Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_MOZILLAFIREFOX-5134.NASL
HistoryApr 01, 2008 - 12:00 a.m.

SuSE 10 Security Update : Security update for (ZYPP Patch Number 5134)

2008-04-0100:00:00
This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
JSON

This update brings Mozilla Firefox to security update version 2.0.0.13

Following security problems were fixed :

  • XUL popup spoofing variant (cross-tab popups). (MFSA 2008-19 / CVE-2008-1241)

  • Java socket connection to any local port via LiveConnect. (MFSA 2008-18 / CVE-2008-1195 / CVE-2008-1240)

  • Privacy issue with SSL Client Authentication. (MFSA 2008-17 / CVE-2007-4879)

  • HTTP Referrer spoofing with malformed URLs. (MFSA 2008-16 / CVE-2008-1238)

  • Crashes with evidence of memory corruption (rv:1.8.1.13). (MFSA 2008-15 / CVE-2008-1236 / CVE-2008-1237)

  • JavaScript privilege escalation and arbitrary code execution. (MFSA 2008-14 / CVE-2008-1233 / CVE-2008-1234 / CVE-2008-1235)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(31722);
  script_version("1.21");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241");

  script_name(english:"SuSE 10 Security Update : Security update for (ZYPP Patch Number 5134)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 10 host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update brings Mozilla Firefox to security update version 2.0.0.13

Following security problems were fixed :

  - XUL popup spoofing variant (cross-tab popups). (MFSA
    2008-19 / CVE-2008-1241)

  - Java socket connection to any local port via
    LiveConnect. (MFSA 2008-18 / CVE-2008-1195 /
    CVE-2008-1240)

  - Privacy issue with SSL Client Authentication. (MFSA
    2008-17 / CVE-2007-4879)

  - HTTP Referrer spoofing with malformed URLs. (MFSA
    2008-16 / CVE-2008-1238)

  - Crashes with evidence of memory corruption
    (rv:1.8.1.13). (MFSA 2008-15 / CVE-2008-1236 /
    CVE-2008-1237)

  - JavaScript privilege escalation and arbitrary code
    execution. (MFSA 2008-14 / CVE-2008-1233 / CVE-2008-1234
    / CVE-2008-1235)"
  );
  # http://www.mozilla.org/security/announce/2008/mfsa2008-14.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-14/"
  );
  # http://www.mozilla.org/security/announce/2008/mfsa2008-15.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-15/"
  );
  # http://www.mozilla.org/security/announce/2008/mfsa2008-16.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-16/"
  );
  # http://www.mozilla.org/security/announce/2008/mfsa2008-17.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-17/"
  );
  # http://www.mozilla.org/security/announce/2008/mfsa2008-18.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-18/"
  );
  # http://www.mozilla.org/security/announce/2008/mfsa2008-19.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-19/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2007-4879.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-1195.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-1233.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-1234.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-1235.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-1236.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-1237.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-1238.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-1240.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-1241.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 5134.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_cwe_id(59, 79, 94, 287, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2007/09/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2008/03/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");


flag = 0;
if (rpm_check(release:"SLED10", sp:1, reference:"MozillaFirefox-2.0.0.13-0.2")) flag++;
if (rpm_check(release:"SLED10", sp:1, reference:"MozillaFirefox-translations-2.0.0.13-0.2")) flag++;
if (rpm_check(release:"SLES10", sp:1, reference:"MozillaFirefox-2.0.0.13-0.2")) flag++;
if (rpm_check(release:"SLES10", sp:1, reference:"MozillaFirefox-translations-2.0.0.13-0.2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else exit(0, "The host is not affected.");
VendorProductVersionCPE
susesuse_linuxcpe:/o:suse:suse_linux

References

Related

nessus 32
openvas 112
suse 1
seebug 1
freebsd 1
securityvulns 1
fedora 30
ubuntu 2
centos 4
redhat 3
oraclelinux 3
debian 4
osv 4
slackware 1
nessus
nessus
openSUSE 10 Security Update : seamonkey (seamonkey-5153)
2008-04-11 00:00:00
RHEL 4 / 5 : firefox (RHSA-2008:0207)
2008-03-28 00:00:00
Oracle Linux 4 / 5 : firefox (ELSA-2008-0207)
2013-07-12 00:00:00
openvas
openvas
SLES9: Security update for Mozilla
2009-10-10 00:00:00
Mandriva Update for mozilla-firefox MDVSA-2008:080 (mozilla-firefox)
2009-04-09 00:00:00
SLES10: Security update for epiphany
2009-10-13 00:00:00
suse
suse
remote code execution in MozillaFirefox
2008-04-04 15:01:05
seebug
seebug
Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.13版本修复多个安全漏洞
2008-03-31 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2008-03-26 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Seamonkey multiple security vulnerabilities
2008-03-28 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: devhelp-0.16.1-6.fc8
2008-03-26 17:14:06
[SECURITY] Fedora 7 Update: devhelp-0.13-15.fc7
2008-03-26 17:11:47
[SECURITY] Fedora 8 Update: gnome-python2-extras-2.19.1-13.fc8
2008-03-26 17:14:05
ubuntu
ubuntu
Firefox vulnerabilities
2008-03-26 00:00:00
Thunderbird vulnerabilities
2008-05-06 00:00:00
centos
centos
thunderbird security update
2008-04-10 17:03:24
firefox security update
2008-03-27 14:36:53
seamonkey security update
2008-03-28 04:51:58
redhat
redhat
(RHSA-2008:0209) Moderate: thunderbird security update
2008-04-03 00:00:00
(RHSA-2008:0207) Critical: firefox security update
2008-03-26 00:00:00
(RHSA-2008:0208) Critical: seamonkey security update
2008-03-27 00:00:00
oraclelinux
oraclelinux
firefox security update
2008-03-27 00:00:00
thunderbird security update
2008-04-03 00:00:00
seamonkey security update
2008-03-28 00:00:00
debian
debian
[SECURITY] [DSA 1532-1] New xulrunner packages fix several vulnerabilities
2008-03-27 22:01:06
[SECURITY] [DSA 1535-1] New iceweasel packages fix several vulnerabilities
2008-03-30 12:22:31
[SECURITY] [DSA 1534-1] New iceape packages fix several vulnerabilities
2008-03-28 13:48:02
osv
osv
iceape - regression
2008-03-28 00:00:00
iceweasel
2008-03-30 00:00:00
xulrunner
2008-03-27 00:00:00
slackware
slackware
[slackware-security] mozilla-thunderbird
2008-05-08 03:53:40
JSON
Related for SUSE_MOZILLAFIREFOX-5134.NASL
nessus32openvas112suse1seebug1freebsd1securityvulns1fedora30ubuntu2centos4redhat3oraclelinux3debian4osv4slackware1