This update brings Mozilla Firefox to version 3.5.15, fixing various bugs and security issues.
The following security issues were fixed :
Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-49 / CVE-2010-3169)
Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. (MFSA 2010-50 / CVE-2010-2765)
Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim’s computer. (MFSA 2010-51 / CVE-2010-2767)
Security researcher Haifei Li of FortiGuard Labs reported that Firefox could be used to load a malicious code library that had been planted on a victim’s computer. Firefox attempts to load dwmapi.dll upon startup as part of its platform detection, so on systems that don’t have this library, such as Windows XP, Firefox will subsequently attempt to load the library from the current working directory. An attacker could use this vulnerability to trick a user into downloading a HTML file and a malicious copy of dwmapi.dll into the same directory on their computer and opening the HTML file with Firefox, thus causing the malicious code to be executed. If the attacker was on the same network as the victim, the malicious DLL could also be loaded via a UNC path. The attack also requires that Firefox not currently be running when it is asked to open the HTML file and accompanying DLL. As this is a Windows only problem, it does not affect the Linux version. It is listed for completeness only. (MFSA 2010-52 / CVE-2010-3131)
Security researcher wushi of team509 reported a heap buffer overflow in code routines responsible for transforming text runs. A page could be constructed with a bidirectional text run which upon reflow could result in an incorrect length being calculated for the run of text. When this value is subsequently used to allocate memory for the text too small a buffer may be created potentially resulting in a buffer overflow and the execution of attacker controlled memory. (MFSA 2010-53 / CVE-2010-3166)
Security researcher regenrecht reported via TippingPoint’s Zero Day Initiative that there was a remaining dangling pointer issue leftover from the fix to CVE-2010-2753. Under certain circumstances one of the pointers held by a XUL tree selection could be freed and then later reused, potentially resulting in the execution of attacker-controlled memory. (MFSA 2010-54 / CVE-2010-2760)
Security researcher regenrecht reported via TippingPoint’s Zero Day Initiative that XUL objects could be manipulated such that the setting of certain properties on the object would trigger the removal of the tree from the DOM and cause certain sections of deleted memory to be accessed. In products based on Gecko version 1.9.2 (Firefox 3.6, Thunderbird 3.1) and newer this memory has been overwritten by a value that will cause an unexploitable crash. In products based on Gecko version 1.9.1 (Firefox 3.5, Thunderbird 3.0, and SeaMonkey 2.0) and older an attacker could potentially use this vulnerability to crash a victim’s browser and run arbitrary code on their computer. (MFSA 2010-55 / CVE-2010-3168)
Security researcher regenrecht reported via TippingPoint’s Zero Day Initiative that the implementation of XUL’s content view contains a dangling pointer vulnerability. One of the content view’s methods for accessing the internal structure of the tree could be manipulated into removing a node prior to accessing it, resulting in the accessing of deleted memory. If an attacker can control the contents of the deleted memory prior to its access they could use this vulnerability to run arbitrary code on a victim’s machine. (MFSA 2010-56 / CVE-2010-3167)
Security researcher regenrecht reported via TippingPoint’s Zero Day Initiative that code used to normalize a document contained a logical flaw that could be leveraged to run arbitrary code. When the normalization code ran, a static count of the document’s child nodes was used in the traversal, so a page could be constructed that would remove DOM nodes during this normalization which could lead to the accessing of a deleted object and potentially the execution of attacker-controlled memory. (MFSA 2010-57 / CVE-2010-2766)
Security researcher Marc Schoenefeld reported that a specially crafted font could be applied to a document and cause a crash on Mac systems. The crash showed signs of memory corruption and presumably could be used by an attacker to execute arbitrary code on a victim’s computer. This issue probably does not affect the Linux builds and so is listed for completeness. (MFSA 2010-58 / CVE-2010-2770)
Mozilla developer Blake Kaplan reported that the wrapper class XPCSafeJSObjectWrapper (SJOW), a security wrapper that allows content-defined objects to be safely accessed by privileged code, creates scope chains ending in outer objects. Users of SJOWs which expect the scope chain to end on an inner object may be handed a chrome privileged object which could be leveraged to run arbitrary JavaScript with chrome privileges. Michal Zalewski’s recent contributions helped to identify this architectural weakness. (MFSA 2010-59 / CVE-2010-2762)
Mozilla security researcher mozbugr_a4 reported that the wrapper class XPCSafeJSObjectWrapper (SJOW) on the Mozilla 1.9.1 development branch has a logical error in its scripted function implementation that allows the caller to run the function within the context of another site. This is a violation of the same-origin policy and could be used to mount an XSS attack. (MFSA 2010-60 / CVE-2010-2763)
Security researchers David Huang and Collin Jackson of Carnegie Mellon University CyLab (Silicon Valley campus) reported that the type attribute of an tag can override the charset of a framed HTML document, even when the document is included across origins. A page could be constructed containing such an tag which sets the charset of the framed document to UTF-7. This could potentially allow an attacker to inject UTF-7 encoded JavaScript into a site, bypassing the site’s XSS filters, and then executing the code using the above technique. (MFSA 2010-61 / CVE-2010-2768)
Security researcher Paul Stone reported that when an HTML selection containing JavaScript is copy-and-pasted or dropped onto a document with designMode enabled the JavaScript will be executed within the context of the site where the code was dropped. A malicious site could leverage this issue in an XSS attack by persuading a user into taking such an action and in the process running malicious JavaScript within the context of another site. (MFSA 2010-62 / CVE-2010-2769)
Matt Haggard reported that the statusText property of an XMLHttpRequest object is readable by the requestor even when the request is made across origins. This status information reveals the presence of a web server and could be used to gather information about servers on internal private networks. This issue was also independently reported to Mozilla by Nicholas Berthaume.
(MFSA 2010-63 / CVE-2010-2764)
Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References. (MFSA 2010-64)
Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.
o Memory safety bugs - Firefox 3.6, Firefox 3.5 o CVE-2010-3176
Jesse Ruderman reported a crash which affected Firefox 3.5 only.
o https://bugzilla.mozilla.org/show_bug.cgi?id=476547 o CVE-2010-3174
Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim’s browser and potentially run arbitrary code on their computer. (MFSA 2010-65 / CVE-2010-3179)
Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window’s memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory. (MFSA 2010-66 / CVE-2010-3180)
Security researcher regenrecht reported via TippingPoint’s Zero Day Initiative that when window.lookupGetter is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine which calls through the dangling pointer, potentially executing attacker-controlled memory. (MFSA 2010-67 / CVE-2010-3183)
Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the script would then run in a victim’s browser within the context of the site. (MFSA 2010-68 / CVE-2010-3177)
Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript: URL to make a modal call, such as alert(), then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in the navigated window. This is a violation of the same-origin policy and could be used by an attacker to steal information from another website.
(MFSA 2010-69 / CVE-2010-3178)
Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority. (MFSA 2010-70 / CVE-2010-3170)
Dmitri Gribenko reported that the script used to launch Mozilla applications on Linux was effectively including the current working directory in the LD_LIBRARY_PATH environment variable. If an attacker was able to place into the current working directory a malicious shared library with the same name as a library that the bootstrapping script depends on the attacker could have their library loaded instead of the legitimate library.
(MFSA 2010-71 / CVE-2010-3182)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#
if (NASL_LEVEL < 3000) exit(0);
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(50488);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2010-2753", "CVE-2010-2760", "CVE-2010-2762", "CVE-2010-2763", "CVE-2010-2764", "CVE-2010-2765", "CVE-2010-2766", "CVE-2010-2767", "CVE-2010-2768", "CVE-2010-2769", "CVE-2010-2770", "CVE-2010-3131", "CVE-2010-3166", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-3169", "CVE-2010-3170", "CVE-2010-3174", "CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183");
script_name(english:"SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7208)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote SuSE 10 host is missing a security-related patch."
);
script_set_attribute(
attribute:"description",
value:
"This update brings Mozilla Firefox to version 3.5.15, fixing various
bugs and security issues.
The following security issues were fixed :
- Mozilla developers identified and fixed several memory
safety bugs in the browser engine used in Firefox and
other Mozilla-based products. Some of these bugs showed
evidence of memory corruption under certain
circumstances, and we presume that with enough effort at
least some of these could be exploited to run arbitrary
code. (MFSA 2010-49 / CVE-2010-3169)
- Security researcher Chris Rohlf of Matasano Security
reported that the implementation of the HTML frameset
element contained an integer overflow vulnerability. The
code responsible for parsing the frameset columns used
an 8-byte counter for the column numbers, so when a very
large number of columns was passed in the counter would
overflow. When this counter was subsequently used to
allocate memory for the frameset, the memory buffer
would be too small, potentially resulting in a heap
buffer overflow and execution of attacker-controlled
memory. (MFSA 2010-50 / CVE-2010-2765)
- Security researcher Sergey Glazunov reported a dangling
pointer vulnerability in the implementation of
navigator.plugins in which the navigator object could
retain a pointer to the plugins array even after it had
been destroyed. An attacker could potentially use this
issue to crash the browser and run arbitrary code on a
victim's computer. (MFSA 2010-51 / CVE-2010-2767)
- Security researcher Haifei Li of FortiGuard Labs
reported that Firefox could be used to load a malicious
code library that had been planted on a victim's
computer. Firefox attempts to load dwmapi.dll upon
startup as part of its platform detection, so on systems
that don't have this library, such as Windows XP,
Firefox will subsequently attempt to load the library
from the current working directory. An attacker could
use this vulnerability to trick a user into downloading
a HTML file and a malicious copy of dwmapi.dll into the
same directory on their computer and opening the HTML
file with Firefox, thus causing the malicious code to be
executed. If the attacker was on the same network as the
victim, the malicious DLL could also be loaded via a UNC
path. The attack also requires that Firefox not
currently be running when it is asked to open the HTML
file and accompanying DLL. As this is a Windows only
problem, it does not affect the Linux version. It is
listed for completeness only. (MFSA 2010-52 /
CVE-2010-3131)
- Security researcher wushi of team509 reported a heap
buffer overflow in code routines responsible for
transforming text runs. A page could be constructed with
a bidirectional text run which upon reflow could result
in an incorrect length being calculated for the run of
text. When this value is subsequently used to allocate
memory for the text too small a buffer may be created
potentially resulting in a buffer overflow and the
execution of attacker controlled memory. (MFSA 2010-53 /
CVE-2010-3166)
- Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative that there was a
remaining dangling pointer issue leftover from the fix
to CVE-2010-2753. Under certain circumstances one of the
pointers held by a XUL tree selection could be freed and
then later reused, potentially resulting in the
execution of attacker-controlled memory. (MFSA 2010-54 /
CVE-2010-2760)
- Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative that XUL objects
could be manipulated such that the setting of certain
properties on the object would trigger the removal of
the tree from the DOM and cause certain sections of
deleted memory to be accessed. In products based on
Gecko version 1.9.2 (Firefox 3.6, Thunderbird 3.1) and
newer this memory has been overwritten by a value that
will cause an unexploitable crash. In products based on
Gecko version 1.9.1 (Firefox 3.5, Thunderbird 3.0, and
SeaMonkey 2.0) and older an attacker could potentially
use this vulnerability to crash a victim's browser and
run arbitrary code on their computer. (MFSA 2010-55 /
CVE-2010-3168)
- Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative that the
implementation of XUL's content view contains a dangling
pointer vulnerability. One of the content view's methods
for accessing the internal structure of the tree could
be manipulated into removing a node prior to accessing
it, resulting in the accessing of deleted memory. If an
attacker can control the contents of the deleted memory
prior to its access they could use this vulnerability to
run arbitrary code on a victim's machine. (MFSA 2010-56
/ CVE-2010-3167)
- Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative that code used to
normalize a document contained a logical flaw that could
be leveraged to run arbitrary code. When the
normalization code ran, a static count of the document's
child nodes was used in the traversal, so a page could
be constructed that would remove DOM nodes during this
normalization which could lead to the accessing of a
deleted object and potentially the execution of
attacker-controlled memory. (MFSA 2010-57 /
CVE-2010-2766)
- Security researcher Marc Schoenefeld reported that a
specially crafted font could be applied to a document
and cause a crash on Mac systems. The crash showed signs
of memory corruption and presumably could be used by an
attacker to execute arbitrary code on a victim's
computer. This issue probably does not affect the Linux
builds and so is listed for completeness. (MFSA 2010-58
/ CVE-2010-2770)
- Mozilla developer Blake Kaplan reported that the wrapper
class XPCSafeJSObjectWrapper (SJOW), a security wrapper
that allows content-defined objects to be safely
accessed by privileged code, creates scope chains ending
in outer objects. Users of SJOWs which expect the scope
chain to end on an inner object may be handed a chrome
privileged object which could be leveraged to run
arbitrary JavaScript with chrome privileges. Michal
Zalewski's recent contributions helped to identify this
architectural weakness. (MFSA 2010-59 / CVE-2010-2762)
- Mozilla security researcher mozbugr_a4 reported that the
wrapper class XPCSafeJSObjectWrapper (SJOW) on the
Mozilla 1.9.1 development branch has a logical error in
its scripted function implementation that allows the
caller to run the function within the context of another
site. This is a violation of the same-origin policy and
could be used to mount an XSS attack. (MFSA 2010-60 /
CVE-2010-2763)
- Security researchers David Huang and Collin Jackson of
Carnegie Mellon University CyLab (Silicon Valley campus)
reported that the type attribute of an tag can override
the charset of a framed HTML document, even when the
document is included across origins. A page could be
constructed containing such an tag which sets the
charset of the framed document to UTF-7. This could
potentially allow an attacker to inject UTF-7 encoded
JavaScript into a site, bypassing the site's XSS
filters, and then executing the code using the above
technique. (MFSA 2010-61 / CVE-2010-2768)
- Security researcher Paul Stone reported that when an
HTML selection containing JavaScript is copy-and-pasted
or dropped onto a document with designMode enabled the
JavaScript will be executed within the context of the
site where the code was dropped. A malicious site could
leverage this issue in an XSS attack by persuading a
user into taking such an action and in the process
running malicious JavaScript within the context of
another site. (MFSA 2010-62 / CVE-2010-2769)
- Matt Haggard reported that the statusText property of an
XMLHttpRequest object is readable by the requestor even
when the request is made across origins. This status
information reveals the presence of a web server and
could be used to gather information about servers on
internal private networks. This issue was also
independently reported to Mozilla by Nicholas Berthaume.
(MFSA 2010-63 / CVE-2010-2764)
- Mozilla developers identified and fixed several memory
safety bugs in the browser engine used in Firefox and
other Mozilla-based products. Some of these bugs showed
evidence of memory corruption under certain
circumstances, and we presume that with enough effort at
least some of these could be exploited to run arbitrary
code. References. (MFSA 2010-64)
Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor
Bukanov and Josh Soref reported memory safety problems
that affected Firefox 3.6 and Firefox 3.5.
o Memory safety bugs - Firefox 3.6, Firefox 3.5 o CVE-2010-3176
Jesse Ruderman reported a crash which affected Firefox 3.5
only.
o https://bugzilla.mozilla.org/show_bug.cgi?id=476547 o CVE-2010-3174
- Security researcher Alexander Miller reported that
passing an excessively long string to document.write
could cause text rendering routines to end up in an
inconsistent state with sections of stack memory being
overwritten with the string data. An attacker could use
this flaw to crash a victim's browser and potentially
run arbitrary code on their computer. (MFSA 2010-65 /
CVE-2010-3179)
- Security researcher Sergey Glazunov reported that it was
possible to access the locationbar property of a window
object after it had been closed. Since the closed
window's memory could have been subsequently reused by
the system it was possible that an attempt to access the
locationbar property could result in the execution of
attacker-controlled memory. (MFSA 2010-66 /
CVE-2010-3180)
- Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative that when
window.__lookupGetter__ is called with no arguments the
code assumes the top JavaScript stack value is a
property name. Since there were no arguments passed into
the function, the top value could represent
uninitialized memory or a pointer to a previously freed
JavaScript object. Under such circumstances the value is
passed to another subroutine which calls through the
dangling pointer, potentially executing
attacker-controlled memory. (MFSA 2010-67 /
CVE-2010-3183)
- Google security researcher Robert Swiecki reported that
functions used by the Gopher parser to convert text to
HTML tags could be exploited to turn text into
executable JavaScript. If an attacker could create a
file or directory on a Gopher server with the encoded
script as part of its name the script would then run in
a victim's browser within the context of the site. (MFSA
2010-68 / CVE-2010-3177)
- Security researcher Eduardo Vela Nava reported that if a
web page opened a new window and used a javascript: URL
to make a modal call, such as alert(), then subsequently
navigated the page to a different domain, once the modal
call returned the opener of the window could get access
to objects in the navigated window. This is a violation
of the same-origin policy and could be used by an
attacker to steal information from another website.
(MFSA 2010-69 / CVE-2010-3178)
- Security researcher Richard Moore reported that when an
SSL certificate was created with a common name
containing a wildcard followed by a partial IP address a
valid SSL connection could be established with a server
whose IP address matched the wildcard range by browsing
directly to the IP address. It is extremely unlikely
that such a certificate would be issued by a Certificate
Authority. (MFSA 2010-70 / CVE-2010-3170)
- Dmitri Gribenko reported that the script used to launch
Mozilla applications on Linux was effectively including
the current working directory in the LD_LIBRARY_PATH
environment variable. If an attacker was able to place
into the current working directory a malicious shared
library with the same name as a library that the
bootstrapping script depends on the attacker could have
their library loaded instead of the legitimate library.
(MFSA 2010-71 / CVE-2010-3182)"
);
# http://www.mozilla.org/security/announce/2010/mfsa2010-49.html
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-49/"
);
# http://www.mozilla.org/security/announce/2010/mfsa2010-50.html
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-50/"
);
# http://www.mozilla.org/security/announce/2010/mfsa2010-51.html
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-51/"
);
# http://www.mozilla.org/security/announce/2010/mfsa2010-52.html
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-52/"
);
# http://www.mozilla.org/security/announce/2010/mfsa2010-53.html
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-53/"
);
# http://www.mozilla.org/security/announce/2010/mfsa2010-54.html
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-54/"
);
# http://www.mozilla.org/security/announce/2010/mfsa2010-55.html
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-55/"
);
# http://www.mozilla.org/security/announce/2010/mfsa2010-56.html
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-56/"
);
# http://www.mozilla.org/security/announce/2010/mfsa2010-57.html
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-57/"
);
# http://www.mozilla.org/security/announce/2010/mfsa2010-58.html
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-58/"
);
# http://www.mozilla.org/security/announce/2010/mfsa2010-59.html
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-59/"
);
# http://www.mozilla.org/security/announce/2010/mfsa2010-60.html
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-60/"
);
# http://www.mozilla.org/security/announce/2010/mfsa2010-61.html
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-61/"
);
# http://www.mozilla.org/security/announce/2010/mfsa2010-62.html
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-62/"
);
# http://www.mozilla.org/security/announce/2010/mfsa2010-63.html
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-63/"
);
# http://www.mozilla.org/security/announce/2010/mfsa2010-64.html
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-64/"
);
# http://www.mozilla.org/security/announce/2010/mfsa2010-65.html
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-65/"
);
# http://www.mozilla.org/security/announce/2010/mfsa2010-66.html
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-66/"
);
# http://www.mozilla.org/security/announce/2010/mfsa2010-67.html
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-67/"
);
# http://www.mozilla.org/security/announce/2010/mfsa2010-68.html
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-68/"
);
# http://www.mozilla.org/security/announce/2010/mfsa2010-69.html
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-69/"
);
# http://www.mozilla.org/security/announce/2010/mfsa2010-70.html
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-70/"
);
# http://www.mozilla.org/security/announce/2010/mfsa2010-71.html
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-71/"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-2753.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-2760.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-2762.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-2763.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-2764.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-2765.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-2766.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-2767.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-2768.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-2769.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-2770.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3131.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3166.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3167.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3168.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3169.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3170.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3174.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3175.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3176.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3177.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3178.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3179.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3180.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3182.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3183.html"
);
script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7208.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2010/07/30");
script_set_attribute(attribute:"patch_publication_date", value:"2010/10/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/05");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
flag = 0;
if (rpm_check(release:"SLED10", sp:3, reference:"MozillaFirefox-3.5.15-0.7.1")) flag++;
if (rpm_check(release:"SLED10", sp:3, reference:"MozillaFirefox-translations-3.5.15-0.7.1")) flag++;
if (rpm_check(release:"SLED10", sp:3, reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED10", sp:3, reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED10", sp:3, reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED10", sp:3, cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED10", sp:3, cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED10", sp:3, cpu:"x86_64", reference:"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"MozillaFirefox-3.5.15-0.7.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"MozillaFirefox-translations-3.5.15-0.7.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, cpu:"x86_64", reference:"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else exit(0, "The host is not affected.");
Vendor | Product | Version | CPE |
---|---|---|---|
suse | suse_linux | cpe:/o:suse:suse_linux |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2753
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2760
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2762
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2763
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2764
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2765
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2766
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2767
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2768
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2769
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2770
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3131
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3166
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3167
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3168
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3169
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3174
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3175
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3176
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3177
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3178
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3179
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3180
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3182
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3183
support.novell.com/security/cve/CVE-2010-2753.html
support.novell.com/security/cve/CVE-2010-2760.html
support.novell.com/security/cve/CVE-2010-2762.html
support.novell.com/security/cve/CVE-2010-2763.html
support.novell.com/security/cve/CVE-2010-2764.html
support.novell.com/security/cve/CVE-2010-2765.html
support.novell.com/security/cve/CVE-2010-2766.html
support.novell.com/security/cve/CVE-2010-2767.html
support.novell.com/security/cve/CVE-2010-2768.html
support.novell.com/security/cve/CVE-2010-2769.html
support.novell.com/security/cve/CVE-2010-2770.html
support.novell.com/security/cve/CVE-2010-3131.html
support.novell.com/security/cve/CVE-2010-3166.html
support.novell.com/security/cve/CVE-2010-3167.html
support.novell.com/security/cve/CVE-2010-3168.html
support.novell.com/security/cve/CVE-2010-3169.html
support.novell.com/security/cve/CVE-2010-3170.html
support.novell.com/security/cve/CVE-2010-3174.html
support.novell.com/security/cve/CVE-2010-3175.html
support.novell.com/security/cve/CVE-2010-3176.html
support.novell.com/security/cve/CVE-2010-3177.html
support.novell.com/security/cve/CVE-2010-3178.html
support.novell.com/security/cve/CVE-2010-3179.html
support.novell.com/security/cve/CVE-2010-3180.html
support.novell.com/security/cve/CVE-2010-3182.html
support.novell.com/security/cve/CVE-2010-3183.html
www.mozilla.org/en-US/security/advisories/mfsa2010-49/
www.mozilla.org/en-US/security/advisories/mfsa2010-50/
www.mozilla.org/en-US/security/advisories/mfsa2010-51/
www.mozilla.org/en-US/security/advisories/mfsa2010-52/
www.mozilla.org/en-US/security/advisories/mfsa2010-53/
www.mozilla.org/en-US/security/advisories/mfsa2010-54/
www.mozilla.org/en-US/security/advisories/mfsa2010-55/
www.mozilla.org/en-US/security/advisories/mfsa2010-56/
www.mozilla.org/en-US/security/advisories/mfsa2010-57/
www.mozilla.org/en-US/security/advisories/mfsa2010-58/
www.mozilla.org/en-US/security/advisories/mfsa2010-59/
www.mozilla.org/en-US/security/advisories/mfsa2010-60/
www.mozilla.org/en-US/security/advisories/mfsa2010-61/
www.mozilla.org/en-US/security/advisories/mfsa2010-62/
www.mozilla.org/en-US/security/advisories/mfsa2010-63/
www.mozilla.org/en-US/security/advisories/mfsa2010-64/
www.mozilla.org/en-US/security/advisories/mfsa2010-65/
www.mozilla.org/en-US/security/advisories/mfsa2010-66/
www.mozilla.org/en-US/security/advisories/mfsa2010-67/
www.mozilla.org/en-US/security/advisories/mfsa2010-68/
www.mozilla.org/en-US/security/advisories/mfsa2010-69/
www.mozilla.org/en-US/security/advisories/mfsa2010-70/
www.mozilla.org/en-US/security/advisories/mfsa2010-71/