Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Ubuntu: Security Advisory (USN-873-1)

🗓️ 30 Dec 2009 00:00:00Reported by Copyright (C) 2009 Greenbone AGType 
openvas
 openvas🔗 plugins.openvas.org👁 15 Views

The remote host is missing an update for the 'firefox-3.0, xulrunner-1.9' package(s) announced via the USN-873-1 advisory. Several security flaws were discovered in Firefox that could lead to denial of service, arbitrary code execution, and spoofing attacks

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
Tenable Nessus		SuSE 10 Security Update : XULRunner (ZYPP Patch Number 6734)
11 Oct 201000:00
nessus
Tenable Nessus		SuSE 10 Security Update : XULRunner (ZYPP Patch Number 6736)
23 Dec 200900:00
nessus
Tenable Nessus		Debian DSA-1956-1 : xulrunner - several vulnerabilities
24 Feb 201000:00
nessus
Tenable Nessus		Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-873-1)
21 Dec 200900:00
nessus
Tenable Nessus		openSUSE Security Update : MozillaFirefox (MozillaFirefox-1727)
23 Dec 200900:00
nessus
Tenable Nessus		openSUSE Security Update : MozillaFirefox (MozillaFirefox-1727)
23 Dec 200900:00
nessus
Tenable Nessus		CentOS 4 / 5 : firefox (CESA-2009:1674)
21 Dec 200900:00
nessus
Tenable Nessus		RHEL 4 / 5 : firefox (RHSA-2009:1674)
16 Dec 200900:00
nessus
Tenable Nessus		Oracle Linux 5 : firefox (ELSA-2009-1674)
12 Jul 201300:00
nessus
Tenable Nessus		Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64
1 Aug 201200:00
nessus
Rows per page
# SPDX-FileCopyrightText: 2009 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.66605");
  script_cve_id("CVE-2009-3979", "CVE-2009-3981", "CVE-2009-3983", "CVE-2009-3984", "CVE-2009-3985", "CVE-2009-3986");
  script_tag(name:"creation_date", value:"2009-12-30 20:58:43 +0000 (Wed, 30 Dec 2009)");
  script_version("2024-02-02T05:06:04+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:04 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");

  script_name("Ubuntu: Security Advisory (USN-873-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone AG");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(8\.04\ LTS|8\.10|9\.04)");

  script_xref(name:"Advisory-ID", value:"USN-873-1");
  script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-873-1");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'firefox-3.0, xulrunner-1.9' package(s) announced via the USN-873-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and
David James discovered several flaws in the browser and JavaScript engines
of Firefox. If a user were tricked into viewing a malicious website, a
remote attacker could cause a denial of service or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2009-3979, CVE-2009-3981, CVE-2009-3986)

Takehiro Takahashi discovered flaws in the NTLM implementation in Firefox.
If an NTLM authenticated user visited a malicious website, a remote
attacker could send requests to other applications, authenticated as the
user. (CVE-2009-3983)

Jonathan Morgan discovered that Firefox did not properly display SSL
indicators under certain circumstances. This could be used by an attacker
to spoof an encrypted page, such as in a phishing attack. (CVE-2009-3984)

Jordi Chancel discovered that Firefox did not properly display invalid URLs
for a blank page. If a user were tricked into accessing a malicious
website, an attacker could exploit this to spoof the location bar, such as
in a phishing attack. (CVE-2009-3985)");

  script_tag(name:"affected", value:"'firefox-3.0, xulrunner-1.9' package(s) on Ubuntu 8.04, Ubuntu 8.10, Ubuntu 9.04.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "UBUNTU8.04 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"firefox-3.0", ver:"3.0.16+nobinonly-0ubuntu0.8.04.1", rls:"UBUNTU8.04 LTS"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"xulrunner-1.9", ver:"1.9.0.16+nobinonly-0ubuntu0.8.04.1", rls:"UBUNTU8.04 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU8.10") {

  if(!isnull(res = isdpkgvuln(pkg:"abrowser", ver:"3.0.16+nobinonly-0ubuntu0.8.10.1", rls:"UBUNTU8.10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"firefox-3.0", ver:"3.0.16+nobinonly-0ubuntu0.8.10.1", rls:"UBUNTU8.10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"xulrunner-1.9", ver:"1.9.0.16+nobinonly-0ubuntu0.8.10.1", rls:"UBUNTU8.10"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU9.04") {

  if(!isnull(res = isdpkgvuln(pkg:"abrowser", ver:"3.0.16+nobinonly-0ubuntu0.9.04.1", rls:"UBUNTU9.04"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"firefox-3.0", ver:"3.0.16+nobinonly-0ubuntu0.9.04.1", rls:"UBUNTU9.04"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"xulrunner-1.9", ver:"1.9.0.16+nobinonly-0ubuntu0.9.04.1", rls:"UBUNTU9.04"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
30 Dec 2009 00:00Current
9.6High risk
Vulners AI Score9.6
CVSS29.3
EPSS0.05
ubuntusecurity advisoryfirefoxxulrunnerusn-873-1cve-2009-3979cve-2009-3981cve-2009-3983cve-2009-3984cve-2009-3985cve-2009-3986denial of servicearbitrary code executionspoofing attack
15
.json
Report