Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2008-2021 Tenable Network Security, Inc.SUSE_MOZILLA-XULRUNNER-5163.NASL
HistoryApr 22, 2008 - 12:00 a.m.

openSUSE 10 Security Update : mozilla-xulrunner (mozilla-xulrunner-5163)

2008-04-2200:00:00
This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.
www.tenable.com
35
JSON

This update brings the Mozilla XULRunner engine to security update version level 1.1.9

Following security problems were fixed :

  • MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant (cross-tab popups)

  • MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java socket connection to any local port via LiveConnect

  • MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL Client Authentication

  • MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with malformed URLs

  • MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with evidence of memory corruption (rv:1.8.1.13)

  • MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235: JavaScript privilege escalation and arbitrary code execution.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update mozilla-xulrunner-5163.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(32025);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241");

  script_name(english:"openSUSE 10 Security Update : mozilla-xulrunner (mozilla-xulrunner-5163)");
  script_summary(english:"Check for the mozilla-xulrunner-5163 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update brings the Mozilla XULRunner engine to security update
version level 1.1.9

Following security problems were fixed :

  - MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant
    (cross-tab popups)

  - MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java
    socket connection to any local port via LiveConnect

  - MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL
    Client Authentication

  - MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with
    malformed URLs

  - MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes
    with evidence of memory corruption (rv:1.8.1.13)

  - MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and
    CVE-2008-1235: JavaScript privilege escalation and
    arbitrary code execution."
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected mozilla-xulrunner packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_cwe_id(59, 79, 94, 287, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:epiphany");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:epiphany-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gecko-sdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/04/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/22");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE10.1", reference:"epiphany-1.8.5-14.6") ) flag++;
if ( rpm_check(release:"SUSE10.1", reference:"epiphany-devel-1.8.5-14.6") ) flag++;
if ( rpm_check(release:"SUSE10.1", reference:"gecko-sdk-1.8.0.14eol-0.5") ) flag++;
if ( rpm_check(release:"SUSE10.1", reference:"mozilla-xulrunner-1.8.0.14eol-0.5") ) flag++;
if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"mozilla-xulrunner-32bit-1.8.0.14eol-0.5") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "epiphany / epiphany-devel / gecko-sdk / mozilla-xulrunner / etc");
}
VendorProductVersionCPE
novellopensuseepiphanyp-cpe:/a:novell:opensuse:epiphany
novellopensuseepiphany-develp-cpe:/a:novell:opensuse:epiphany-devel
novellopensusegecko-sdkp-cpe:/a:novell:opensuse:gecko-sdk
novellopensusemozilla-xulrunnerp-cpe:/a:novell:opensuse:mozilla-xulrunner
novellopensusemozilla-xulrunner-32bitp-cpe:/a:novell:opensuse:mozilla-xulrunner-32bit
novellopensuse10.1cpe:/o:novell:opensuse:10.1

Related

openvas 87
nessus 37
suse 1
freebsd 1
securityvulns 5
seebug 1
ubuntu 2
redhat 3
fedora 32
centos 4
oraclelinux 3
osv 5
debian 5
slackware 1
mozilla 4
cert 1
prion 2
cve 2
ubuntucve 2
gentoo 1
openvas
openvas
Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Windows)
2008-06-17 00:00:00
SLES9: Security update for Mozilla
2009-10-10 00:00:00
Mandriva Update for mozilla-firefox MDVSA-2008:080 (mozilla-firefox)
2009-04-09 00:00:00
nessus
nessus
openSUSE 10 Security Update : seamonkey (seamonkey-5153)
2008-04-11 00:00:00
RHEL 4 / 5 : firefox (RHSA-2008:0207)
2008-03-28 00:00:00
Oracle Linux 4 / 5 : firefox (ELSA-2008-0207)
2013-07-12 00:00:00
suse
suse
remote code execution in MozillaFirefox
2008-04-04 15:01:05
freebsd
freebsd
mozilla -- multiple vulnerabilities
2008-03-26 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Seamonkey multiple security vulnerabilities
2008-03-28 00:00:00
Mozilla Foundation Security Advisory 2008-14
2008-03-26 00:00:00
Mozilla Foundation Security Advisory 2008-18
2008-03-26 00:00:00
seebug
seebug
Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.13版本修复多个安全漏洞
2008-03-31 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2008-03-26 00:00:00
Thunderbird vulnerabilities
2008-05-06 00:00:00
redhat
redhat
(RHSA-2008:0209) Moderate: thunderbird security update
2008-04-03 00:00:00
(RHSA-2008:0207) Critical: firefox security update
2008-03-26 00:00:00
(RHSA-2008:0208) Critical: seamonkey security update
2008-03-27 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: epiphany-extensions-2.20.1-6.fc8
2008-03-26 17:14:06
[SECURITY] Fedora 8 Update: gtkmozembedmm-1.4.2.cvs20060817-19.fc8
2008-03-26 17:14:06
[SECURITY] Fedora 7 Update: openvrml-0.16.7-4.fc7
2008-03-26 17:11:48
centos
centos
firefox security update
2008-03-27 14:36:53
thunderbird security update
2008-04-10 17:03:24
seamonkey security update
2008-03-28 04:51:58
oraclelinux
oraclelinux
firefox security update
2008-03-27 00:00:00
thunderbird security update
2008-04-03 00:00:00
seamonkey security update
2008-03-28 00:00:00
osv
osv
iceape - regression
2008-03-28 00:00:00
iceweasel
2008-03-30 00:00:00
xulrunner
2008-03-27 00:00:00
debian
debian
[SECURITY] [DSA 1534-1] New iceape packages fix several vulnerabilities
2008-03-28 13:48:02
[SECURITY] [DSA 1534-2] New iceape packages fix regression
2008-04-24 21:02:40
[SECURITY] [DSA 1535-1] New iceweasel packages fix several vulnerabilities
2008-03-30 12:22:31
slackware
slackware
[slackware-security] mozilla-thunderbird
2008-05-08 03:53:40
mozilla
mozilla
JavaScript privilege escalation and arbitrary code execution — Mozilla
2008-03-25 00:00:00
Java socket connection to any local port via LiveConnect — Mozilla
2008-03-25 00:00:00
Crashes with evidence of memory corruption (rv:1.8.1.13) — Mozilla
2008-03-25 00:00:00
cert
cert
Mozilla JavaScript privilege escalation
2008-03-27 00:00:00
prion
prion
Design/Logic Flaw
2008-03-28 01:44:00
Code injection
2007-09-13 18:17:00
cve
cve
CVE-2008-1240
2008-03-28 01:44:00
CVE-2007-4879
2007-09-13 18:17:00
ubuntucve
ubuntucve
CVE-2008-1240
2008-03-28 00:00:00
CVE-2007-4879
2007-09-13 00:00:00
gentoo
gentoo
Mozilla products: Multiple vulnerabilities
2008-05-20 00:00:00
JSON
Related for SUSE_MOZILLA-XULRUNNER-5163.NASL
openvas87nessus37suse1freebsd1securityvulns5seebug1ubuntu2redhat3fedora32centos4oraclelinux3osv5debian5slackware1mozilla4cert1prion2cve2ubuntucve2gentoo1