::GetRootElement (CVE-2013-1685) o\n Heap-use-after-free in mozilla::ResetDir.\n (CVE-2013-1686)\n\n - Security researcher Mariusz Mlynski reported that it is\n possible to compile a user-defined function in the XBL\n scope of a specific element and then trigger an event\n within this scope to run code. In some circumstances,\n when this code is run, it can access content protected\n by System Only Wrappers (SOW) and chrome-privileged\n pages. This could potentially lead to arbitrary code\n execution. Additionally, Chrome Object Wrappers (COW)\n can be bypassed by web content to access privileged\n methods, leading to a cross-site scripting (XSS) attack\n from privileged pages. (MFSA 2013-51 / CVE-2013-1687)\n\n - Security researcher Nils reported that specially crafted\n web content using the onreadystatechange event and\n reloading of pages could sometimes cause a crash when\n unmapped memory is executed. This crash is potentially\n exploitable. (MFSA 2013-53 / CVE-2013-1690)\n\n - Security researcher Johnathan Kuskos reported that\n Firefox is sending data in the body of XMLHttpRequest\n (XHR) HEAD requests, which goes against the XHR\n specification. This can potentially be used for\n Cross-Site Request Forgery (CSRF) attacks against sites\n which do not distinguish between HEAD and POST requests.\n (MFSA 2013-54 / CVE-2013-1692)\n\n - Security researcher Paul Stone of Context Information\n Security discovered that timing differences in the\n processing of SVG format images with filters could allow\n for pixel values to be read. This could potentially\n allow for text values to be read across domains, leading\n to information disclosure. (MFSA 2013-55 /\n CVE-2013-1693)\n\n - Mozilla security researcher moz_bug_r_a4 reported that\n XrayWrappers can be bypassed to call content-defined\n toString and valueOf methods through DefaultValue. This\n can lead to unexpected behavior when privileged code\n acts on the incorrect values. (MFSA 2013-59 /\n CVE-2013-1697)", "published": "2013-07-06T00:00:00", "modified": "2013-07-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/67198", "reporter": "This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://support.novell.com/security/cve/CVE-2013-1682.html", "http://support.novell.com/security/cve/CVE-2013-1684.html", "http://support.novell.com/security/cve/CVE-2013-1697.html", "http://support.novell.com/security/cve/CVE-2013-1687.html", "https://www.mozilla.org/en-US/security/advisories/mfsa2013-55/", "http://support.novell.com/security/cve/CVE-2013-1693.html", "http://support.novell.com/security/cve/CVE-2013-1692.html", "http://support.novell.com/security/cve/CVE-2013-1690.html", "https://www.mozilla.org/en-US/security/advisories/mfsa2013-49/", "http://support.novell.com/security/cve/CVE-2013-1685.html", "https://www.mozilla.org/en-US/security/advisories/mfsa2013-53/", "https://www.mozilla.org/en-US/security/advisories/mfsa2013-54/", "https://www.mozilla.org/en-US/security/advisories/mfsa2013-50/", "http://support.novell.com/security/cve/CVE-2013-1686.html", "https://www.mozilla.org/en-US/security/advisories/mfsa2013-51/", "https://www.mozilla.org/en-US/security/advisories/mfsa2013-59/"], "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "type": "nessus", "lastseen": "2021-01-20T15:14:23", "edition": 17, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "suse", "idList": ["SUSE-SU-2013:1153-1", "OPENSUSE-SU-2013:1140-1", "OPENSUSE-SU-2013:1141-1", "OPENSUSE-SU-2013:1142-1", "OPENSUSE-SU-2013:1176-1", "OPENSUSE-SU-2013:1143-1"]}, {"type": "nessus", "idList": ["SUSE_11_FIREFOX-20130628-130628.NASL", "ORACLELINUX_ELSA-2013-0982.NASL", "DEBIAN_DSA-2716.NASL", "CENTOS_RHSA-2013-0982.NASL", "MACOSX_FIREFOX_17_0_7_ESR.NASL", "MOZILLA_THUNDERBIRD_1707_ESR.NASL", "ORACLELINUX_ELSA-2013-0981.NASL", "REDHAT-RHSA-2013-0982.NASL", "CENTOS_RHSA-2013-0981.NASL", "SL_20130625_FIREFOX_ON_SL5_X.NASL"]}, {"type": "centos", "idList": ["CESA-2013:0981", "CESA-2013:0982"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0982", "ELSA-2013-0981"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2720-1:1CEA2", "DEBIAN:DSA-2716-1:03728"]}, {"type": "redhat", "idList": ["RHSA-2013:0982", "RHSA-2013:0981"]}, {"type": "ubuntu", "idList": ["USN-1891-1", "USN-1890-2", "USN-1890-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310871012", "OPENVAS:1361412562310881757", "OPENVAS:881756", "OPENVAS:881759", "OPENVAS:1361412562310881755", "OPENVAS:841489", "OPENVAS:1361412562310903219", "OPENVAS:1361412562310903215", "OPENVAS:903215", "OPENVAS:1361412562310881753"]}, {"type": "cve", "idList": ["CVE-2013-1686", "CVE-2013-1685", "CVE-2013-1682", "CVE-2013-1690", "CVE-2013-1692", "CVE-2013-1693", "CVE-2013-1697", "CVE-2013-1687", "CVE-2013-1684"]}], "modified": "2021-01-20T15:14:23", "rev": 2}, "score": {"value": 9.4, "vector": "NONE", "modified": "2021-01-20T15:14:23", "rev": 2}, "vulnersScore": 9.4}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67198);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-1682\", \"CVE-2013-1684\", \"CVE-2013-1685\", \"CVE-2013-1686\", \"CVE-2013-1687\", \"CVE-2013-1690\", \"CVE-2013-1692\", \"CVE-2013-1693\", \"CVE-2013-1697\");\n\n script_name(english:\"SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8636)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox has been updated to the 17.0.7 ESR version, which\nfixes bugs and security fixes.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2013-49)\n\n Gary Kwong, Jesse Ruderman, and Andrew McCreight\n reported memory safety problems and crashes that affect\n Firefox ESR 17, and Firefox 21. (CVE-2013-1682)\n\n - Security researcher Abhishek Arya (Inferno) of the\n Google Chrome Security Team used the Address Sanitizer\n tool to discover a series of use-after-free problems\n rated critical as security issues in shipped software.\n Some of these issues are potentially exploitable,\n allowing for remote code execution. We would also like\n to thank Abhishek for reporting additional\n use-after-free and buffer overflow flaws in code\n introduced during Firefox development. These were fixed\n before general release. (MFSA 2013-50)\n\n o Heap-use-after-free in\n mozilla::dom::HTMLMediaElement::LookupMediaElementURITab\n le (CVE-2013-1684) o Heap-use-after-free in\n nsIDocument::GetRootElement (CVE-2013-1685) o\n Heap-use-after-free in mozilla::ResetDir.\n (CVE-2013-1686)\n\n - Security researcher Mariusz Mlynski reported that it is\n possible to compile a user-defined function in the XBL\n scope of a specific element and then trigger an event\n within this scope to run code. In some circumstances,\n when this code is run, it can access content protected\n by System Only Wrappers (SOW) and chrome-privileged\n pages. This could potentially lead to arbitrary code\n execution. Additionally, Chrome Object Wrappers (COW)\n can be bypassed by web content to access privileged\n methods, leading to a cross-site scripting (XSS) attack\n from privileged pages. (MFSA 2013-51 / CVE-2013-1687)\n\n - Security researcher Nils reported that specially crafted\n web content using the onreadystatechange event and\n reloading of pages could sometimes cause a crash when\n unmapped memory is executed. This crash is potentially\n exploitable. (MFSA 2013-53 / CVE-2013-1690)\n\n - Security researcher Johnathan Kuskos reported that\n Firefox is sending data in the body of XMLHttpRequest\n (XHR) HEAD requests, which goes against the XHR\n specification. This can potentially be used for\n Cross-Site Request Forgery (CSRF) attacks against sites\n which do not distinguish between HEAD and POST requests.\n (MFSA 2013-54 / CVE-2013-1692)\n\n - Security researcher Paul Stone of Context Information\n Security discovered that timing differences in the\n processing of SVG format images with filters could allow\n for pixel values to be read. This could potentially\n allow for text values to be read across domains, leading\n to information disclosure. (MFSA 2013-55 /\n CVE-2013-1693)\n\n - Mozilla security researcher moz_bug_r_a4 reported that\n XrayWrappers can be bypassed to call content-defined\n toString and valueOf methods through DefaultValue. This\n can lead to unexpected behavior when privileged code\n acts on the incorrect values. (MFSA 2013-59 /\n CVE-2013-1697)\"\n );\n # http://www.mozilla.org/security/announce/2013/mfsa2013-49.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-49/\"\n );\n # http://www.mozilla.org/security/announce/2013/mfsa2013-50.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-50/\"\n );\n # http://www.mozilla.org/security/announce/2013/mfsa2013-51.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-51/\"\n );\n # http://www.mozilla.org/security/announce/2013/mfsa2013-53.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-53/\"\n );\n # http://www.mozilla.org/security/announce/2013/mfsa2013-54.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-54/\"\n );\n # http://www.mozilla.org/security/announce/2013/mfsa2013-55.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-55/\"\n );\n # http://www.mozilla.org/security/announce/2013/mfsa2013-59.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-59/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1682.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1684.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1685.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1686.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1687.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1690.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1692.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1693.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1697.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8636.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox onreadystatechange Event DocumentViewerImpl Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"MozillaFirefox-17.0.7esr-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"MozillaFirefox-branding-SLED-7-0.10.28\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"MozillaFirefox-translations-17.0.7esr-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"MozillaFirefox-17.0.7esr-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"MozillaFirefox-branding-SLED-7-0.10.28\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"MozillaFirefox-translations-17.0.7esr-0.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "67198", "cpe": ["cpe:/o:suse:suse_linux"], "scheme": null}

{"suse": [{"lastseen": "2016-09-04T11:31:56", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "description": "Mozilla Firefox has been updated to the 17.0.7 ESR version,\n which fixes bugs and security issues.\n\n *\n\n MFSA 2013-49: Mozilla developers identified and fixed\n several memory safety bugs in the browser engine used in\n Firefox and other Mozilla-based products. Some of these\n bugs showed evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n Gary Kwong, Jesse Ruderman, and Andrew McCreight\n reported memory safety problems and crashes that affect\n Firefox ESR 17, and Firefox 21. (CVE-2013-1682)\n\n *\n\n MFSA 2013-50: Security researcher Abhishek Arya\n (Inferno) of the Google Chrome Security Team used the\n Address Sanitizer tool to discover a series of\n use-after-free problems rated critical as security issues\n in shipped software. Some of these issues are potentially\n exploitable, allowing for remote code execution. We would\n also like to thank Abhishek for reporting additional\n use-after-free and buffer overflow flaws in code introduced\n during Firefox development. These were fixed before general\n release.\n\n o Heap-use-after-free in\n mozilla::dom::HTMLMediaElement::LookupMediaElementURITable\n (CVE-2013-1684) o Heap-use-after-free in\n nsIDocument::GetRootElement (CVE-2013-1685) o\n Heap-use-after-free in mozilla::ResetDir (CVE-2013-1686)\n *\n\n MFSA 2013-51 / CVE-2013-1687: Security researcher\n Mariusz Mlynski reported that it is possible to compile a\n user-defined function in the XBL scope of a specific\n element and then trigger an event within this scope to run\n code. In some circumstances, when this code is run, it can\n access content protected by System Only Wrappers (SOW) and\n chrome-privileged pages. This could potentially lead to\n arbitrary code execution. Additionally, Chrome Object\n Wrappers (COW) can be bypassed by web content to access\n privileged methods, leading to a cross-site scripting (XSS)\n attack from privileged pages.\n\n *\n\n MFSA 2013-53 / CVE-2013-1690: Security researcher\n Nils reported that specially crafted web content using the\n onreadystatechange event and reloading of pages could\n sometimes cause a crash when unmapped memory is executed.\n This crash is potentially exploitable.\n\n *\n\n MFSA 2013-54 / CVE-2013-1692: Security researcher\n Johnathan Kuskos reported that Firefox is sending data in\n the body of XMLHttpRequest (XHR) HEAD requests, which goes\n agains the XHR specification. This can potentially be used\n for Cross-Site Request Forgery (CSRF) attacks against sites\n which do not distinguish between HEAD and POST requests.\n\n *\n\n MFSA 2013-55 / CVE-2013-1693: Security researcher\n Paul Stone of Context Information Security discovered that\n timing differences in the processing of SVG format images\n with filters could allow for pixel values to be read. This\n could potentially allow for text values to be read across\n domains, leading to information disclosure.\n\n *\n\n MFSA 2013-59 / CVE-2013-1697: Mozilla security\n researcher moz_bug_r_a4 reported that XrayWrappers can be\n bypassed to call content-defined toString and valueOf\n methods through DefaultValue. This can lead to unexpected\n behavior when privileged code acts on the incorrect values.\n", "edition": 1, "modified": "2013-07-05T22:04:18", "published": "2013-07-05T22:04:18", "id": "SUSE-SU-2013:1153-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html", "type": "suse", "title": "Security update for Mozilla Firefox (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:37:19", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "description": "MozillaThunderbird was updated to Thunderbird 17.0.7\n (bnc#825935)\n\n Security issues fixed:\n * MFSA 2013-49/CVE-2013-1682 Miscellaneous memory safety\n hazards\n * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686\n Memory corruption found using Address Sanitizer\n * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)\n Privileged content access and execution via XBL\n * MFSA 2013-53/CVE-2013-1690 (bmo#857883) Execution of\n unmapped memory through onreadystatechange event\n * MFSA 2013-54/CVE-2013-1692 (bmo#866915) Data in the\n body of XHR HEAD requests leads to CSRF attacks\n * MFSA 2013-55/CVE-2013-1693 (bmo#711043) SVG filters can\n lead to information disclosure\n * MFSA 2013-56/CVE-2013-1694 (bmo#848535) PreserveWrapper\n has inconsistent behavior\n * MFSA 2013-59/CVE-2013-1697 (bmo#858101) XrayWrappers\n can be bypassed to run user defined methods in a\n privileged context\n\n", "edition": 1, "modified": "2013-07-04T12:04:15", "published": "2013-07-04T12:04:15", "id": "OPENSUSE-SU-2013:1141-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html", "type": "suse", "title": "MozillaThunderbird: 17.0.7 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:38:53", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "description": "Mozilla xulrunner was update to 17.0.7esr (bnc#825935)\n\n Security issues fixed:\n * MFSA 2013-49/CVE-2013-1682 Miscellaneous memory safety\n hazards\n * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686\n Memory corruption found using Address Sanitizer\n * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)\n Privileged content access and execution via XBL\n * MFSA 2013-53/CVE-2013-1690 (bmo#857883) Execution of\n unmapped memory through onreadystatechange event\n * MFSA 2013-54/CVE-2013-1692 (bmo#866915) Data in the\n body of XHR HEAD requests leads to CSRF attacks\n * MFSA 2013-55/CVE-2013-1693 (bmo#711043) SVG filters can\n lead to information disclosure\n * MFSA 2013-56/CVE-2013-1694 (bmo#848535) PreserveWrapper\n has inconsistent behavior\n * MFSA 2013-59/CVE-2013-1697 (bmo#858101) XrayWrappers\n can be bypassed to run user defined methods in a\n privileged context\n\n", "edition": 1, "modified": "2013-07-04T12:04:46", "published": "2013-07-04T12:04:46", "id": "OPENSUSE-SU-2013:1143-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html", "type": "suse", "title": "xulrunner: 17.0.7esr (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:23:06", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1696", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1695", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1688", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1683", "CVE-2013-1693"], "description": "update to Firefox 22.0 and Thunderbird 17.0.7 including the\n following security fixes\n * MFSA 2013-49 Miscellaneous memory safety hazards\n * MFSA 2013-50 Memory corruption found using Address\n Sanitizer\n * MFSA 2013-51 Privileged content access and execution via\n XBL\n * MFSA 2013-52 Arbitrary code execution within Profiler\n * MFSA 2013-53 Execution of unmapped memory through\n onreadystatechange event\n * MFSA 2013-54 Data in the body of XHR HEAD requests leads\n to CSRF attacks\n * MFSA 2013-55 SVG filters can lead to information\n disclosure\n * MFSA 2013-56 PreserveWrapper has inconsistent behavior\n * MFSA 2013-57 Sandbox restrictions not applied to nested\n frame elements\n * MFSA 2013-58 X-Frame-Options ignored when using server\n push with multi-part responses\n * MFSA 2013-59 XrayWrappers can be bypassed to run user\n defined methods in a privileged context\n\n", "edition": 1, "modified": "2013-07-04T09:04:31", "published": "2013-07-04T09:04:31", "id": "OPENSUSE-SU-2013:1140-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html", "type": "suse", "title": "regular updates for Mozilla applications (FF/TB) (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:38:48", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1696", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1695", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1688", "CVE-2013-1686", "CVE-2013-1698", "CVE-2013-1682", "CVE-2013-1683", "CVE-2013-1693"], "description": "Seamonkey was updated to version 2.19\n\n * MFSA 2013-49/CVE-2013-1682/CVE-2013-1683 Miscellaneous\n memory safety hazards\n * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686\n Memory corruption found using Address Sanitizer\n * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)\n Privileged content access and execution via XBL\n * MFSA 2013-52/CVE-2013-1688 (bmo#873966) Arbitrary code\n execution within Profiler\n * MFSA 2013-53/CVE-2013-1690 (bmo#857883) Execution of\n unmapped memory through onreadystatechange event\n * MFSA 2013-54/CVE-2013-1692 (bmo#866915) Data in the\n body of XHR HEAD requests leads to CSRF attacks\n * MFSA 2013-55/CVE-2013-1693 (bmo#711043) SVG filters can\n lead to information disclosure\n * MFSA 2013-56/CVE-2013-1694 (bmo#848535) PreserveWrapper\n has inconsistent behavior\n * MFSA 2013-57/CVE-2013-1695 (bmo#849791) Sandbox\n restrictions not applied to nested frame elements\n * MFSA 2013-58/CVE-2013-1696 (bmo#761667) X-Frame-Options\n ignored when using server push with multi-part responses\n * MFSA 2013-59/CVE-2013-1697 (bmo#858101) XrayWrappers\n can be bypassed to run user defined methods in a\n privileged context\n * MFSA 2013-60/CVE-2013-1698 (bmo#876044)\n\n", "edition": 1, "modified": "2013-07-11T06:04:11", "published": "2013-07-11T06:04:11", "id": "OPENSUSE-SU-2013:1176-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00015.html", "type": "suse", "title": "update to SeaMonkey 2.19 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:56:41", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1696", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1695", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1688", "CVE-2013-1686", "CVE-2013-1698", "CVE-2013-1682", "CVE-2013-1683", "CVE-2013-1699", "CVE-2013-1693"], "description": "MozillaFirefox was updated to Firefox 22.0 (bnc#825935)\n\n Following security issues were fixed:\n * MFSA 2013-49/CVE-2013-1682/CVE-2013-1683 Miscellaneous\n memory safety hazards\n * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686\n Memory corruption found using Address Sanitizer\n * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)\n Privileged content access and execution via XBL\n * MFSA 2013-52/CVE-2013-1688 (bmo#873966) Arbitrary code\n execution within Profiler\n * MFSA 2013-53/CVE-2013-1690 (bmo#857883) Execution of\n unmapped memory through onreadystatechange event\n * MFSA 2013-54/CVE-2013-1692 (bmo#866915) Data in the\n body of XHR HEAD requests leads to CSRF attacks\n * MFSA 2013-55/CVE-2013-1693 (bmo#711043) SVG filters can\n lead to information disclosure\n * MFSA 2013-56/CVE-2013-1694 (bmo#848535) PreserveWrapper\n has inconsistent behavior\n * MFSA 2013-57/CVE-2013-1695 (bmo#849791) Sandbox\n restrictions not applied to nested frame elements\n * MFSA 2013-58/CVE-2013-1696 (bmo#761667) X-Frame-Options\n ignored when using server push with multi-part responses\n * MFSA 2013-59/CVE-2013-1697 (bmo#858101) XrayWrappers\n can be bypassed to run user defined methods in a\n privileged context\n * MFSA 2013-60/CVE-2013-1698 (bmo#876044) getUserMedia\n permission dialog incorrectly displays location\n * MFSA 2013-61/CVE-2013-1699 (bmo#840882) Homograph\n domain spoofing in .com, .net and .name\n\n", "edition": 1, "modified": "2013-07-04T12:04:29", "published": "2013-07-04T12:04:29", "id": "OPENSUSE-SU-2013:1142-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html", "type": "suse", "title": "MozillaFirefox: Update to Firefox 22.0 release (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-20T14:38:05", "description": "Mozilla Firefox has been updated to the 17.0.7 ESR version, fixing\nbugs and security fixes.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2013-49)\n\n Gary Kwong, Jesse Ruderman, and Andrew McCreight\n reported memory safety problems and crashes that affect\n Firefox ESR 17, and Firefox 21. (CVE-2013-1682)\n\n - Security researcher Abhishek Arya (Inferno) of the\n Google Chrome Security Team used the Address Sanitizer\n tool to discover a series of use-after-free problems\n rated critical as security issues in shipped software.\n Some of these issues are potentially exploitable,\n allowing for remote code execution. We would also like\n to thank Abhishek for reporting additional\n use-after-free and buffer overflow flaws in code\n introduced during Firefox development. These were fixed\n before general release. (MFSA 2013-50)\n\n - Heap-use-after-free in\n mozilla::dom::HTMLMediaElement::LookupMediaElementURITab\n le. (CVE-2013-1684)\n\n - Heap-use-after-free in nsIDocument::GetRootElement.\n (CVE-2013-1685)\n\n - Heap-use-after-free in mozilla::ResetDir.\n (CVE-2013-1686)\n\n - Security researcher Mariusz Mlynski reported that it is\n possible to compile a user-defined function in the XBL\n scope of a specific element and then trigger an event\n within this scope to run code. In some circumstances,\n when this code is run, it can access content protected\n by System Only Wrappers (SOW) and chrome-privileged\n pages. This could potentially lead to arbitrary code\n execution. Additionally, Chrome Object Wrappers (COW)\n can be bypassed by web content to access privileged\n methods, leading to a cross-site scripting (XSS) attack\n from privileged pages. (MFSA 2013-51 / CVE-2013-1687)\n\n - Security researcher Nils reported that specially crafted\n web content using the onreadystatechange event and\n reloading of pages could sometimes cause a crash when\n unmapped memory is executed. This crash is potentially\n exploitable. (MFSA 2013-53 / CVE-2013-1690)\n\n - Security researcher Johnathan Kuskos reported that\n Firefox is sending data in the body of XMLHttpRequest\n (XHR) HEAD requests, which goes against the XHR\n specification. This can potentially be used for\n Cross-Site Request Forgery (CSRF) attacks against sites\n which do not distinguish between HEAD and POST requests.\n (MFSA 2013-54 / CVE-2013-1692)\n\n - Security researcher Paul Stone of Context Information\n Security discovered that timing differences in the\n processing of SVG format images with filters could allow\n for pixel values to be read. This could potentially\n allow for text values to be read across domains, leading\n to information disclosure. (MFSA 2013-55 /\n CVE-2013-1693)\n\n - Mozilla security researcher moz_bug_r_a4 reported that\n XrayWrappers can be bypassed to call content-defined\n toString and valueOf methods through DefaultValue. This\n can lead to unexpected behavior when privileged code\n acts on the incorrect values. (MFSA 2013-59 /\n CVE-2013-1697)", "edition": 17, "published": "2013-07-06T00:00:00", "title": "SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7976)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "modified": "2013-07-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:MozillaFirefox-branding-SLED", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox"], "id": "SUSE_11_FIREFOX-20130628-130628.NASL", "href": "https://www.tenable.com/plugins/nessus/67195", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67195);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-1682\", \"CVE-2013-1684\", \"CVE-2013-1685\", \"CVE-2013-1686\", \"CVE-2013-1687\", \"CVE-2013-1690\", \"CVE-2013-1692\", \"CVE-2013-1693\", \"CVE-2013-1697\");\n\n script_name(english:\"SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7976)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox has been updated to the 17.0.7 ESR version, fixing\nbugs and security fixes.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2013-49)\n\n Gary Kwong, Jesse Ruderman, and Andrew McCreight\n reported memory safety problems and crashes that affect\n Firefox ESR 17, and Firefox 21. (CVE-2013-1682)\n\n - Security researcher Abhishek Arya (Inferno) of the\n Google Chrome Security Team used the Address Sanitizer\n tool to discover a series of use-after-free problems\n rated critical as security issues in shipped software.\n Some of these issues are potentially exploitable,\n allowing for remote code execution. We would also like\n to thank Abhishek for reporting additional\n use-after-free and buffer overflow flaws in code\n introduced during Firefox development. These were fixed\n before general release. (MFSA 2013-50)\n\n - Heap-use-after-free in\n mozilla::dom::HTMLMediaElement::LookupMediaElementURITab\n le. (CVE-2013-1684)\n\n - Heap-use-after-free in nsIDocument::GetRootElement.\n (CVE-2013-1685)\n\n - Heap-use-after-free in mozilla::ResetDir.\n (CVE-2013-1686)\n\n - Security researcher Mariusz Mlynski reported that it is\n possible to compile a user-defined function in the XBL\n scope of a specific element and then trigger an event\n within this scope to run code. In some circumstances,\n when this code is run, it can access content protected\n by System Only Wrappers (SOW) and chrome-privileged\n pages. This could potentially lead to arbitrary code\n execution. Additionally, Chrome Object Wrappers (COW)\n can be bypassed by web content to access privileged\n methods, leading to a cross-site scripting (XSS) attack\n from privileged pages. (MFSA 2013-51 / CVE-2013-1687)\n\n - Security researcher Nils reported that specially crafted\n web content using the onreadystatechange event and\n reloading of pages could sometimes cause a crash when\n unmapped memory is executed. This crash is potentially\n exploitable. (MFSA 2013-53 / CVE-2013-1690)\n\n - Security researcher Johnathan Kuskos reported that\n Firefox is sending data in the body of XMLHttpRequest\n (XHR) HEAD requests, which goes against the XHR\n specification. This can potentially be used for\n Cross-Site Request Forgery (CSRF) attacks against sites\n which do not distinguish between HEAD and POST requests.\n (MFSA 2013-54 / CVE-2013-1692)\n\n - Security researcher Paul Stone of Context Information\n Security discovered that timing differences in the\n processing of SVG format images with filters could allow\n for pixel values to be read. This could potentially\n allow for text values to be read across domains, leading\n to information disclosure. (MFSA 2013-55 /\n CVE-2013-1693)\n\n - Mozilla security researcher moz_bug_r_a4 reported that\n XrayWrappers can be bypassed to call content-defined\n toString and valueOf methods through DefaultValue. This\n can lead to unexpected behavior when privileged code\n acts on the incorrect values. (MFSA 2013-59 /\n CVE-2013-1697)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-49.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-50.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-51.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-53.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-54.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-55.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-59.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=825935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1682.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1684.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1685.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1686.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1687.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1690.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1692.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1693.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1697.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 7976.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox onreadystatechange Event DocumentViewerImpl Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-branding-SLED\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"MozillaFirefox-17.0.7esr-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"MozillaFirefox-branding-SLED-7-0.6.9.31\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"MozillaFirefox-translations-17.0.7esr-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"MozillaFirefox-17.0.7esr-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"MozillaFirefox-branding-SLED-7-0.6.9.31\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-17.0.7esr-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"MozillaFirefox-17.0.7esr-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"MozillaFirefox-branding-SLED-7-0.6.9.31\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"MozillaFirefox-translations-17.0.7esr-0.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:12:38", "description": "An updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2013-1682, CVE-2013-1684, CVE-2013-1685,\nCVE-2013-1686, CVE-2013-1687, CVE-2013-1690)\n\nIt was found that Thunderbird allowed data to be sent in the body of\nXMLHttpRequest (XHR) HEAD requests. In some cases this could allow\nattackers to conduct Cross-Site Request Forgery (CSRF) attacks.\n(CVE-2013-1692)\n\nTiming differences in the way Thunderbird processed SVG image files\ncould allow an attacker to read data across domains, potentially\nleading to information disclosure. (CVE-2013-1693)\n\nTwo flaws were found in the way Thunderbird implemented some of its\ninternal structures (called wrappers). An attacker could use these\nflaws to bypass some restrictions placed on them. This could lead to\nunexpected behavior or a potentially exploitable crash.\n(CVE-2013-1694, CVE-2013-1697)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Jesse Ruderman, Andrew\nMcCreight, Abhishek Arya, Mariusz Mlynski, Nils, Johnathan Kuskos,\nPaul Stone, Boris Zbarsky, and moz_bug_r_a4 as the original reporters\nof these issues.\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message as JavaScript is disabled by default for\nmail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 17.0.7 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.", "edition": 21, "published": "2013-06-26T00:00:00", "title": "RHEL 5 / 6 : thunderbird (RHSA-2013:0982)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "modified": "2013-06-26T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:thunderbird", "cpe:/o:redhat:enterprise_linux:5.9", "cpe:/o:redhat:enterprise_linux:6.4", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2013-0982.NASL", "href": "https://www.tenable.com/plugins/nessus/66980", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0982. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66980);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-1682\", \"CVE-2013-1684\", \"CVE-2013-1685\", \"CVE-2013-1686\", \"CVE-2013-1687\", \"CVE-2013-1690\", \"CVE-2013-1692\", \"CVE-2013-1693\", \"CVE-2013-1694\", \"CVE-2013-1697\");\n script_xref(name:\"RHSA\", value:\"2013:0982\");\n\n script_name(english:\"RHEL 5 / 6 : thunderbird (RHSA-2013:0982)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2013-1682, CVE-2013-1684, CVE-2013-1685,\nCVE-2013-1686, CVE-2013-1687, CVE-2013-1690)\n\nIt was found that Thunderbird allowed data to be sent in the body of\nXMLHttpRequest (XHR) HEAD requests. In some cases this could allow\nattackers to conduct Cross-Site Request Forgery (CSRF) attacks.\n(CVE-2013-1692)\n\nTiming differences in the way Thunderbird processed SVG image files\ncould allow an attacker to read data across domains, potentially\nleading to information disclosure. (CVE-2013-1693)\n\nTwo flaws were found in the way Thunderbird implemented some of its\ninternal structures (called wrappers). An attacker could use these\nflaws to bypass some restrictions placed on them. This could lead to\nunexpected behavior or a potentially exploitable crash.\n(CVE-2013-1694, CVE-2013-1697)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Jesse Ruderman, Andrew\nMcCreight, Abhishek Arya, Mariusz Mlynski, Nils, Johnathan Kuskos,\nPaul Stone, Boris Zbarsky, and moz_bug_r_a4 as the original reporters\nof these issues.\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message as JavaScript is disabled by default for\nmail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 17.0.7 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1697\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1687\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox onreadystatechange Event DocumentViewerImpl Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0982\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-17.0.7-1.el5_9\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-17.0.7-1.el5_9\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-debuginfo-17.0.7-1.el5_9\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-17.0.7-1.el5_9\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-17.0.7-1.el6_4\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-17.0.7-1.el6_4\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-17.0.7-1.el6_4\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-debuginfo-17.0.7-1.el6_4\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-debuginfo-17.0.7-1.el6_4\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-17.0.7-1.el6_4\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:39:41", "description": "Multiple memory safety issues were discovered in Thunderbird. If the\nuser were tricked into opening a specially crafted message with\nscripting enabled, an attacker could possibly exploit these to cause a\ndenial of service via application crash, or potentially execute\narbitrary code with the privileges of the user invoking Thunderbird.\n(CVE-2013-1682)\n\nAbhishek Arya discovered multiple use-after-free bugs. If the user\nwere tricked into opening a specially crafted message with scripting\nenabled, an attacker could possibly exploit these to execute arbitrary\ncode with the privileges of the user invoking Thunderbird.\n(CVE-2013-1684, CVE-2013-1685, CVE-2013-1686)\n\nMariusz Mlynski discovered that user defined code within the XBL scope\nof an element could be made to bypass System Only Wrappers (SOW). If a\nuser had scripting enabled, an attacker could potentially exploit this\nto execute arbitrary code with the privileges of the user invoking\nThunderbird. (CVE-2013-1687)\n\nA crash was discovered when reloading a page that contained content\nusing the onreadystatechange event. If a user had scripting enabled,\nan attacker could potentially exploit this to execute arbitrary code\nwith the privileges of the user invoking Thunderbird. (CVE-2013-1690)\n\nJohnathan Kuskos discovered that Thunderbird sent data in the body of\nXMLHttpRequest HEAD requests. If a user had scripting enabled, an\nattacker could exploit this to conduct Cross-Site Request Forgery\n(CSRF) attacks. (CVE-2013-1692)\n\nPaul Stone discovered a timing flaw in the processing of SVG images\nwith filters. If a user had scripting enabled, an attacker could\nexploit this to view sensitive information. (CVE-2013-1693)\n\nBoris Zbarsky discovered a flaw in PreserveWrapper. If a user had\nscripting enabled, an attacker could potentially exploit this to cause\na denial of service via application crash, or execute code with the\nprivileges of the user invoking Thunderbird. (CVE-2013-1694)\n\nIt was discovered that XrayWrappers could be bypassed to call\ncontent-defined methods in certain circumstances. If a user had\nscripting enabled, an attacker could exploit this to cause undefined\nbehaviour. (CVE-2013-1697).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2013-06-27T00:00:00", "title": "Ubuntu 12.04 LTS / 12.10 / 13.04 : thunderbird vulnerabilities (USN-1891-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:13.04", "p-cpe:/a:canonical:ubuntu_linux:thunderbird", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1891-1.NASL", "href": "https://www.tenable.com/plugins/nessus/67001", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1891-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67001);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-1682\", \"CVE-2013-1684\", \"CVE-2013-1685\", \"CVE-2013-1686\", \"CVE-2013-1687\", \"CVE-2013-1690\", \"CVE-2013-1692\", \"CVE-2013-1693\", \"CVE-2013-1694\", \"CVE-2013-1697\");\n script_xref(name:\"USN\", value:\"1891-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 12.10 / 13.04 : thunderbird vulnerabilities (USN-1891-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple memory safety issues were discovered in Thunderbird. If the\nuser were tricked into opening a specially crafted message with\nscripting enabled, an attacker could possibly exploit these to cause a\ndenial of service via application crash, or potentially execute\narbitrary code with the privileges of the user invoking Thunderbird.\n(CVE-2013-1682)\n\nAbhishek Arya discovered multiple use-after-free bugs. If the user\nwere tricked into opening a specially crafted message with scripting\nenabled, an attacker could possibly exploit these to execute arbitrary\ncode with the privileges of the user invoking Thunderbird.\n(CVE-2013-1684, CVE-2013-1685, CVE-2013-1686)\n\nMariusz Mlynski discovered that user defined code within the XBL scope\nof an element could be made to bypass System Only Wrappers (SOW). If a\nuser had scripting enabled, an attacker could potentially exploit this\nto execute arbitrary code with the privileges of the user invoking\nThunderbird. (CVE-2013-1687)\n\nA crash was discovered when reloading a page that contained content\nusing the onreadystatechange event. If a user had scripting enabled,\nan attacker could potentially exploit this to execute arbitrary code\nwith the privileges of the user invoking Thunderbird. (CVE-2013-1690)\n\nJohnathan Kuskos discovered that Thunderbird sent data in the body of\nXMLHttpRequest HEAD requests. If a user had scripting enabled, an\nattacker could exploit this to conduct Cross-Site Request Forgery\n(CSRF) attacks. (CVE-2013-1692)\n\nPaul Stone discovered a timing flaw in the processing of SVG images\nwith filters. If a user had scripting enabled, an attacker could\nexploit this to view sensitive information. (CVE-2013-1693)\n\nBoris Zbarsky discovered a flaw in PreserveWrapper. If a user had\nscripting enabled, an attacker could potentially exploit this to cause\na denial of service via application crash, or execute code with the\nprivileges of the user invoking Thunderbird. (CVE-2013-1694)\n\nIt was discovered that XrayWrappers could be bypassed to call\ncontent-defined methods in certain circumstances. If a user had\nscripting enabled, an attacker could exploit this to cause undefined\nbehaviour. (CVE-2013-1697).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1891-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox onreadystatechange Event DocumentViewerImpl Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|12\\.10|13\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 12.10 / 13.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"thunderbird\", pkgver:\"17.0.7+build1-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"thunderbird\", pkgver:\"17.0.7+build1-0ubuntu0.12.10.1\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"thunderbird\", pkgver:\"17.0.7+build1-0ubuntu0.13.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:48:45", "description": "The installed version of Firefox ESR 17.x is earlier than 17.0.7, and\nis, therefore, potentially affected by the following vulnerabilities :\n\n - Various, unspecified memory safety issues exist.\n (CVE-2013-1682)\n\n - Heap-use-after-free errors exist related to\n 'LookupMediaElementURITable',\n 'nsIDocument::GetRootElement' and 'mozilla::ResetDir'.\n (CVE-2013-1684, CVE-2013-1685, CVE-2013-1686)\n\n - An error exists related to 'XBL scope', 'System Only\n Wrappers' (SOW) and chrome-privileged pages that could\n allow cross-site scripting attacks. (CVE-2013-1687)\n\n - An error related to 'onreadystatechange' and unmapped\n memory could cause application crashes and allow\n arbitrary code execution. (CVE-2013-1690)\n\n - The application sends data in the body of XMLHttpRequest\n (XHR) HEAD requests and could aid in cross-site request\n forgery attacks. (CVE-2013-1692)\n\n - An error related to the processing of SVG content could\n allow a timing attack to disclose information across\n domains. (CVE-2013-1693)\n\n - An error exists related to 'PreserveWrapper' and the\n 'preserved-wrapper' flag that could cause potentially\n exploitable application crashes. (CVE-2013-1694)\n\n - An error exists related to the 'toString' and 'valueOf'\n methods that could allow 'XrayWrappers' to be bypassed.\n (CVE-2013-1697)", "edition": 25, "published": "2013-06-26T00:00:00", "title": "Firefox ESR 17.x < 17.0.7 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MOZILLA_FIREFOX_1707_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/66992", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66992);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\n \"CVE-2013-1682\",\n \"CVE-2013-1684\",\n \"CVE-2013-1685\",\n \"CVE-2013-1686\",\n \"CVE-2013-1687\",\n \"CVE-2013-1690\",\n \"CVE-2013-1692\",\n \"CVE-2013-1693\",\n \"CVE-2013-1694\",\n \"CVE-2013-1697\"\n );\n script_bugtraq_id(\n 60765,\n 60766,\n 60773,\n 60774,\n 60776,\n 60777,\n 60778,\n 60783,\n 60784,\n 60787\n );\n\n script_name(english:\"Firefox ESR 17.x < 17.0.7 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is potentially\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox ESR 17.x is earlier than 17.0.7, and\nis, therefore, potentially affected by the following vulnerabilities :\n\n - Various, unspecified memory safety issues exist.\n (CVE-2013-1682)\n\n - Heap-use-after-free errors exist related to\n 'LookupMediaElementURITable',\n 'nsIDocument::GetRootElement' and 'mozilla::ResetDir'.\n (CVE-2013-1684, CVE-2013-1685, CVE-2013-1686)\n\n - An error exists related to 'XBL scope', 'System Only\n Wrappers' (SOW) and chrome-privileged pages that could\n allow cross-site scripting attacks. (CVE-2013-1687)\n\n - An error related to 'onreadystatechange' and unmapped\n memory could cause application crashes and allow\n arbitrary code execution. (CVE-2013-1690)\n\n - The application sends data in the body of XMLHttpRequest\n (XHR) HEAD requests and could aid in cross-site request\n forgery attacks. (CVE-2013-1692)\n\n - An error related to the processing of SVG content could\n allow a timing attack to disclose information across\n domains. (CVE-2013-1693)\n\n - An error exists related to 'PreserveWrapper' and the\n 'preserved-wrapper' flag that could cause potentially\n exploitable application crashes. (CVE-2013-1694)\n\n - An error exists related to the 'toString' and 'valueOf'\n methods that could allow 'XrayWrappers' to be bypassed.\n (CVE-2013-1697)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-49/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-50/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-51/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-53/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-54/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-55/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-56/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-59/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Firefox 17.0.7 ESR or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-1686\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox onreadystatechange Event DocumentViewerImpl Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item_or_exit(\"SMB/transport\");\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'17.0.7', min:'17.0', severity:SECURITY_HOLE, xss:TRUE, xsrf:TRUE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:47:37", "description": "Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2013-1682, CVE-2013-1684, CVE-2013-1685,\nCVE-2013-1686, CVE-2013-1687, CVE-2013-1690)\n\nIt was found that Firefox allowed data to be sent in the body of\nXMLHttpRequest (XHR) HEAD requests. In some cases this could allow\nattackers to conduct Cross-Site Request Forgery (CSRF) attacks.\n(CVE-2013-1692)\n\nTiming differences in the way Firefox processed SVG image files could\nallow an attacker to read data across domains, potentially leading to\ninformation disclosure. (CVE-2013-1693)\n\nTwo flaws were found in the way Firefox implemented some of its\ninternal structures (called wrappers). An attacker could use these\nflaws to bypass some restrictions placed on them. This could lead to\nunexpected behavior or a potentially exploitable crash.\n(CVE-2013-1694, CVE-2013-1697)\n\n0.7 ESR, which corrects these issues. After installing the update,\nFirefox must be restarted for the changes to take effect.", "edition": 14, "published": "2013-06-26T00:00:00", "title": "Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20130625)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "modified": "2013-06-26T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:xulrunner-debuginfo", "p-cpe:/a:fermilab:scientific_linux:firefox", "p-cpe:/a:fermilab:scientific_linux:xulrunner-devel", "p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:xulrunner"], "id": "SL_20130625_FIREFOX_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/66983", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66983);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-1682\", \"CVE-2013-1684\", \"CVE-2013-1685\", \"CVE-2013-1686\", \"CVE-2013-1687\", \"CVE-2013-1690\", \"CVE-2013-1692\", \"CVE-2013-1693\", \"CVE-2013-1694\", \"CVE-2013-1697\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20130625)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2013-1682, CVE-2013-1684, CVE-2013-1685,\nCVE-2013-1686, CVE-2013-1687, CVE-2013-1690)\n\nIt was found that Firefox allowed data to be sent in the body of\nXMLHttpRequest (XHR) HEAD requests. In some cases this could allow\nattackers to conduct Cross-Site Request Forgery (CSRF) attacks.\n(CVE-2013-1692)\n\nTiming differences in the way Firefox processed SVG image files could\nallow an attacker to read data across domains, potentially leading to\ninformation disclosure. (CVE-2013-1693)\n\nTwo flaws were found in the way Firefox implemented some of its\ninternal structures (called wrappers). An attacker could use these\nflaws to bypass some restrictions placed on them. This could lead to\nunexpected behavior or a potentially exploitable crash.\n(CVE-2013-1694, CVE-2013-1697)\n\n0.7 ESR, which corrects these issues. After installing the update,\nFirefox must be restarted for the changes to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1306&L=scientific-linux-errata&T=0&P=2075\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?65443fd6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox onreadystatechange Event DocumentViewerImpl Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"firefox-17.0.7-1.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"firefox-debuginfo-17.0.7-1.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-17.0.7-1.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-debuginfo-17.0.7-1.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xulrunner-devel-17.0.7-1.el5_9\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"firefox-17.0.7-1.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"firefox-debuginfo-17.0.7-1.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xulrunner-17.0.7-1.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xulrunner-debuginfo-17.0.7-1.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xulrunner-devel-17.0.7-1.el6_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo / xulrunner / xulrunner-debuginfo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:40:58", "description": "The installed version of Thunderbird ESR 17.x is prior to 17.0.7 and\nis, therefore, potentially affected the following vulnerabilities :\n\n - Various, unspecified memory safety issues exist.\n (CVE-2013-1682)\n\n - Heap-use-after-free errors exist related to\n 'LookupMediaElementURITable',\n 'nsIDocument::GetRootElement' and 'mozilla::ResetDir'.\n (CVE-2013-1684, CVE-2013-1685, CVE-2013-1686)\n\n - An error exists related to 'XBL scope', 'System Only\n Wrappers' (SOW) and chrome-privileged pages that could\n allow cross-site scripting attacks. (CVE-2013-1687)\n\n - An error related to 'onreadystatechange' and unmapped\n memory could cause application crashes and allow\n arbitrary code execution. (CVE-2013-1690)\n\n - The application sends data in the body of XMLHttpRequest\n (XHR) HEAD requests and could aid in cross-site request\n forgery attacks. (CVE-2013-1692)\n\n - An error related to the processing of SVG content could\n allow a timing attack to disclose information across\n domains. (CVE-2013-1693)\n\n - An error exists related to 'PreserveWrapper' and the\n 'preserved-wrapper' flag that could cause potentially\n exploitable application crashes. (CVE-2013-1694)\n\n - An error exists related to the 'toString' and 'valueOf'\n methods that could allow 'XrayWrappers' to be bypassed.\n (CVE-2013-1697)", "edition": 25, "published": "2013-06-26T00:00:00", "title": "Thunderbird ESR 17.x < 17.0.7 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MACOSX_THUNDERBIRD_17_0_7_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/66991", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66991);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\n \"CVE-2013-1682\",\n \"CVE-2013-1684\",\n \"CVE-2013-1685\",\n \"CVE-2013-1686\",\n \"CVE-2013-1687\",\n \"CVE-2013-1690\",\n \"CVE-2013-1692\",\n \"CVE-2013-1693\",\n \"CVE-2013-1694\",\n \"CVE-2013-1697\"\n );\n script_bugtraq_id(\n 60765,\n 60766,\n 60773,\n 60774,\n 60776,\n 60777,\n 60778,\n 60783,\n 60784,\n 60787\n );\n\n script_name(english:\"Thunderbird ESR 17.x < 17.0.7 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a mail client that is potentially\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Thunderbird ESR 17.x is prior to 17.0.7 and\nis, therefore, potentially affected the following vulnerabilities :\n\n - Various, unspecified memory safety issues exist.\n (CVE-2013-1682)\n\n - Heap-use-after-free errors exist related to\n 'LookupMediaElementURITable',\n 'nsIDocument::GetRootElement' and 'mozilla::ResetDir'.\n (CVE-2013-1684, CVE-2013-1685, CVE-2013-1686)\n\n - An error exists related to 'XBL scope', 'System Only\n Wrappers' (SOW) and chrome-privileged pages that could\n allow cross-site scripting attacks. (CVE-2013-1687)\n\n - An error related to 'onreadystatechange' and unmapped\n memory could cause application crashes and allow\n arbitrary code execution. (CVE-2013-1690)\n\n - The application sends data in the body of XMLHttpRequest\n (XHR) HEAD requests and could aid in cross-site request\n forgery attacks. (CVE-2013-1692)\n\n - An error related to the processing of SVG content could\n allow a timing attack to disclose information across\n domains. (CVE-2013-1693)\n\n - An error exists related to 'PreserveWrapper' and the\n 'preserved-wrapper' flag that could cause potentially\n exploitable application crashes. (CVE-2013-1694)\n\n - An error exists related to the 'toString' and 'valueOf'\n methods that could allow 'XrayWrappers' to be bypassed.\n (CVE-2013-1697)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-49/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-50/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-51/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-53/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-54/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-55/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-56/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2013-59/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Thunderbird ESR 17.0.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-1686\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox onreadystatechange Event DocumentViewerImpl Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_thunderbird_installed.nasl\");\n script_require_keys(\"MacOSX/Thunderbird/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Thunderbird\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nis_esr = get_kb_item(kb_base+\"/is_esr\");\nif (isnull(is_esr)) audit(AUDIT_NOT_INST, \"Mozilla Thunderbird ESR\");\n\nmozilla_check_version(product:'thunderbird', version:version, path:path, esr:TRUE, fix:'17.0.7', min:'17.0', severity:SECURITY_HOLE, xss:TRUE, xsrf:TRUE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:28:46", "description": "An updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2013-1682, CVE-2013-1684, CVE-2013-1685,\nCVE-2013-1686, CVE-2013-1687, CVE-2013-1690)\n\nIt was found that Thunderbird allowed data to be sent in the body of\nXMLHttpRequest (XHR) HEAD requests. In some cases this could allow\nattackers to conduct Cross-Site Request Forgery (CSRF) attacks.\n(CVE-2013-1692)\n\nTiming differences in the way Thunderbird processed SVG image files\ncould allow an attacker to read data across domains, potentially\nleading to information disclosure. (CVE-2013-1693)\n\nTwo flaws were found in the way Thunderbird implemented some of its\ninternal structures (called wrappers). An attacker could use these\nflaws to bypass some restrictions placed on them. This could lead to\nunexpected behavior or a potentially exploitable crash.\n(CVE-2013-1694, CVE-2013-1697)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Jesse Ruderman, Andrew\nMcCreight, Abhishek Arya, Mariusz Mlynski, Nils, Johnathan Kuskos,\nPaul Stone, Boris Zbarsky, and moz_bug_r_a4 as the original reporters\nof these issues.\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message as JavaScript is disabled by default for\nmail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 17.0.7 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.", "edition": 21, "published": "2013-06-27T00:00:00", "title": "CentOS 5 / 6 : thunderbird (CESA-2013:0982)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "modified": "2013-06-27T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2013-0982.NASL", "href": "https://www.tenable.com/plugins/nessus/66997", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0982 and \n# CentOS Errata and Security Advisory 2013:0982 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66997);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-1682\", \"CVE-2013-1684\", \"CVE-2013-1685\", \"CVE-2013-1686\", \"CVE-2013-1687\", \"CVE-2013-1690\", \"CVE-2013-1692\", \"CVE-2013-1693\", \"CVE-2013-1694\", \"CVE-2013-1697\");\n script_xref(name:\"RHSA\", value:\"2013:0982\");\n\n script_name(english:\"CentOS 5 / 6 : thunderbird (CESA-2013:0982)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2013-1682, CVE-2013-1684, CVE-2013-1685,\nCVE-2013-1686, CVE-2013-1687, CVE-2013-1690)\n\nIt was found that Thunderbird allowed data to be sent in the body of\nXMLHttpRequest (XHR) HEAD requests. In some cases this could allow\nattackers to conduct Cross-Site Request Forgery (CSRF) attacks.\n(CVE-2013-1692)\n\nTiming differences in the way Thunderbird processed SVG image files\ncould allow an attacker to read data across domains, potentially\nleading to information disclosure. (CVE-2013-1693)\n\nTwo flaws were found in the way Thunderbird implemented some of its\ninternal structures (called wrappers). An attacker could use these\nflaws to bypass some restrictions placed on them. This could lead to\nunexpected behavior or a potentially exploitable crash.\n(CVE-2013-1694, CVE-2013-1697)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Jesse Ruderman, Andrew\nMcCreight, Abhishek Arya, Mariusz Mlynski, Nils, Johnathan Kuskos,\nPaul Stone, Boris Zbarsky, and moz_bug_r_a4 as the original reporters\nof these issues.\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message as JavaScript is disabled by default for\nmail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 17.0.7 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-June/019807.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?29c51a91\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-June/019817.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?30af8fe0\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-1682\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox onreadystatechange Event DocumentViewerImpl Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-17.0.7-1.el5.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-17.0.7-1.el6.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:47:37", "description": "Several flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2013-1682, CVE-2013-1684, CVE-2013-1685,\nCVE-2013-1686, CVE-2013-1687, CVE-2013-1690)\n\nIt was found that Thunderbird allowed data to be sent in the body of\nXMLHttpRequest (XHR) HEAD requests. In some cases this could allow\nattackers to conduct Cross-Site Request Forgery (CSRF) attacks.\n(CVE-2013-1692)\n\nTiming differences in the way Thunderbird processed SVG image files\ncould allow an attacker to read data across domains, potentially\nleading to information disclosure. (CVE-2013-1693)\n\nTwo flaws were found in the way Thunderbird implemented some of its\ninternal structures (called wrappers). An attacker could use these\nflaws to bypass some restrictions placed on them. This could lead to\nunexpected behavior or a potentially exploitable crash.\n(CVE-2013-1694, CVE-2013-1697)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message as JavaScript is disabled by default for\nmail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\n0.7 ESR, which corrects these issues. After installing the update,\nThunderbird must be restarted for the changes to take effect.", "edition": 14, "published": "2013-06-26T00:00:00", "title": "Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20130625)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "modified": "2013-06-26T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:thunderbird", "p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20130625_THUNDERBIRD_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/66984", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66984);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-1682\", \"CVE-2013-1684\", \"CVE-2013-1685\", \"CVE-2013-1686\", \"CVE-2013-1687\", \"CVE-2013-1690\", \"CVE-2013-1692\", \"CVE-2013-1693\", \"CVE-2013-1694\", \"CVE-2013-1697\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20130625)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2013-1682, CVE-2013-1684, CVE-2013-1685,\nCVE-2013-1686, CVE-2013-1687, CVE-2013-1690)\n\nIt was found that Thunderbird allowed data to be sent in the body of\nXMLHttpRequest (XHR) HEAD requests. In some cases this could allow\nattackers to conduct Cross-Site Request Forgery (CSRF) attacks.\n(CVE-2013-1692)\n\nTiming differences in the way Thunderbird processed SVG image files\ncould allow an attacker to read data across domains, potentially\nleading to information disclosure. (CVE-2013-1693)\n\nTwo flaws were found in the way Thunderbird implemented some of its\ninternal structures (called wrappers). An attacker could use these\nflaws to bypass some restrictions placed on them. This could lead to\nunexpected behavior or a potentially exploitable crash.\n(CVE-2013-1694, CVE-2013-1697)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message as JavaScript is disabled by default for\nmail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\n0.7 ESR, which corrects these issues. After installing the update,\nThunderbird must be restarted for the changes to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1306&L=scientific-linux-errata&T=0&P=2207\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f83311f9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox onreadystatechange Event DocumentViewerImpl Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-17.0.7-1.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-debuginfo-17.0.7-1.el5_9\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-17.0.7-1.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-debuginfo-17.0.7-1.el6_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:28:46", "description": "Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2013-1682, CVE-2013-1684, CVE-2013-1685,\nCVE-2013-1686, CVE-2013-1687, CVE-2013-1690)\n\nIt was found that Firefox allowed data to be sent in the body of\nXMLHttpRequest (XHR) HEAD requests. In some cases this could allow\nattackers to conduct Cross-Site Request Forgery (CSRF) attacks.\n(CVE-2013-1692)\n\nTiming differences in the way Firefox processed SVG image files could\nallow an attacker to read data across domains, potentially leading to\ninformation disclosure. (CVE-2013-1693)\n\nTwo flaws were found in the way Firefox implemented some of its\ninternal structures (called wrappers). An attacker could use these\nflaws to bypass some restrictions placed on them. This could lead to\nunexpected behavior or a potentially exploitable crash.\n(CVE-2013-1694, CVE-2013-1697)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Jesse Ruderman, Andrew\nMcCreight, Abhishek Arya, Mariusz Mlynski, Nils, Johnathan Kuskos,\nPaul Stone, Boris Zbarsky, and moz_bug_r_a4 as the original reporters\nof these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 17.0.7 ESR. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 17.0.7 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 25, "published": "2013-06-27T00:00:00", "title": "CentOS 5 / 6 : firefox / xulrunner (CESA-2013:0981)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "modified": "2013-06-27T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:xulrunner-devel", "p-cpe:/a:centos:centos:xulrunner", "p-cpe:/a:centos:centos:firefox", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2013-0981.NASL", "href": "https://www.tenable.com/plugins/nessus/66996", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0981 and \n# CentOS Errata and Security Advisory 2013:0981 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66996);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-1682\", \"CVE-2013-1684\", \"CVE-2013-1685\", \"CVE-2013-1686\", \"CVE-2013-1687\", \"CVE-2013-1690\", \"CVE-2013-1692\", \"CVE-2013-1693\", \"CVE-2013-1694\", \"CVE-2013-1697\");\n script_xref(name:\"RHSA\", value:\"2013:0981\");\n\n script_name(english:\"CentOS 5 / 6 : firefox / xulrunner (CESA-2013:0981)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2013-1682, CVE-2013-1684, CVE-2013-1685,\nCVE-2013-1686, CVE-2013-1687, CVE-2013-1690)\n\nIt was found that Firefox allowed data to be sent in the body of\nXMLHttpRequest (XHR) HEAD requests. In some cases this could allow\nattackers to conduct Cross-Site Request Forgery (CSRF) attacks.\n(CVE-2013-1692)\n\nTiming differences in the way Firefox processed SVG image files could\nallow an attacker to read data across domains, potentially leading to\ninformation disclosure. (CVE-2013-1693)\n\nTwo flaws were found in the way Firefox implemented some of its\ninternal structures (called wrappers). An attacker could use these\nflaws to bypass some restrictions placed on them. This could lead to\nunexpected behavior or a potentially exploitable crash.\n(CVE-2013-1694, CVE-2013-1697)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Jesse Ruderman, Andrew\nMcCreight, Abhishek Arya, Mariusz Mlynski, Nils, Johnathan Kuskos,\nPaul Stone, Boris Zbarsky, and moz_bug_r_a4 as the original reporters\nof these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 17.0.7 ESR. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 17.0.7 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-June/019808.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a3cd8ede\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-June/019809.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?59dcd5ca\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-June/019816.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ddbf31e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-June/019818.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5b8e0023\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or xulrunner packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-1682\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox onreadystatechange Event DocumentViewerImpl Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-17.0.7-1.el5.centos\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-17.0.7-1.el5_9\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xulrunner-devel-17.0.7-1.el5_9\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"firefox-17.0.7-1.el6.centos\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"xulrunner-17.0.7-1.el6.centos\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"xulrunner-devel-17.0.7-1.el6.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner / xulrunner-devel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:47:59", "description": "From Red Hat Security Advisory 2013:0982 :\n\nAn updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2013-1682, CVE-2013-1684, CVE-2013-1685,\nCVE-2013-1686, CVE-2013-1687, CVE-2013-1690)\n\nIt was found that Thunderbird allowed data to be sent in the body of\nXMLHttpRequest (XHR) HEAD requests. In some cases this could allow\nattackers to conduct Cross-Site Request Forgery (CSRF) attacks.\n(CVE-2013-1692)\n\nTiming differences in the way Thunderbird processed SVG image files\ncould allow an attacker to read data across domains, potentially\nleading to information disclosure. (CVE-2013-1693)\n\nTwo flaws were found in the way Thunderbird implemented some of its\ninternal structures (called wrappers). An attacker could use these\nflaws to bypass some restrictions placed on them. This could lead to\nunexpected behavior or a potentially exploitable crash.\n(CVE-2013-1694, CVE-2013-1697)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Jesse Ruderman, Andrew\nMcCreight, Abhishek Arya, Mariusz Mlynski, Nils, Johnathan Kuskos,\nPaul Stone, Boris Zbarsky, and moz_bug_r_a4 as the original reporters\nof these issues.\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message as JavaScript is disabled by default for\nmail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 17.0.7 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.", "edition": 18, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : thunderbird (ELSA-2013-0982)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:thunderbird"], "id": "ORACLELINUX_ELSA-2013-0982.NASL", "href": "https://www.tenable.com/plugins/nessus/68840", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0982 and \n# Oracle Linux Security Advisory ELSA-2013-0982 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68840);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-1682\", \"CVE-2013-1684\", \"CVE-2013-1685\", \"CVE-2013-1686\", \"CVE-2013-1687\", \"CVE-2013-1690\", \"CVE-2013-1692\", \"CVE-2013-1693\", \"CVE-2013-1694\", \"CVE-2013-1697\");\n script_xref(name:\"RHSA\", value:\"2013:0982\");\n\n script_name(english:\"Oracle Linux 6 : thunderbird (ELSA-2013-0982)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2013:0982 :\n\nAn updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2013-1682, CVE-2013-1684, CVE-2013-1685,\nCVE-2013-1686, CVE-2013-1687, CVE-2013-1690)\n\nIt was found that Thunderbird allowed data to be sent in the body of\nXMLHttpRequest (XHR) HEAD requests. In some cases this could allow\nattackers to conduct Cross-Site Request Forgery (CSRF) attacks.\n(CVE-2013-1692)\n\nTiming differences in the way Thunderbird processed SVG image files\ncould allow an attacker to read data across domains, potentially\nleading to information disclosure. (CVE-2013-1693)\n\nTwo flaws were found in the way Thunderbird implemented some of its\ninternal structures (called wrappers). An attacker could use these\nflaws to bypass some restrictions placed on them. This could lead to\nunexpected behavior or a potentially exploitable crash.\n(CVE-2013-1694, CVE-2013-1697)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Gary Kwong, Jesse Ruderman, Andrew\nMcCreight, Abhishek Arya, Mariusz Mlynski, Nils, Johnathan Kuskos,\nPaul Stone, Boris Zbarsky, and moz_bug_r_a4 as the original reporters\nof these issues.\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message as JavaScript is disabled by default for\nmail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 17.0.7 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-June/003547.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox onreadystatechange Event DocumentViewerImpl Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"thunderbird-17.0.7-1.0.1.el6_4\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2020-10-22T17:05:55", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "description": "[17.0.7-1.0.1.el6_4]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[17.0.7-1]\n- Update to 17.0.7 ESR", "edition": 5, "modified": "2013-06-25T00:00:00", "published": "2013-06-25T00:00:00", "id": "ELSA-2013-0982", "href": "http://linux.oracle.com/errata/ELSA-2013-0982.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:10", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "description": "firefox\n[17.0.7-1.0.1.el6_4]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones\n[17.0.7-1]\n- Update to 17.0.7 ESR\nxulrunner\n[17.0.7-1.0.1.el6_4]\n- Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js\n- Removed XULRUNNER_VERSION from SOURCE21\n[17.0.7-1]\n- Update to 17.0.7 ESR\n[17.0.6-5]\n- Added workaround for rhbz#973721 - fixing problem with installation\n of some addons\n[17.0.6-4]\n- Added a workaround for rhbz#961687 - Prelink throws message\n 'Cannot safely convert .rel.dyn' section from REL to RELA'\n[17.0.6-3]\n- Added patch for aliasing issues (mozbz#821502)", "edition": 4, "modified": "2013-06-25T00:00:00", "published": "2013-06-25T00:00:00", "id": "ELSA-2013-0981", "href": "http://linux.oracle.com/errata/ELSA-2013-0981.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:21:57", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2720-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 06, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 \n CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 \n CVE-2013-1694 CVE-2013-1697\n\nMultiple security issues have been found in Icedove, Debian's version\nof the Mozilla Thunderbird mail and news client. Multiple memory safety \nerrors, use-after-free vulnerabilities, missing permission checks, incorrect \nmemory handling and other implementaton errors may lead to the execution\nof arbitrary code, privilege escalation, information disclosure or\ncross-site request forgery.\n\nAs already announced for Iceweasel: We're changing the approach for\nsecurity updates for Icedove in stable-security: Instead of\nbackporting security fixes, we now provide releases based on the \nExtended Support Release branch. As such, this update introduces\npackages based on Thunderbird 17 and at some point in the future we \nwill switch to the next ESR branch once ESR 17 has reached it's end \nof life.\n\nSome Icedove extensions currently packaged in the Debian archive are \nnot compatible with the new browser engine. Up-to-date and compatible \nversions can be retrieved from http://addons.mozilla.org as a short \nterm solution.\n\nAn updated and compatible version of enigmail is included with this \nupdate.\n\nThe icedove version in the oldstable distribution (squeeze) is no\nlonger supported with full security updates. However, it should be\nnoted that almost all security issues in Icedove stem from the\nincluded browser engine. These security problems only affect Icedove\nif scripting and HTML mails are enabled. If there are security issues\nspecific to Icedove (e.g. a hypothetical buffer overflow in the IMAP\nimplementation) we'll make an effort to backport such fixes to oldstable.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 17.0.7-1~deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 17.0.7-1.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n\n", "edition": 2, "modified": "2013-07-06T15:37:40", "published": "2013-07-06T15:37:40", "id": "DEBIAN:DSA-2720-1:1CEA2", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00129.html", "title": "[SECURITY] [DSA 2720-1] icedove security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:21:22", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2716-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJune 26, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceweasel\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 \n CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 \n CVE-2013-1694 CVE-2013-1697\n\nMultiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors,\nuse-after-free vulnerabilities, missing permission checks, incorrect \nmemory handling and other implementaton errors may lead to the execution\nof arbitrary code, privilege escalation, information disclosure or\ncross-site request forgery.\n\nThe iceweasel version in the oldstable distribution (squeeze) is no\nlonger supported with security updates.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 17.0.7esr-1~deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 17.0.7esr-1.\n\nWe recommend that you upgrade your iceweasel packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n\n\n", "edition": 3, "modified": "2013-06-26T14:01:13", "published": "2013-06-26T14:01:13", "id": "DEBIAN:DSA-2716-1:03728", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00125.html", "title": "[SECURITY] [DSA 2716-1] iceweasel security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:29", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1682", "CVE-2013-1684", "CVE-2013-1685", "CVE-2013-1686", "CVE-2013-1687", "CVE-2013-1690", "CVE-2013-1692", "CVE-2013-1693", "CVE-2013-1694", "CVE-2013-1697"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content. Malicious\ncontent could cause Thunderbird to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Thunderbird. (CVE-2013-1682,\nCVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690)\n\nIt was found that Thunderbird allowed data to be sent in the body of\nXMLHttpRequest (XHR) HEAD requests. In some cases this could allow\nattackers to conduct Cross-Site Request Forgery (CSRF) attacks.\n(CVE-2013-1692)\n\nTiming differences in the way Thunderbird processed SVG image files could\nallow an attacker to read data across domains, potentially leading to\ninformation disclosure. (CVE-2013-1693)\n\nTwo flaws were found in the way Thunderbird implemented some of its\ninternal structures (called wrappers). An attacker could use these flaws to\nbypass some restrictions placed on them. This could lead to unexpected\nbehavior or a potentially exploitable crash. (CVE-2013-1694, CVE-2013-1697)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Gary Kwong, Jesse Ruderman, Andrew McCreight,\nAbhishek Arya, Mariusz Mlynski, Nils, Johnathan Kuskos, Paul Stone, Boris\nZbarsky, and moz_bug_r_a4 as the original reporters of these issues.\n\nNote: All of the above issues cannot be exploited by a specially-crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 17.0.7 ESR, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes to\ntake effect.\n", "modified": "2018-06-06T20:24:34", "published": "2013-06-25T04:00:00", "id": "RHSA-2013:0982", "href": "https://access.redhat.com/errata/RHSA-2013:0982", "type": "redhat", "title": "(RHSA-2013:0982) Important: thunderbird security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:10", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1682", "CVE-2013-1684", "CVE-2013-1685", "CVE-2013-1686", "CVE-2013-1687", "CVE-2013-1690", "CVE-2013-1692", "CVE-2013-1693", "CVE-2013-1694", "CVE-2013-1697"], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686,\nCVE-2013-1687, CVE-2013-1690)\n\nIt was found that Firefox allowed data to be sent in the body of\nXMLHttpRequest (XHR) HEAD requests. In some cases this could allow\nattackers to conduct Cross-Site Request Forgery (CSRF) attacks.\n(CVE-2013-1692)\n\nTiming differences in the way Firefox processed SVG image files could\nallow an attacker to read data across domains, potentially leading to\ninformation disclosure. (CVE-2013-1693)\n\nTwo flaws were found in the way Firefox implemented some of its internal\nstructures (called wrappers). An attacker could use these flaws to bypass\nsome restrictions placed on them. This could lead to unexpected behavior or\na potentially exploitable crash. (CVE-2013-1694, CVE-2013-1697)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Gary Kwong, Jesse Ruderman, Andrew McCreight,\nAbhishek Arya, Mariusz Mlynski, Nils, Johnathan Kuskos, Paul Stone, Boris\nZbarsky, and moz_bug_r_a4 as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 17.0.7 ESR. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 17.0.7 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n", "modified": "2018-06-06T20:24:36", "published": "2013-06-25T04:00:00", "id": "RHSA-2013:0981", "href": "https://access.redhat.com/errata/RHSA-2013:0981", "type": "redhat", "title": "(RHSA-2013:0981) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:36:29", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "description": "Multiple memory safety issues were discovered in Thunderbird. If the user \nwere tricked into opening a specially crafted message with scripting \nenabled, an attacker could possibly exploit these to cause a denial of \nservice via application crash, or potentially execute arbitrary code with \nthe privileges of the user invoking Thunderbird. (CVE-2013-1682)\n\nAbhishek Arya discovered multiple use-after-free bugs. If the user were \ntricked into opening a specially crafted message with scripting enabled, \nan attacker could possibly exploit these to execute arbitrary code with \nthe privileges of the user invoking Thunderbird. (CVE-2013-1684, \nCVE-2013-1685, CVE-2013-1686)\n\nMariusz Mlynski discovered that user defined code within the XBL scope of \nan element could be made to bypass System Only Wrappers (SOW). If a user \nhad scripting enabled, an attacker could potentially exploit this to \nexecute arbitrary code with the privileges of the user invoking \nThunderbird. (CVE-2013-1687)\n\nA crash was discovered when reloading a page that contained content using \nthe onreadystatechange event. If a user had scripting enabled, an attacker \ncould potentially exploit this to execute arbitrary code with the \nprivileges of the user invoking Thunderbird. (CVE-2013-1690)\n\nJohnathan Kuskos discovered that Thunderbird sent data in the body of \nXMLHttpRequest HEAD requests. If a user had scripting enabled, an attacker \ncould exploit this to conduct Cross-Site Request Forgery (CSRF) attacks. \n(CVE-2013-1692)\n\nPaul Stone discovered a timing flaw in the processing of SVG images with \nfilters. If a user had scripting enabled, an attacker could exploit this \nto view sensitive information. (CVE-2013-1693)\n\nBoris Zbarsky discovered a flaw in PreserveWrapper. If a user had \nscripting enabled, an attacker could potentially exploit this to cause \na denial of service via application crash, or execute code with the \nprivileges of the user invoking Thunderbird. (CVE-2013-1694)\n\nIt was discovered that XrayWrappers could be bypassed to call \ncontent-defined methods in certain circumstances. If a user had scripting \nenabled, an attacker could exploit this to cause undefined behaviour. \n(CVE-2013-1697)", "edition": 5, "modified": "2013-06-26T00:00:00", "published": "2013-06-26T00:00:00", "id": "USN-1891-1", "href": "https://ubuntu.com/security/notices/USN-1891-1", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:37:43", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1696", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1695", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1688", "CVE-2013-1686", "CVE-2013-1698", "CVE-2013-1682", "CVE-2013-1683", "CVE-2013-1699", "CVE-2013-1693"], "description": "USN-1890-1 fixed vulnerabilities in Firefox. This update introduced a \nregression which sometimes resulted in Firefox using the wrong network \nproxy settings. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nMultiple memory safety issues were discovered in Firefox. If the user were \ntricked into opening a specially crafted page, an attacker could possibly \nexploit these to cause a denial of service via application crash, or \npotentially execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2013-1682, CVE-2013-1683)\n\nAbhishek Arya discovered multiple use-after-free bugs. If the user were \ntricked into opening a specially crafted page, an attacker could possibly \nexploit these to execute arbitrary code with the privileges of the user \ninvoking Firefox. (CVE-2013-1684, CVE-2013-1685, CVE-2013-1686)\n\nMariusz Mlynski discovered that user defined code within the XBL scope of \nan element could be made to bypass System Only Wrappers (SOW). An attacker \ncould potentially exploit this to execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2013-1687)\n\nMariusz Mlynski discovered that the profiler user interface incorrectly \nhandled data from the profiler. If the user examined profiler output \non a specially crafted page, an attacker could potentially exploit this to \nexecute arbitrary code with the privileges of the user invoking Firefox. \n(CVE-2013-1688)\n\nA crash was discovered when reloading a page that contained content using \nthe onreadystatechange event. An attacker could potentially exploit this \nto execute arbitrary code with the privileges of the user invoking Firefox \n(CVE-2013-1690)\n\nJohnathan Kuskos discovered that Firefox sent data in the body of \nXMLHttpRequest HEAD requests. An attacker could exploit this to conduct \nCross-Site Request Forgery (CSRF) attacks. (CVE-2013-1692)\n\nPaul Stone discovered a timing flaw in the processing of SVG images with \nfilters. An attacker could exploit this to view sensitive information. \n(CVE-2013-1693)\n\nBoris Zbarsky discovered a flaw in PreserveWrapper. An attacker could \npotentially exploit this to cause a denial of service via application \ncrash, or execute code with the privileges of the user invoking Firefox. \n(CVE-2013-1694)\n\nBob Owen discovered that a sandboxed iframe could use a frame element \nto bypass its own restrictions. (CVE-2013-1695)\n\nFr\u00e9d\u00e9ric Buclin discovered that the X-Frame-Options header is ignored \nin multi-part responses. An attacker could potentially exploit this \nto conduct clickjacking attacks. (CVE-2013-1696)\n\nIt was discovered that XrayWrappers could be bypassed to call \ncontent-defined methods in certain circumstances. An attacker could \nexploit this to cause undefined behaviour. (CVE-2013-1697)\n\nMatt Wobensmith discovered that the getUserMedia permission dialog \ndisplayed the wrong domain in certain circumstances. An attacker could \npotentially exploit this to trick the user in to giving a malicious \nsite access to their microphone or camera. (CVE-2013-1698)\n\nIt was discovered that the measures for preventing homograph attacks \nusing Internationalized Domain Names (IDN) were not sufficient \nfor certain Top Level Domains (TLD). An attacker could potentially \nexploit this to conduct URL spoofing and phishing attacks. \n(CVE-2013-1699)", "edition": 5, "modified": "2013-07-03T00:00:00", "published": "2013-07-03T00:00:00", "id": "USN-1890-2", "href": "https://ubuntu.com/security/notices/USN-1890-2", "title": "Firefox regression", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:33:22", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1696", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1695", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1688", "CVE-2013-1686", "CVE-2013-1698", "CVE-2013-1682", "CVE-2013-1683", "CVE-2013-1699", "CVE-2013-1693"], "description": "Multiple memory safety issues were discovered in Firefox. If the user were \ntricked into opening a specially crafted page, an attacker could possibly \nexploit these to cause a denial of service via application crash, or \npotentially execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2013-1682, CVE-2013-1683)\n\nAbhishek Arya discovered multiple use-after-free bugs. If the user were \ntricked into opening a specially crafted page, an attacker could possibly \nexploit these to execute arbitrary code with the privileges of the user \ninvoking Firefox. (CVE-2013-1684, CVE-2013-1685, CVE-2013-1686)\n\nMariusz Mlynski discovered that user defined code within the XBL scope of \nan element could be made to bypass System Only Wrappers (SOW). An attacker \ncould potentially exploit this to execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2013-1687)\n\nMariusz Mlynski discovered that the profiler user interface incorrectly \nhandled data from the profiler. If the user examined profiler output \non a specially crafted page, an attacker could potentially exploit this to \nexecute arbitrary code with the privileges of the user invoking Firefox. \n(CVE-2013-1688)\n\nA crash was discovered when reloading a page that contained content using \nthe onreadystatechange event. An attacker could potentially exploit this \nto execute arbitrary code with the privileges of the user invoking Firefox \n(CVE-2013-1690)\n\nJohnathan Kuskos discovered that Firefox sent data in the body of \nXMLHttpRequest HEAD requests. An attacker could exploit this to conduct \nCross-Site Request Forgery (CSRF) attacks. (CVE-2013-1692)\n\nPaul Stone discovered a timing flaw in the processing of SVG images with \nfilters. An attacker could exploit this to view sensitive information. \n(CVE-2013-1693)\n\nBoris Zbarsky discovered a flaw in PreserveWrapper. An attacker could \npotentially exploit this to cause a denial of service via application \ncrash, or execute code with the privileges of the user invoking Firefox. \n(CVE-2013-1694)\n\nBob Owen discovered that a sandboxed iframe could use a frame element \nto bypass its own restrictions. (CVE-2013-1695)\n\nFr\u00e9d\u00e9ric Buclin discovered that the X-Frame-Options header is ignored \nin multi-part responses. An attacker could potentially exploit this \nto conduct clickjacking attacks. (CVE-2013-1696)\n\nIt was discovered that XrayWrappers could be bypassed to call \ncontent-defined methods in certain circumstances. An attacker could \nexploit this to cause undefined behaviour. (CVE-2013-1697)\n\nMatt Wobensmith discovered that the getUserMedia permission dialog \ndisplayed the wrong domain in certain circumstances. An attacker could \npotentially exploit this to trick the user in to giving a malicious \nsite access to their microphone or camera. (CVE-2013-1698)\n\nIt was discovered that the measures for preventing homograph attacks \nusing Internationalized Domain Names (IDN) were not sufficient \nfor certain Top Level Domains (TLD). An attacker could potentially \nexploit this to conduct URL spoofing and phishing attacks. \n(CVE-2013-1699)", "edition": 5, "modified": "2013-06-26T00:00:00", "published": "2013-06-26T00:00:00", "id": "USN-1890-1", "href": "https://ubuntu.com/security/notices/USN-1890-1", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2018-01-19T15:09:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "description": "Check for the Version of thunderbird", "modified": "2018-01-19T00:00:00", "published": "2013-06-27T00:00:00", "id": "OPENVAS:871014", "href": "http://plugins.openvas.org/nasl.php?oid=871014", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2013:0982-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2013:0982-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed content. Malicious\n content could cause Thunderbird to crash or, potentially, execute arbitrary\n code with the privileges of the user running Thunderbird. (CVE-2013-1682,\n CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690)\n\n It was found that Thunderbird allowed data to be sent in the body of\n XMLHttpRequest (XHR) HEAD requests. In some cases this could allow\n attackers to conduct Cross-Site Request Forgery (CSRF) attacks.\n (CVE-2013-1692)\n\n Timing differences in the way Thunderbird processed SVG image files could\n allow an attacker to read data across domains, potentially leading to\n information disclosure. (CVE-2013-1693)\n\n Two flaws were found in the way Thunderbird implemented some of its\n internal structures (called wrappers). An attacker could use these flaws to\n bypass some restrictions placed on them. This could lead to unexpected\n behavior or a potentially exploitable crash. (CVE-2013-1694, CVE-2013-1697)\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Gary Kwong, Jesse Ruderman, Andrew McCreight,\n Abhishek Arya, Mariusz Mlynski, Nils, Johnathan Kuskos, Paul Stone, Boris\n Zbarsky, and moz_bug_r_a4 as the original reporters of these issues.\n\n Note: All of the above issues cannot be exploited by a specially-crafted\n HTML mail message as JavaScript is disabled by default for mail messages.\n They could be exploited another way in Thunderbird, for example, when\n viewing the full remote content of an RSS feed.\n\n All Thunderbird users should upgrade to this updated package, which\n contains Thunderbird version 17.0.7 ESR, which corrects these issues. After\n installing the update, Thunderbird must be restarted for the changes to\n take effect.\";\n\n\ntag_affected = \"thunderbird on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(871014);\n script_version(\"$Revision: 8466 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 07:58:30 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-27 09:56:47 +0530 (Thu, 27 Jun 2013)\");\n script_cve_id(\"CVE-2013-1682\", \"CVE-2013-1684\", \"CVE-2013-1685\", \"CVE-2013-1686\",\n \"CVE-2013-1687\", \"CVE-2013-1690\", \"CVE-2013-1692\", \"CVE-2013-1693\",\n \"CVE-2013-1694\", \"CVE-2013-1697\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for thunderbird RHSA-2013:0982-01\");\n\n script_xref(name: \"RHSA\", value: \"2013:0982-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-June/msg00022.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~17.0.7~1.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~17.0.7~1.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-23T19:05:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "description": "The host is installed with Mozilla Thunderbird and is prone to multiple\n vulnerabilities.", "modified": "2020-04-21T00:00:00", "published": "2013-06-26T00:00:00", "id": "OPENVAS:1361412562310903216", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310903216", "type": "openvas", "title": "Mozilla Thunderbird Multiple Vulnerabilities - June 13 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Thunderbird Multiple Vulnerabilities - June 13 (Windows)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.903216\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-1684\", \"CVE-2013-1685\", \"CVE-2013-1686\", \"CVE-2013-1687\",\n \"CVE-2013-1690\", \"CVE-2013-1692\", \"CVE-2013-1693\", \"CVE-2013-1694\",\n \"CVE-2013-1697\", \"CVE-2013-1682\");\n script_bugtraq_id(60765, 60766, 60773, 60774, 60777, 60778, 60783, 60787, 60776,\n 60784);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-06-26 16:56:12 +0530 (Wed, 26 Jun 2013)\");\n script_name(\"Mozilla Thunderbird Multiple Vulnerabilities - June 13 (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/53970\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1028702\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2013/mfsa2013-50.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"General\");\n script_dependencies(\"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Thunderbird/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to execute arbitrary code,\n obtain potentially sensitive information, gain escalated privileges, bypass\n security restrictions, and perform unauthorized actions. Other attacks may\n also be possible.\");\n script_tag(name:\"affected\", value:\"Thunderbird versions before 17.0.7 on Windows\");\n script_tag(name:\"insight\", value:\"Multiple flaws due to,\n\n - PreserveWrapper does not handle lack of wrapper.\n\n - Error in processing of SVG format images with filters to read pixel values.\n\n - Does not prevent inclusion of body data in XMLHttpRequest HEAD request.\n\n - Multiple unspecified vulnerabilities in the browser engine.\n\n - Does not properly handle onreadystatechange events in conjunction with\n page reloading.\n\n - System Only Wrapper (SOW) and Chrome Object Wrapper (COW), does not\n restrict XBL user-defined functions.\n\n - Use-after-free vulnerability in 'nsIDocument::GetRootElement' and\n 'mozilla::dom::HTMLMediaElement::LookupMediaElementURITable' functions.\n\n - XrayWrapper does not properly restrict use of DefaultValue for method calls.\");\n script_tag(name:\"solution\", value:\"Upgrade to Thunderbird version to 17.0.7 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Mozilla Thunderbird and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/en-US/thunderbird\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\ntbVer = get_kb_item(\"Thunderbird/Win/Ver\");\nif(tbVer)\n{\n if(version_is_less(version:tbVer, test_version:\"17.0.7\")){\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"17.0.7\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2013-06-27T00:00:00", "id": "OPENVAS:1361412562310871012", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871012", "type": "openvas", "title": "RedHat Update for firefox RHSA-2013:0981-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2013:0981-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871012\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-27 09:56:17 +0530 (Thu, 27 Jun 2013)\");\n script_cve_id(\"CVE-2013-1682\", \"CVE-2013-1684\", \"CVE-2013-1685\", \"CVE-2013-1686\",\n \"CVE-2013-1687\", \"CVE-2013-1690\", \"CVE-2013-1692\", \"CVE-2013-1693\",\n \"CVE-2013-1694\", \"CVE-2013-1697\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for firefox RHSA-2013:0981-01\");\n\n script_xref(name:\"RHSA\", value:\"2013:0981-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-June/msg00021.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n script_tag(name:\"affected\", value:\"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686,\n CVE-2013-1687, CVE-2013-1690)\n\n It was found that Firefox allowed data to be sent in the body of\n XMLHttpRequest (XHR) HEAD requests. In some cases this could allow\n attackers to conduct Cross-Site Request Forgery (CSRF) attacks.\n (CVE-2013-1692)\n\n Timing differences in the way Firefox processed SVG image files could\n allow an attacker to read data across domains, potentially leading to\n information disclosure. (CVE-2013-1693)\n\n Two flaws were found in the way Firefox implemented some of its internal\n structures (called wrappers). An attacker could use these flaws to bypass\n some restrictions placed on them. This could lead to unexpected behavior or\n a potentially exploitable crash. (CVE-2013-1694, CVE-2013-1697)\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Gary Kwong, Jesse Ruderman, Andrew McCreight,\n Abhishek Arya, Mariusz Mlynski, Nils, Johnathan Kuskos, Paul Stone, Boris\n Zbarsky, and moz_bug_r_a4 as the original reporters of these issues.\n\n For technical details regarding these flaws, refer to the Mozilla\n security advisories for Firefox 17.0.7 ESR. You can find a link to the\n Mozilla advisories in the References section of this erratum.\n\n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 17.0.7 ESR, which corrects these issues. After installing\n the update, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~17.0.7~1.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~17.0.7~1.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~17.0.7~1.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~17.0.7~1.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~17.0.7~1.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~17.0.7~1.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~17.0.7~1.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~17.0.7~1.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~17.0.7~1.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-06-27T00:00:00", "id": "OPENVAS:1361412562310881760", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881760", "type": "openvas", "title": "CentOS Update for xulrunner CESA-2013:0981 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xulrunner CESA-2013:0981 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881760\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-27 10:00:16 +0530 (Thu, 27 Jun 2013)\");\n script_cve_id(\"CVE-2013-1682\", \"CVE-2013-1684\", \"CVE-2013-1685\", \"CVE-2013-1686\",\n \"CVE-2013-1687\", \"CVE-2013-1690\", \"CVE-2013-1692\", \"CVE-2013-1693\",\n \"CVE-2013-1694\", \"CVE-2013-1697\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for xulrunner CESA-2013:0981 centos5\");\n\n script_xref(name:\"CESA\", value:\"2013:0981\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-June/019816.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xulrunner'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"xulrunner on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686,\n CVE-2013-1687, CVE-2013-1690)\n\n It was found that Firefox allowed data to be sent in the body of\n XMLHttpRequest (XHR) HEAD requests. In some cases this could allow\n attackers to conduct Cross-Site Request Forgery (CSRF) attacks.\n (CVE-2013-1692)\n\n Timing differences in the way Firefox processed SVG image files could\n allow an attacker to read data across domains, potentially leading to\n information disclosure. (CVE-2013-1693)\n\n Two flaws were found in the way Firefox implemented some of its internal\n structures (called wrappers). An attacker could use these flaws to bypass\n some restrictions placed on them. This could lead to unexpected behavior or\n a potentially exploitable crash. (CVE-2013-1694, CVE-2013-1697)\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Gary Kwong, Jesse Ruderman, Andrew McCreight,\n Abhishek Arya, Mariusz Mlynski, Nils, Johnathan Kuskos, Paul Stone, Boris\n Zbarsky, and moz_bug_r_a4 as the original reporters of these issues.\n\n For technical details regarding these flaws, refer to the Mozilla\n security advisories for Firefox 17.0.7 ESR. You can find a link to the\n Mozilla advisories in the References section of this erratum.\n\n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 17.0.7 ESR, which corrects these issues. After installing\n the update, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~17.0.7~1.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~17.0.7~1.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-27T10:51:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "description": "Check for the Version of firefox", "modified": "2017-07-12T00:00:00", "published": "2013-06-27T00:00:00", "id": "OPENVAS:871012", "href": "http://plugins.openvas.org/nasl.php?oid=871012", "type": "openvas", "title": "RedHat Update for firefox RHSA-2013:0981-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2013:0981-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686,\n CVE-2013-1687, CVE-2013-1690)\n\n It was found that Firefox allowed data to be sent in the body of\n XMLHttpRequest (XHR) HEAD requests. In some cases this could allow\n attackers to conduct Cross-Site Request Forgery (CSRF) attacks.\n (CVE-2013-1692)\n\n Timing differences in the way Firefox processed SVG image files could\n allow an attacker to read data across domains, potentially leading to\n information disclosure. (CVE-2013-1693)\n\n Two flaws were found in the way Firefox implemented some of its internal\n structures (called wrappers). An attacker could use these flaws to bypass\n some restrictions placed on them. This could lead to unexpected behavior or\n a potentially exploitable crash. (CVE-2013-1694, CVE-2013-1697)\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Gary Kwong, Jesse Ruderman, Andrew McCreight,\n Abhishek Arya, Mariusz Mlynski, Nils, Johnathan Kuskos, Paul Stone, Boris\n Zbarsky, and moz_bug_r_a4 as the original reporters of these issues.\n\n For technical details regarding these flaws, refer to the Mozilla\n security advisories for Firefox 17.0.7 ESR. You can find a link to the\n Mozilla advisories in the References section of this erratum.\n\n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 17.0.7 ESR, which corrects these issues. After installing\n the update, Firefox must be restarted for the changes to take effect.\";\n\n\ntag_affected = \"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(871012);\n script_version(\"$Revision: 6687 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:46:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-27 09:56:17 +0530 (Thu, 27 Jun 2013)\");\n script_cve_id(\"CVE-2013-1682\", \"CVE-2013-1684\", \"CVE-2013-1685\", \"CVE-2013-1686\",\n \"CVE-2013-1687\", \"CVE-2013-1690\", \"CVE-2013-1692\", \"CVE-2013-1693\",\n \"CVE-2013-1694\", \"CVE-2013-1697\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for firefox RHSA-2013:0981-01\");\n\n script_xref(name: \"RHSA\", value: \"2013:0981-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-June/msg00021.html\");\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~17.0.7~1.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~17.0.7~1.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~17.0.7~1.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~17.0.7~1.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~17.0.7~1.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~17.0.7~1.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~17.0.7~1.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~17.0.7~1.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~17.0.7~1.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:11:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "description": "The host is installed with Mozilla Firefox ESR and is prone to multiple\n vulnerabilities.", "modified": "2017-05-09T00:00:00", "published": "2013-06-26T00:00:00", "id": "OPENVAS:903215", "href": "http://plugins.openvas.org/nasl.php?oid=903215", "type": "openvas", "title": "Mozilla Firefox ESR Multiple Vulnerabilities - June 13 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_mozilla_firefox_esr_mult_vuln_jun13_win.nasl 6086 2017-05-09 09:03:30Z teissa $\n#\n# Mozilla Firefox ESR Multiple Vulnerabilities - June 13 (Windows)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attackers to execute arbitrary code,\n obtain potentially sensitive information, gain escalated privileges, bypass\n security restrictions, and perform unauthorized actions. Other attacks may\n also be possible.\n Impact Level: Application\";\n\ntag_affected = \"Mozilla Firefox ESR versions 17.x before 17.0.7 on Windows\";\ntag_insight = \"Multiple flaws due to,\n - PreserveWrapper does not handle lack of wrapper.\n - Error in processing of SVG format images with filters to read pixel values.\n - Does not prevent inclusion of body data in XMLHttpRequest HEAD request.\n - Multiple unspecified errors in the browser engine.\n - Does not properly handle onreadystatechange events in conjunction with\n page reloading.\n - System Only Wrapper (SOW) and Chrome Object Wrapper (COW), does not\n restrict XBL user-defined functions.\n - Use-after-free vulnerability in 'nsIDocument::GetRootElement' and\n 'mozilla::dom::HTMLMediaElement::LookupMediaElementURITable' functions.\n - XrayWrapper does not properly restrict use of DefaultValue for method calls.\";\ntag_solution = \"Upgrade to Mozilla Firefox ESR 17.0.7 or later\n For updates refer to http://www.mozilla.com/en-US/firefox/all.html\";\ntag_summary = \"The host is installed with Mozilla Firefox ESR and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(903215);\n script_version(\"$Revision: 6086 $\");\n script_cve_id( \"CVE-2013-1684\", \"CVE-2013-1685\", \"CVE-2013-1686\", \"CVE-2013-1687\",\n \"CVE-2013-1690\", \"CVE-2013-1692\", \"CVE-2013-1693\", \"CVE-2013-1694\",\n \"CVE-2013-1697\", \"CVE-2013-1682\");\n script_bugtraq_id(60765, 60766, 60773, 60774, 60777, 60778, 60783, 60787, 60776,\n 60784);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-09 11:03:30 +0200 (Tue, 09 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-26 16:40:01 +0530 (Wed, 26 Jun 2013)\");\n script_name(\"Mozilla Firefox ESR Multiple Vulnerabilities - June 13 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/53970\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id/1028702\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2013/mfsa2013-50.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Variable Initialization\nffVer = \"\";\n\n# Firefox Check\nffVer = get_kb_item(\"Firefox-ESR/Win/Ver\");\nif(ffVer && ffVer =~ \"^17.0\")\n{\n # Grep for Firefox version\n if(version_in_range(version:ffVer, test_version:\"17.0\", test_version2:\"17.0.6\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-22T13:10:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "description": "Check for the Version of xulrunner", "modified": "2018-01-22T00:00:00", "published": "2013-06-27T00:00:00", "id": "OPENVAS:881759", "href": "http://plugins.openvas.org/nasl.php?oid=881759", "type": "openvas", "title": "CentOS Update for xulrunner CESA-2013:0981 centos6 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xulrunner CESA-2013:0981 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686,\n CVE-2013-1687, CVE-2013-1690)\n\n It was found that Firefox allowed data to be sent in the body of\n XMLHttpRequest (XHR) HEAD requests. In some cases this could allow\n attackers to conduct Cross-Site Request Forgery (CSRF) attacks.\n (CVE-2013-1692)\n\n Timing differences in the way Firefox processed SVG image files could\n allow an attacker to read data across domains, potentially leading to\n information disclosure. (CVE-2013-1693)\n\n Two flaws were found in the way Firefox implemented some of its internal\n structures (called wrappers). An attacker could use these flaws to bypass\n some restrictions placed on them. This could lead to unexpected behavior or\n a potentially exploitable crash. (CVE-2013-1694, CVE-2013-1697)\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Gary Kwong, Jesse Ruderman, Andrew McCreight,\n Abhishek Arya, Mariusz Mlynski, Nils, Johnathan Kuskos, Paul Stone, Boris\n Zbarsky, and moz_bug_r_a4 as the original reporters of these issues.\n\n For technical details regarding these flaws, refer to the Mozilla\n security advisories for Firefox 17.0.7 ESR. You can find a link to the\n Mozilla advisories in the References section of this erratum.\n\n All Firefox users should upgrade to these updated packages, which contain\n Firefox version 17.0.7 ESR, which corrects these issues. After installing\n the update, Firefox must be restarted for the changes to take effect.\";\n\n\ntag_affected = \"xulrunner on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(881759);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-27 09:59:49 +0530 (Thu, 27 Jun 2013)\");\n script_cve_id(\"CVE-2013-1682\", \"CVE-2013-1684\", \"CVE-2013-1685\", \"CVE-2013-1686\",\n \"CVE-2013-1687\", \"CVE-2013-1690\", \"CVE-2013-1692\", \"CVE-2013-1693\",\n \"CVE-2013-1694\", \"CVE-2013-1697\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for xulrunner CESA-2013:0981 centos6 \");\n\n script_xref(name: \"CESA\", value: \"2013:0981\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-June/019809.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of xulrunner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~17.0.7~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~17.0.7~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-06-27T00:00:00", "id": "OPENVAS:1361412562310881756", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881756", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2013:0982 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2013:0982 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881756\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-27 09:58:50 +0530 (Thu, 27 Jun 2013)\");\n script_cve_id(\"CVE-2013-1682\", \"CVE-2013-1684\", \"CVE-2013-1685\", \"CVE-2013-1686\",\n \"CVE-2013-1687\", \"CVE-2013-1690\", \"CVE-2013-1692\", \"CVE-2013-1693\",\n \"CVE-2013-1694\", \"CVE-2013-1697\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for thunderbird CESA-2013:0982 centos5\");\n\n script_xref(name:\"CESA\", value:\"2013:0982\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-June/019817.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed content. Malicious\n content could cause Thunderbird to crash or, potentially, execute arbitrary\n code with the privileges of the user running Thunderbird. (CVE-2013-1682,\n CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690)\n\n It was found that Thunderbird allowed data to be sent in the body of\n XMLHttpRequest (XHR) HEAD requests. In some cases this could allow\n attackers to conduct Cross-Site Request Forgery (CSRF) attacks.\n (CVE-2013-1692)\n\n Timing differences in the way Thunderbird processed SVG image files could\n allow an attacker to read data across domains, potentially leading to\n information disclosure. (CVE-2013-1693)\n\n Two flaws were found in the way Thunderbird implemented some of its\n internal structures (called wrappers). An attacker could use these flaws to\n bypass some restrictions placed on them. This could lead to unexpected\n behavior or a potentially exploitable crash. (CVE-2013-1694, CVE-2013-1697)\n\n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Gary Kwong, Jesse Ruderman, Andrew McCreight,\n Abhishek Arya, Mariusz Mlynski, Nils, Johnathan Kuskos, Paul Stone, Boris\n Zbarsky, and moz_bug_r_a4 as the original reporters of these issues.\n\n Note: All of the above issues cannot be exploited by a specially-crafted\n HTML mail message as JavaScript is disabled by default for mail messages.\n They could be exploited another way in Thunderbird, for example, when\n viewing the full remote content of an RSS feed.\n\n All Thunderbird users should upgrade to this updated package, which\n contains Thunderbird version 17.0.7 ESR, which corrects these issues. After\n installing the update, Thunderbird must be restarted for the changes to\n take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~17.0.7~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:11:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "description": "The host is installed with Mozilla Thunderbird ESR and is prone to multiple\n vulnerabilities.", "modified": "2017-05-05T00:00:00", "published": "2013-06-26T00:00:00", "id": "OPENVAS:903217", "href": "http://plugins.openvas.org/nasl.php?oid=903217", "type": "openvas", "title": "Mozilla Thunderbird ESR Multiple Vulnerabilities - June 13 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_mozilla_thunderbird_esr_mult_vuln_jun13_win.nasl 6074 2017-05-05 09:03:14Z teissa $\n#\n# Mozilla Thunderbird ESR Multiple Vulnerabilities - June 13 (Windows)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attackers to execute arbitrary code,\n obtain potentially sensitive information, gain escalated privileges, bypass\n security restrictions, and perform unauthorized actions. Other attacks may\n also be possible.\n Impact Level: Application\";\n\ntag_affected = \"Thunderbird ESR versions 17.x before 17.0.7 on Windows\";\ntag_insight = \"Multiple flaws due to,\n - PreserveWrapper does not handle lack of wrapper.\n - Error in processing of SVG format images with filters to read pixel values.\n - Does not prevent inclusion of body data in XMLHttpRequest HEAD request.\n - Multiple unspecified vulnerabilities in the browser engine.\n - Does not properly handle onreadystatechange events in conjunction with\n page reloading.\n - System Only Wrapper (SOW) and Chrome Object Wrapper (COW), does not\n restrict XBL user-defined functions.\n - Use-after-free vulnerability in 'nsIDocument::GetRootElement' and\n 'mozilla::dom::HTMLMediaElement::LookupMediaElementURITable' functions.\n - XrayWrapper does not properly restrict use of DefaultValue for method calls.\";\ntag_solution = \"Upgrade to Thunderbird ESR 17.0.7 or later\n For updates refer to http://www.mozilla.org/en-US/thunderbird\";\ntag_summary = \"The host is installed with Mozilla Thunderbird ESR and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(903217);\n script_version(\"$Revision: 6074 $\");\n script_cve_id( \"CVE-2013-1684\", \"CVE-2013-1685\", \"CVE-2013-1686\", \"CVE-2013-1687\",\n \"CVE-2013-1690\", \"CVE-2013-1692\", \"CVE-2013-1693\", \"CVE-2013-1694\",\n \"CVE-2013-1697\", \"CVE-2013-1682\");\n script_bugtraq_id(60765, 60766, 60773, 60774, 60777, 60778, 60783, 60787, 60776,\n 60784);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-05 11:03:14 +0200 (Fri, 05 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-26 17:09:51 +0530 (Wed, 26 Jun 2013)\");\n script_name(\"Mozilla Thunderbird ESR Multiple Vulnerabilities - June 13 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/53970\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id/1028702\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2013/mfsa2013-50.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"General\");\n script_dependencies(\"gb_thunderbird_detect_win.nasl\");\n script_mandatory_keys(\"Thunderbird-ESR/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Variable Initialization\ntbVer = \"\";\n\n# Thunderbird Check\ntbVer = get_kb_item(\"Thunderbird-ESR/Win/Ver\");\nif(tbVer && tbVer =~ \"^17.0\")\n{\n # Grep for Thunderbird version\n if(version_in_range(version:tbVer, test_version:\"17.0\", test_version2:\"17.0.6\")){\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "description": "Oracle Linux Local Security Checks ELSA-2013-0982", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123604", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123604", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0982", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0982.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123604\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:06:09 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0982\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0982 - thunderbird security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0982\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0982.html\");\n script_cve_id(\"CVE-2013-1682\", \"CVE-2013-1684\", \"CVE-2013-1685\", \"CVE-2013-1686\", \"CVE-2013-1687\", \"CVE-2013-1692\", \"CVE-2013-1693\", \"CVE-2013-1694\", \"CVE-2013-1697\", \"CVE-2013-1690\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~17.0.7~1.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~17.0.7~1.0.1.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-07-17T03:33:02", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "description": "**CentOS Errata and Security Advisory** CESA-2013:0982\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content. Malicious\ncontent could cause Thunderbird to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Thunderbird. (CVE-2013-1682,\nCVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690)\n\nIt was found that Thunderbird allowed data to be sent in the body of\nXMLHttpRequest (XHR) HEAD requests. In some cases this could allow\nattackers to conduct Cross-Site Request Forgery (CSRF) attacks.\n(CVE-2013-1692)\n\nTiming differences in the way Thunderbird processed SVG image files could\nallow an attacker to read data across domains, potentially leading to\ninformation disclosure. (CVE-2013-1693)\n\nTwo flaws were found in the way Thunderbird implemented some of its\ninternal structures (called wrappers). An attacker could use these flaws to\nbypass some restrictions placed on them. This could lead to unexpected\nbehavior or a potentially exploitable crash. (CVE-2013-1694, CVE-2013-1697)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Gary Kwong, Jesse Ruderman, Andrew McCreight,\nAbhishek Arya, Mariusz Mlynski, Nils, Johnathan Kuskos, Paul Stone, Boris\nZbarsky, and moz_bug_r_a4 as the original reporters of these issues.\n\nNote: All of the above issues cannot be exploited by a specially-crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 17.0.7 ESR, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-June/031845.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-June/031855.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2013-0982.html", "edition": 5, "modified": "2013-06-26T02:38:03", "published": "2013-06-26T02:19:42", "href": "http://lists.centos.org/pipermail/centos-announce/2013-June/031845.html", "id": "CESA-2013:0982", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:26:42", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-1694", "CVE-2013-1690", "CVE-2013-1684", "CVE-2013-1686", "CVE-2013-1682", "CVE-2013-1693"], "description": "**CentOS Errata and Security Advisory** CESA-2013:0981\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686,\nCVE-2013-1687, CVE-2013-1690)\n\nIt was found that Firefox allowed data to be sent in the body of\nXMLHttpRequest (XHR) HEAD requests. In some cases this could allow\nattackers to conduct Cross-Site Request Forgery (CSRF) attacks.\n(CVE-2013-1692)\n\nTiming differences in the way Firefox processed SVG image files could\nallow an attacker to read data across domains, potentially leading to\ninformation disclosure. (CVE-2013-1693)\n\nTwo flaws were found in the way Firefox implemented some of its internal\nstructures (called wrappers). An attacker could use these flaws to bypass\nsome restrictions placed on them. This could lead to unexpected behavior or\na potentially exploitable crash. (CVE-2013-1694, CVE-2013-1697)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Gary Kwong, Jesse Ruderman, Andrew McCreight,\nAbhishek Arya, Mariusz Mlynski, Nils, Johnathan Kuskos, Paul Stone, Boris\nZbarsky, and moz_bug_r_a4 as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 17.0.7 ESR. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 17.0.7 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-June/031846.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-June/031847.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-June/031854.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-June/031856.html\n\n**Affected packages:**\nfirefox\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0981.html", "edition": 3, "modified": "2013-06-26T02:40:20", "published": "2013-06-26T02:19:59", "href": "http://lists.centos.org/pipermail/centos-announce/2013-June/031846.html", "id": "CESA-2013:0981", "title": "firefox, xulrunner security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2020-12-09T19:52:39", "description": "The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method.", "edition": 5, "cvss3": {}, "published": "2013-06-26T03:19:00", "title": "CVE-2013-1697", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1697"], "modified": "2017-09-19T01:36:00", "cpe": ["cpe:/a:mozilla:firefox:20.0.1", "cpe:/a:mozilla:firefox_esr:17.0.3", "cpe:/a:mozilla:firefox_esr:17.0.4", "cpe:/a:mozilla:thunderbird_esr:17.0.3", "cpe:/a:mozilla:firefox_esr:17.0.5", "cpe:/a:mozilla:firefox:20.0", "cpe:/a:mozilla:thunderbird:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0.5", "cpe:/a:mozilla:firefox:19.0.1", "cpe:/a:mozilla:firefox_esr:17.0.2", "cpe:/a:mozilla:thunderbird_esr:17.0.2", "cpe:/a:mozilla:thunderbird:17.0.2", "cpe:/a:mozilla:thunderbird_esr:17.0.4", "cpe:/a:mozilla:thunderbird:17.0.5", "cpe:/a:mozilla:thunderbird:17.0.4", "cpe:/a:mozilla:thunderbird:17.0.1", "cpe:/a:mozilla:firefox:19.0.2", "cpe:/a:mozilla:thunderbird:17.0.6", "cpe:/a:mozilla:firefox_esr:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0.6", "cpe:/a:mozilla:thunderbird:17.0.3", "cpe:/a:mozilla:thunderbird_esr:17.0.1", "cpe:/a:mozilla:firefox:19.0", "cpe:/a:mozilla:firefox_esr:17.0.6", "cpe:/a:mozilla:firefox_esr:17.0.1", "cpe:/a:mozilla:firefox:21.0"], "id": "CVE-2013-1697", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1697", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox_esr:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:21.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:39", "description": "Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site.", "edition": 5, "cvss3": {}, "published": "2013-06-26T03:19:00", "title": "CVE-2013-1685", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1685"], "modified": "2017-09-19T01:36:00", "cpe": ["cpe:/a:mozilla:firefox:20.0.1", "cpe:/a:mozilla:firefox_esr:17.0.3", "cpe:/a:mozilla:firefox_esr:17.0.4", "cpe:/a:mozilla:thunderbird_esr:17.0.3", "cpe:/a:mozilla:firefox_esr:17.0.5", "cpe:/a:mozilla:firefox:20.0", "cpe:/a:mozilla:thunderbird:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0.5", "cpe:/a:mozilla:firefox:19.0.1", "cpe:/a:mozilla:firefox_esr:17.0.2", "cpe:/a:mozilla:thunderbird_esr:17.0.2", "cpe:/a:mozilla:thunderbird:17.0.2", "cpe:/a:mozilla:thunderbird_esr:17.0.4", "cpe:/a:mozilla:thunderbird:17.0.5", "cpe:/a:mozilla:thunderbird:17.0.4", "cpe:/a:mozilla:thunderbird:17.0.1", "cpe:/a:mozilla:firefox:19.0.2", "cpe:/a:mozilla:thunderbird:17.0.6", "cpe:/a:mozilla:firefox_esr:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0.6", "cpe:/a:mozilla:thunderbird:17.0.3", "cpe:/a:mozilla:thunderbird_esr:17.0.1", "cpe:/a:mozilla:firefox:19.0", "cpe:/a:mozilla:firefox_esr:17.0.6", "cpe:/a:mozilla:firefox_esr:17.0.1", "cpe:/a:mozilla:firefox:21.0"], "id": "CVE-2013-1685", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1685", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox_esr:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:21.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:39", "description": "Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site.", "edition": 5, "cvss3": {}, "published": "2013-06-26T03:19:00", "title": "CVE-2013-1684", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1684"], "modified": "2017-09-19T01:36:00", "cpe": ["cpe:/a:mozilla:firefox:20.0.1", "cpe:/a:mozilla:firefox_esr:17.0.3", "cpe:/a:mozilla:firefox_esr:17.0.4", "cpe:/a:mozilla:thunderbird_esr:17.0.3", "cpe:/a:mozilla:firefox_esr:17.0.5", "cpe:/a:mozilla:firefox:20.0", "cpe:/a:mozilla:thunderbird:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0.5", "cpe:/a:mozilla:firefox:19.0.1", "cpe:/a:mozilla:firefox_esr:17.0.2", "cpe:/a:mozilla:thunderbird_esr:17.0.2", "cpe:/a:mozilla:thunderbird:17.0.2", "cpe:/a:mozilla:thunderbird_esr:17.0.4", "cpe:/a:mozilla:thunderbird:17.0.5", "cpe:/a:mozilla:thunderbird:17.0.4", "cpe:/a:mozilla:thunderbird:17.0.1", "cpe:/a:mozilla:firefox:19.0.2", "cpe:/a:mozilla:thunderbird:17.0.6", "cpe:/a:mozilla:firefox_esr:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0.6", "cpe:/a:mozilla:thunderbird:17.0.3", "cpe:/a:mozilla:thunderbird_esr:17.0.1", "cpe:/a:mozilla:firefox:19.0", "cpe:/a:mozilla:firefox_esr:17.0.6", "cpe:/a:mozilla:firefox_esr:17.0.1", "cpe:/a:mozilla:firefox:21.0"], "id": "CVE-2013-1684", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1684", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox_esr:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:21.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:39", "description": "Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site.", "edition": 5, "cvss3": {}, "published": "2013-06-26T03:19:00", "title": "CVE-2013-1692", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1692"], "modified": "2017-09-19T01:36:00", "cpe": ["cpe:/a:mozilla:firefox:20.0.1", "cpe:/a:mozilla:firefox_esr:17.0.3", "cpe:/a:mozilla:firefox_esr:17.0.4", "cpe:/a:mozilla:thunderbird_esr:17.0.3", "cpe:/a:mozilla:firefox_esr:17.0.5", "cpe:/a:mozilla:firefox:20.0", "cpe:/a:mozilla:thunderbird:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0.5", "cpe:/a:mozilla:firefox:19.0.1", "cpe:/a:mozilla:firefox_esr:17.0.2", "cpe:/a:mozilla:thunderbird_esr:17.0.2", "cpe:/a:mozilla:thunderbird:17.0.2", "cpe:/a:mozilla:thunderbird_esr:17.0.4", "cpe:/a:mozilla:thunderbird:17.0.5", "cpe:/a:mozilla:thunderbird:17.0.4", "cpe:/a:mozilla:thunderbird:17.0.1", "cpe:/a:mozilla:firefox:19.0.2", "cpe:/a:mozilla:thunderbird:17.0.6", "cpe:/a:mozilla:firefox_esr:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0.6", "cpe:/a:mozilla:thunderbird:17.0.3", "cpe:/a:mozilla:thunderbird_esr:17.0.1", "cpe:/a:mozilla:firefox:19.0", "cpe:/a:mozilla:firefox_esr:17.0.6", "cpe:/a:mozilla:firefox_esr:17.0.1", "cpe:/a:mozilla:firefox:21.0"], "id": "CVE-2013-1692", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1692", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mozilla:firefox_esr:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:21.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:39", "description": "The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by observing timing differences in execution of filter code.", "edition": 5, "cvss3": {}, "published": "2013-06-26T03:19:00", "title": "CVE-2013-1693", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1693"], "modified": "2017-09-19T01:36:00", "cpe": ["cpe:/a:mozilla:firefox:20.0.1", "cpe:/a:mozilla:firefox_esr:17.0.3", "cpe:/a:mozilla:firefox_esr:17.0.4", "cpe:/a:mozilla:thunderbird_esr:17.0.3", "cpe:/a:mozilla:firefox_esr:17.0.5", "cpe:/a:mozilla:firefox:20.0", "cpe:/a:mozilla:thunderbird:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0.5", "cpe:/a:mozilla:firefox:19.0.1", "cpe:/a:mozilla:firefox_esr:17.0.2", "cpe:/a:mozilla:thunderbird_esr:17.0.2", "cpe:/a:mozilla:thunderbird:17.0.2", "cpe:/a:mozilla:thunderbird_esr:17.0.4", "cpe:/a:mozilla:thunderbird:17.0.5", "cpe:/a:mozilla:thunderbird:17.0.4", "cpe:/a:mozilla:thunderbird:17.0.1", "cpe:/a:mozilla:firefox:19.0.2", "cpe:/a:mozilla:thunderbird:17.0.6", "cpe:/a:mozilla:firefox_esr:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0.6", "cpe:/a:mozilla:thunderbird:17.0.3", "cpe:/a:mozilla:thunderbird_esr:17.0.1", "cpe:/a:mozilla:firefox:19.0", "cpe:/a:mozilla:firefox_esr:17.0.6", "cpe:/a:mozilla:firefox_esr:17.0.1", "cpe:/a:mozilla:firefox:21.0"], "id": "CVE-2013-1693", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1693", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:mozilla:firefox_esr:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:21.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:39", "description": "The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site.", "edition": 5, "cvss3": {}, "published": "2013-06-26T03:19:00", "title": "CVE-2013-1687", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1687"], "modified": "2017-09-19T01:36:00", "cpe": ["cpe:/a:mozilla:firefox:20.0.1", "cpe:/a:mozilla:firefox_esr:17.0.3", "cpe:/a:mozilla:firefox_esr:17.0.4", "cpe:/a:mozilla:thunderbird_esr:17.0.3", "cpe:/a:mozilla:firefox_esr:17.0.5", "cpe:/a:mozilla:firefox:20.0", "cpe:/a:mozilla:thunderbird:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0.5", "cpe:/a:mozilla:firefox:19.0.1", "cpe:/a:mozilla:firefox_esr:17.0.2", "cpe:/a:mozilla:thunderbird_esr:17.0.2", "cpe:/a:mozilla:thunderbird:17.0.2", "cpe:/a:mozilla:thunderbird_esr:17.0.4", "cpe:/a:mozilla:thunderbird:17.0.5", "cpe:/a:mozilla:thunderbird:17.0.4", "cpe:/a:mozilla:thunderbird:17.0.1", "cpe:/a:mozilla:firefox:19.0.2", "cpe:/a:mozilla:thunderbird:17.0.6", "cpe:/a:mozilla:firefox_esr:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0.6", "cpe:/a:mozilla:thunderbird:17.0.3", "cpe:/a:mozilla:thunderbird_esr:17.0.1", "cpe:/a:mozilla:firefox:19.0", "cpe:/a:mozilla:firefox_esr:17.0.6", "cpe:/a:mozilla:firefox_esr:17.0.1", "cpe:/a:mozilla:firefox:21.0"], "id": "CVE-2013-1687", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1687", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox_esr:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:21.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:39", "description": "Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.", "edition": 5, "cvss3": {}, "published": "2013-06-26T03:19:00", "title": "CVE-2013-1686", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1686"], "modified": "2017-09-19T01:36:00", "cpe": ["cpe:/a:mozilla:firefox:20.0.1", "cpe:/a:mozilla:firefox_esr:17.0.3", "cpe:/a:mozilla:firefox_esr:17.0.4", "cpe:/a:mozilla:thunderbird_esr:17.0.3", "cpe:/a:mozilla:firefox_esr:17.0.5", "cpe:/a:mozilla:firefox:20.0", "cpe:/a:mozilla:thunderbird:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0.5", "cpe:/a:mozilla:firefox:19.0.1", "cpe:/a:mozilla:firefox_esr:17.0.2", "cpe:/a:mozilla:thunderbird_esr:17.0.2", "cpe:/a:mozilla:thunderbird:17.0.2", "cpe:/a:mozilla:thunderbird_esr:17.0.4", "cpe:/a:mozilla:thunderbird:17.0.5", "cpe:/a:mozilla:thunderbird:17.0.4", "cpe:/a:mozilla:thunderbird:17.0.1", "cpe:/a:mozilla:firefox:19.0.2", "cpe:/a:mozilla:thunderbird:17.0.6", "cpe:/a:mozilla:firefox_esr:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0.6", "cpe:/a:mozilla:thunderbird:17.0.3", "cpe:/a:mozilla:thunderbird_esr:17.0.1", "cpe:/a:mozilla:firefox:19.0", "cpe:/a:mozilla:firefox_esr:17.0.6", "cpe:/a:mozilla:firefox_esr:17.0.1", "cpe:/a:mozilla:firefox:21.0"], "id": "CVE-2013-1686", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1686", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox_esr:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:21.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:39", "description": "Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.", "edition": 5, "cvss3": {}, "published": "2013-06-26T03:19:00", "title": "CVE-2013-1690", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1690"], "modified": "2017-09-19T01:36:00", "cpe": ["cpe:/a:mozilla:firefox:20.0.1", "cpe:/a:mozilla:firefox_esr:17.0.3", "cpe:/a:mozilla:firefox_esr:17.0.4", "cpe:/a:mozilla:thunderbird_esr:17.0.3", "cpe:/a:mozilla:firefox_esr:17.0.5", "cpe:/a:mozilla:firefox:20.0", "cpe:/a:mozilla:thunderbird:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0.5", "cpe:/a:mozilla:firefox:19.0.1", "cpe:/a:mozilla:firefox_esr:17.0.2", "cpe:/a:mozilla:thunderbird_esr:17.0.2", "cpe:/a:mozilla:thunderbird:17.0.2", "cpe:/a:mozilla:thunderbird_esr:17.0.4", "cpe:/a:mozilla:thunderbird:17.0.5", "cpe:/a:mozilla:thunderbird:17.0.4", "cpe:/a:mozilla:thunderbird:17.0.1", "cpe:/a:mozilla:firefox:19.0.2", "cpe:/a:mozilla:thunderbird:17.0.6", "cpe:/a:mozilla:firefox_esr:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0.6", "cpe:/a:mozilla:thunderbird:17.0.3", "cpe:/a:mozilla:thunderbird_esr:17.0.1", "cpe:/a:mozilla:firefox:19.0", "cpe:/a:mozilla:firefox_esr:17.0.6", "cpe:/a:mozilla:firefox_esr:17.0.1", "cpe:/a:mozilla:firefox:21.0"], "id": "CVE-2013-1690", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1690", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox_esr:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:21.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:39", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "edition": 5, "cvss3": {}, "published": "2013-06-26T03:19:00", "title": "CVE-2013-1682", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1682"], "modified": "2017-09-19T01:36:00", "cpe": ["cpe:/a:mozilla:firefox:20.0.1", "cpe:/a:mozilla:firefox_esr:17.0.3", "cpe:/a:mozilla:firefox_esr:17.0.4", "cpe:/a:mozilla:thunderbird_esr:17.0.3", "cpe:/a:mozilla:firefox_esr:17.0.5", "cpe:/a:mozilla:firefox:20.0", "cpe:/a:mozilla:thunderbird:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0.5", "cpe:/a:mozilla:firefox:19.0.1", "cpe:/a:mozilla:firefox_esr:17.0.2", "cpe:/a:mozilla:thunderbird_esr:17.0.2", "cpe:/a:mozilla:thunderbird:17.0.2", "cpe:/a:mozilla:thunderbird_esr:17.0.4", "cpe:/a:mozilla:thunderbird:17.0.5", "cpe:/a:mozilla:thunderbird:17.0.4", "cpe:/a:mozilla:thunderbird:17.0.1", "cpe:/a:mozilla:firefox:19.0.2", "cpe:/a:mozilla:thunderbird:17.0.6", "cpe:/a:mozilla:firefox_esr:17.0", "cpe:/a:mozilla:thunderbird_esr:17.0.6", "cpe:/a:mozilla:thunderbird:17.0.3", "cpe:/a:mozilla:thunderbird_esr:17.0.1", "cpe:/a:mozilla:firefox:19.0", "cpe:/a:mozilla:firefox_esr:17.0.6", "cpe:/a:mozilla:firefox_esr:17.0.1", "cpe:/a:mozilla:firefox:21.0"], "id": "CVE-2013-1682", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1682", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox_esr:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:21.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:17.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:17.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:17.0.2:*:*:*:*:*:*:*"]}]}