Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-667-1.NASL
HistoryApr 23, 2009 - 12:00 a.m.

Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : firefox, firefox-3.0, xulrunner-1.9 vulnerabilities (USN-667-1)

2009-04-2300:00:00
Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
JSON

Liu Die Yu discovered an information disclosure vulnerability in Firefox when using saved .url shortcut files. If a user were tricked into downloading a crafted .url file and a crafted HTML file, an attacker could steal information from the user’s cache.
(CVE-2008-4582)

Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the same-origin check in Firefox could be bypassed. If a user were tricked into opening a malicious website, an attacker could obtain private information from data stored in the images, or discover information about software on the user’s computer. This issue only affects Firefox 2. (CVE-2008-5012)

It was discovered that Firefox did not properly check if the Flash module was properly unloaded. By tricking a user into opening a crafted SWF file, an attacker could cause Firefox to crash and possibly execute arbitrary code with user privileges. This issue only affects Firefox 2. (CVE-2008-5013)

Jesse Ruderman discovered that Firefox did not properly guard locks on non-native objects. If a user were tricked into opening a malicious website, an attacker could cause a browser crash and possibly execute arbitrary code with user privileges. This issue only affects Firefox 2. (CVE-2008-5014)

Luke Bryan discovered that Firefox sometimes opened file URIs with chrome privileges. If a user saved malicious code locally, then opened the file in the same tab as a privileged document, an attacker could run arbitrary JavaScript code with chrome privileges. This issue only affects Firefox 3.0. (CVE-2008-5015)

Several problems were discovered in the browser, layout and JavaScript engines. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges.
(CVE-2008-5016, CVE-2008-5017, CVE-2008-5018)

David Bloom discovered that the same-origin check in Firefox could be bypassed by utilizing the session restore feature. An attacker could exploit this to run JavaScript in the context of another site or execute arbitrary JavaScript code with chrome privileges.
(CVE-2008-5019)

Justin Schuh discovered a flaw in Firefox’s mime-type parsing. If a user were tricked into opening a malicious website, an attacker could send a crafted header in the HTTP index response, causing a browser crash and execute arbitrary code with user privileges. (CVE-2008-0017)

A flaw was discovered in Firefox’s DOM constructing code. If a user were tricked into opening a malicious website, an attacker could cause the browser to crash and potentially execute arbitrary code with user privileges. (CVE-2008-5021)

It was discovered that the same-origin check in Firefox could be bypassed. If a user were tricked into opening a malicious website, an attacker could execute JavaScript in the context of a different website. (CVE-2008-5022)

Collin Jackson discovered various flaws in Firefox when processing stylesheets which allowed JavaScript to be injected into signed JAR files. If a user were tricked into opening malicious web content, an attacker could execute arbitrary code with the privileges of the signed JAR or of a different website. (CVE-2008-5023)

Chris Evans discovered that Firefox did not properly parse E4X documents, leading to quote characters in the namespace not being properly escaped. (CVE-2008-5024).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-667-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(36711);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2008-0017", "CVE-2008-4582", "CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5014", "CVE-2008-5015", "CVE-2008-5016", "CVE-2008-5017", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5021", "CVE-2008-5022", "CVE-2008-5023", "CVE-2008-5024");
  script_xref(name:"USN", value:"667-1");

  script_name(english:"Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : firefox, firefox-3.0, xulrunner-1.9 vulnerabilities (USN-667-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Liu Die Yu discovered an information disclosure vulnerability in
Firefox when using saved .url shortcut files. If a user were tricked
into downloading a crafted .url file and a crafted HTML file, an
attacker could steal information from the user's cache.
(CVE-2008-4582)

Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the
same-origin check in Firefox could be bypassed. If a user were tricked
into opening a malicious website, an attacker could obtain private
information from data stored in the images, or discover information
about software on the user's computer. This issue only affects Firefox
2. (CVE-2008-5012)

It was discovered that Firefox did not properly check if the Flash
module was properly unloaded. By tricking a user into opening a
crafted SWF file, an attacker could cause Firefox to crash and
possibly execute arbitrary code with user privileges. This issue only
affects Firefox 2. (CVE-2008-5013)

Jesse Ruderman discovered that Firefox did not properly guard locks on
non-native objects. If a user were tricked into opening a malicious
website, an attacker could cause a browser crash and possibly execute
arbitrary code with user privileges. This issue only affects Firefox
2. (CVE-2008-5014)

Luke Bryan discovered that Firefox sometimes opened file URIs with
chrome privileges. If a user saved malicious code locally, then opened
the file in the same tab as a privileged document, an attacker could
run arbitrary JavaScript code with chrome privileges. This issue only
affects Firefox 3.0. (CVE-2008-5015)

Several problems were discovered in the browser, layout and JavaScript
engines. These problems could allow an attacker to crash the browser
and possibly execute arbitrary code with user privileges.
(CVE-2008-5016, CVE-2008-5017, CVE-2008-5018)

David Bloom discovered that the same-origin check in Firefox could be
bypassed by utilizing the session restore feature. An attacker could
exploit this to run JavaScript in the context of another site or
execute arbitrary JavaScript code with chrome privileges.
(CVE-2008-5019)

Justin Schuh discovered a flaw in Firefox's mime-type parsing. If a
user were tricked into opening a malicious website, an attacker could
send a crafted header in the HTTP index response, causing a browser
crash and execute arbitrary code with user privileges. (CVE-2008-0017)

A flaw was discovered in Firefox's DOM constructing code. If a user
were tricked into opening a malicious website, an attacker could cause
the browser to crash and potentially execute arbitrary code with user
privileges. (CVE-2008-5021)

It was discovered that the same-origin check in Firefox could be
bypassed. If a user were tricked into opening a malicious website, an
attacker could execute JavaScript in the context of a different
website. (CVE-2008-5022)

Collin Jackson discovered various flaws in Firefox when processing
stylesheets which allowed JavaScript to be injected into signed JAR
files. If a user were tricked into opening malicious web content, an
attacker could execute arbitrary code with the privileges of the
signed JAR or of a different website. (CVE-2008-5023)

Chris Evans discovered that Firefox did not properly parse E4X
documents, leading to quote characters in the namespace not being
properly escaped. (CVE-2008-5024).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/667-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_cwe_id(20, 79, 94, 119, 189, 200, 264, 287, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0-branding");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-2-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-2-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-2-dom-inspector");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-2-gnome-support");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-2-libthai");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-branding");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dom-inspector");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-gnome-support");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-venkman");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dom-inspector");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-gnome-support");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-libthai");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dom-inspector");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-gnome-support");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-venkman");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnspr-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnspr4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-dom-inspector");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-gnome-support");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-venkman");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-dev");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/11/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(6\.06|7\.10|8\.04|8\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 7.10 / 8.04 / 8.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"6.06", pkgname:"firefox", pkgver:"1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"firefox-dbg", pkgver:"1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"firefox-dev", pkgver:"1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"firefox-dom-inspector", pkgver:"1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"firefox-gnome-support", pkgver:"1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libnspr-dev", pkgver:"1.firefox1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libnspr4", pkgver:"1.firefox1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libnss-dev", pkgver:"1.firefox1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libnss3", pkgver:"1.firefox1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"mozilla-firefox", pkgver:"1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"mozilla-firefox-dev", pkgver:"1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"firefox", pkgver:"2.0.0.18+nobinonly-0ubuntu0.7.10")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"firefox-dbg", pkgver:"2.0.0.18+nobinonly-0ubuntu0.7.10")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"firefox-dev", pkgver:"2.0.0.18+nobinonly-0ubuntu0.7.10")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"firefox-dom-inspector", pkgver:"2.0.0.18+nobinonly-0ubuntu0.7.10")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"firefox-gnome-support", pkgver:"2.0.0.18+nobinonly-0ubuntu0.7.10")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"firefox-libthai", pkgver:"2.0.0.18+nobinonly-0ubuntu0.7.10")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"firefox", pkgver:"3.0.4+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"firefox-2", pkgver:"2.0.0.18+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"firefox-2-dbg", pkgver:"2.0.0.18+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"firefox-2-dev", pkgver:"2.0.0.18+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"firefox-2-dom-inspector", pkgver:"2.0.0.18+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"firefox-2-gnome-support", pkgver:"2.0.0.18+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"firefox-2-libthai", pkgver:"2.0.0.18+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"firefox-3.0", pkgver:"3.0.4+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"firefox-3.0-dev", pkgver:"3.0.4+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"firefox-3.0-dom-inspector", pkgver:"3.0.4+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"firefox-3.0-gnome-support", pkgver:"3.0.4+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"firefox-3.0-venkman", pkgver:"3.0.4+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"firefox-dev", pkgver:"3.0.4+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"firefox-dom-inspector", pkgver:"3.0.4+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"firefox-gnome-support", pkgver:"3.0.4+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"firefox-granparadiso", pkgver:"3.0.4+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"firefox-granparadiso-dev", pkgver:"3.0.4+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"firefox-granparadiso-dom-inspector", pkgver:"3.0.4+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"firefox-granparadiso-gnome-support", pkgver:"3.0.4+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"firefox-libthai", pkgver:"3.0.4+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"firefox-trunk", pkgver:"3.0.4+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"firefox-trunk-dev", pkgver:"3.0.4+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"firefox-trunk-dom-inspector", pkgver:"3.0.4+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"firefox-trunk-gnome-support", pkgver:"3.0.4+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"firefox-trunk-venkman", pkgver:"3.0.4+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9", pkgver:"1.9.0.4+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9-dev", pkgver:"1.9.0.4+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9-dom-inspector", pkgver:"1.9.0.4+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9-gnome-support", pkgver:"1.9.0.4+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"xulrunner-1.9-venkman", pkgver:"1.9.0.4+nobinonly-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"abrowser", pkgver:"3.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"abrowser-3.0-branding", pkgver:"3.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"firefox", pkgver:"3.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"firefox-3.0", pkgver:"3.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"firefox-3.0-branding", pkgver:"3.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"firefox-3.0-dev", pkgver:"3.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"firefox-3.0-dom-inspector", pkgver:"3.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"firefox-3.0-gnome-support", pkgver:"3.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"firefox-3.0-venkman", pkgver:"3.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"firefox-dev", pkgver:"3.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"firefox-dom-inspector", pkgver:"3.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"firefox-gnome-support", pkgver:"3.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"firefox-granparadiso", pkgver:"3.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"firefox-granparadiso-dev", pkgver:"3.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"firefox-granparadiso-dom-inspector", pkgver:"3.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"firefox-granparadiso-gnome-support", pkgver:"3.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"firefox-libthai", pkgver:"3.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"firefox-trunk", pkgver:"3.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"firefox-trunk-dev", pkgver:"3.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"firefox-trunk-dom-inspector", pkgver:"3.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"firefox-trunk-gnome-support", pkgver:"3.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"firefox-trunk-venkman", pkgver:"3.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"xulrunner-1.9", pkgver:"1.9.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"xulrunner-1.9-dev", pkgver:"1.9.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"xulrunner-1.9-dom-inspector", pkgver:"1.9.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"xulrunner-1.9-gnome-support", pkgver:"1.9.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"xulrunner-1.9-venkman", pkgver:"1.9.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"xulrunner-dev", pkgver:"1.9.0.4+nobinonly-0ubuntu0.8.10.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "abrowser / abrowser-3.0-branding / firefox / firefox-2 / etc");
}
VendorProductVersionCPE
canonicalubuntu_linuxabrowserp-cpe:/a:canonical:ubuntu_linux:abrowser
canonicalubuntu_linuxabrowser-3.0-brandingp-cpe:/a:canonical:ubuntu_linux:abrowser-3.0-branding
canonicalubuntu_linuxfirefoxp-cpe:/a:canonical:ubuntu_linux:firefox
canonicalubuntu_linuxfirefox-2p-cpe:/a:canonical:ubuntu_linux:firefox-2
canonicalubuntu_linuxxulrunner-devp-cpe:/a:canonical:ubuntu_linux:xulrunner-dev
canonicalubuntu_linux6.06cpe:/o:canonical:ubuntu_linux:6.06:-:lts
canonicalubuntu_linux7.10cpe:/o:canonical:ubuntu_linux:7.10
canonicalubuntu_linux8.04cpe:/o:canonical:ubuntu_linux:8.04:-:lts
canonicalubuntu_linux8.10cpe:/o:canonical:ubuntu_linux:8.10
canonicalubuntu_linuxfirefox-2-dbgp-cpe:/a:canonical:ubuntu_linux:firefox-2-dbg
Rows per page:
1-10 of 451

Related

openvas 125
fedora 39
nessus 24
freebsd 1
debian 1
ubuntu 2
suse 1
osv 1
redhat 1
oraclelinux 1
centos 2
securityvulns 1
openvas
openvas
Fedora Update for Miro FEDORA-2008-9667
2009-02-17 00:00:00
Ubuntu Update for firefox, firefox-3.0, xulrunner-1.9 vulnerabilities USN-667-1
2009-03-23 00:00:00
Fedora Update for epiphany-extensions FEDORA-2008-9667
2009-02-17 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: cairo-dock-1.6.3.1-1.fc8.1
2008-11-14 12:50:27
[SECURITY] Fedora 8 Update: openvrml-0.17.10-2.0.fc8
2008-11-14 12:50:28
[SECURITY] Fedora 8 Update: gnome-python2-extras-2.19.1-19.fc8
2008-11-14 12:50:28
nessus
nessus
Fedora 8 : Miro-1.2.7-2.fc8 / blam-1.8.3-19.fc8 / cairo-dock-1.6.3.1-1.fc8.1 / chmsee-1.0.0-5.31.fc8 / etc (2008-9667)
2008-11-16 00:00:00
Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
2012-08-01 00:00:00
Firefox 3.0.x < 3.0.4 Multiple Vulnerabilities
2008-11-13 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2008-11-13 00:00:00
debian
debian
[SECURITY] [DSA 1671-1] New iceweasel packages fix several vulnerabilities
2008-11-24 21:36:45
ubuntu
ubuntu
Firefox and xulrunner vulnerabilities
2008-11-17 00:00:00
Thunderbird vulnerabilities
2008-11-26 00:00:00
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey
2008-11-26 16:19:10
osv
osv
iceweasel - several vulnerabilities
2008-11-24 00:00:00
redhat
redhat
(RHSA-2008:0977) Critical: seamonkey security update
2008-11-12 00:00:00
oraclelinux
oraclelinux
seamonkey security update
2008-11-13 00:00:00
centos
centos
seamonkey security update
2008-11-13 06:38:44
seamonkey security update
2008-11-13 14:22:44
securityvulns
securityvulns
Mozilla Firefox / Thinderbird / Seamonkey multiple security vulnerabilities
2008-11-14 00:00:00
JSON
Related for UBUNTU_USN-667-1.NASL
openvas125fedora39nessus24freebsd1debian1ubuntu2suse1osv1redhat1oraclelinux1centos2securityvulns1