Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2011 Greenbone AGOPENVAS:1361412562310802153
HistorySep 09, 2011 - 12:00 a.m.

Mozilla Products Multiple Vulnerabilities (Sep 2011) - Windows

2011-09-0900:00:00
Copyright (C) 2011 Greenbone AG
plugins.openvas.org
18

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.6 High

AI Score

Confidence

High

0.423 Medium

EPSS

Percentile

97.3%

JSON

Mozilla Firefox/Thunderbird/Seamonkey is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.802153");
  script_version("2024-02-08T05:05:59+0000");
  script_tag(name:"last_modification", value:"2024-02-08 05:05:59 +0000 (Thu, 08 Feb 2024)");
  script_tag(name:"creation_date", value:"2011-09-09 17:36:48 +0200 (Fri, 09 Sep 2011)");
  script_cve_id("CVE-2011-2985", "CVE-2011-2986", "CVE-2011-2987",
                "CVE-2011-2988", "CVE-2011-2989", "CVE-2011-2991",
                "CVE-2011-2992");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_name("Mozilla Products Multiple Vulnerabilities (Sep 2011) - Windows");

  script_xref(name:"URL", value:"http://secunia.com/advisories/45581");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/49224");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/49226");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/49227");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/49239");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/49242");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/49243");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/49245");
  script_xref(name:"URL", value:"http://www.mozilla.org/security/announce/2011/mfsa2011-29.html");

  script_tag(name:"qod_type", value:"registry");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 Greenbone AG");
  script_family("General");
  script_dependencies("gb_firefox_detect_portable_win.nasl",
                      "gb_seamonkey_detect_win.nasl",
                      "gb_thunderbird_detect_portable_win.nasl");
  script_mandatory_keys("Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed");
  script_tag(name:"impact", value:"Successful exploitation will let attackers to execute arbitrary code in the
  context of the user running an affected application. Failed exploit attempts
  will result in a denial-of-service condition.");
  script_tag(name:"affected", value:"Thunderbird version before 6
  SeaMonkey version 2.0 through 2.2
  Mozilla Firefox version 4.x through 5");
  script_tag(name:"insight", value:"The flaws are due to

  - An error when using Windows D2D hardware acceleration, allows attacker to
    obtain sensitive image data from a different domain.

  - Heap overflow in the Almost Native Graphics Layer Engine(ANGLE) library
    used in WebGL implementation.

  - Buffer overflow error in the WebGL shader implementation.

  - An error in the browser engine, it fails to implement WebGL, JavaScript

  - An error in the Ogg reader in the browser engine.");
  script_tag(name:"summary", value:"Mozilla Firefox/Thunderbird/Seamonkey is prone to multiple vulnerabilities.");
  script_tag(name:"solution", value:"Upgrade to Mozilla Firefox version 6.0 or later, Upgrade to SeaMonkey version to 2.3 or later,
  Upgrade to Thunderbird version to 6.0 or later.");

  script_tag(name:"solution_type", value:"VendorFix");


  exit(0);
}

include("version_func.inc");

vers = get_kb_item("Firefox/Win/Ver");
if(vers)
{
  if(version_in_range(version:vers, test_version:"4.0", test_version2:"5.0.1")){
     report = report_fixed_ver(installed_version:vers, vulnerable_range:"4.0 - 5.0.1");
     security_message(port: 0, data: report);
     exit(0);
  }
}

vers = get_kb_item("Seamonkey/Win/Ver");
if(vers)
{
  if(version_in_range(version:vers, test_version:"2.0", test_version2:"2.2"))
  {
     report = report_fixed_ver(installed_version:vers, vulnerable_range:"2.0 - 2.2");
     security_message(port: 0, data: report);
     exit(0);
  }
}

vers = get_kb_item("Thunderbird/Win/Ver");
if(vers)
{
  if(version_is_less(version:vers, test_version:"6.0")){
    report = report_fixed_ver(installed_version:vers, fixed_version:"6.0");
    security_message(port: 0, data: report);
  }
}

Related

openvas 25
nessus 24
mozilla 4
suse 4
ubuntu 3
seebug 1
securityvulns 1
freebsd 1
ubuntucve 8
cvelist 8
cve 8
prion 8
nvd 8
gentoo 1
openvas
openvas
Mozilla Products Multiple Vulnerabilities - Sep 11 (Windows)
2011-09-09 00:00:00
Fedora Update for firefox FEDORA-2011-11106
2011-08-19 00:00:00
Fedora Update for xulrunner FEDORA-2011-11106
2011-08-19 00:00:00
nessus
nessus
Mozilla Thunderbird < 6.0 Multiple Vulnerabilities
2011-08-18 00:00:00
Mozilla Thunderbird 5 Multiple Vulnerabilities
2011-08-18 00:00:00
Mozilla Thunderbird < 6.0 Multiple Vulnerabilities
2011-08-17 00:00:00
mozilla
mozilla
Security issues addressed in Thunderbird 6 โ€” Mozilla
2011-08-16 00:00:00
Security issues addressed in SeaMonkey 2.3 โ€” Mozilla
2011-08-16 00:00:00
Security issues addressed in Firefox 6 โ€” Mozilla
2011-08-16 00:00:00
suse
suse
seamonkey: Update to Mozilla Seamonkey 2.3 (important)
2011-08-26 20:08:16
MozillaFirefox: Update to Firefox 6 (important)
2011-08-29 21:08:18
remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey
2011-08-29 16:12:15
ubuntu
ubuntu
Firefox vulnerabilities
2011-08-17 00:00:00
Libvoikko regression
2011-10-19 00:00:00
Mozvoikko update
2011-08-17 00:00:00
seebug
seebug
Mozilla Firefox/Thunderbird/SeaMonkeyๅคšไธชๅฎ‰ๅ…จๆผๆดž
2011-08-18 00:00:00
securityvulns
securityvulns
Mozilla Fireox / Seamonkey / Thunderbird multiple security vulnerabilities
2011-08-19 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2011-08-16 00:00:00
ubuntucve
ubuntucve
CVE-2011-2986
2011-08-18 00:00:00
CVE-2011-2991
2011-08-17 00:00:00
CVE-2011-2987
2011-08-17 00:00:00
cvelist
cvelist
CVE-2011-2991
2011-08-18 18:00:00
CVE-2011-2986
2011-08-18 18:00:00
CVE-2011-2987
2011-08-18 18:00:00
cve
cve
CVE-2011-2986
2011-08-18 18:55:01
CVE-2011-2991
2011-08-18 18:55:01
CVE-2011-2987
2011-08-18 18:55:01
prion
prion
Memory corruption
2011-08-18 18:55:00
Design/Logic Flaw
2011-08-18 18:55:00
Buffer overflow
2011-08-18 18:55:00
nvd
nvd
CVE-2011-2991
2011-08-18 18:55:01
CVE-2011-2986
2011-08-18 18:55:01
CVE-2011-2985
2011-08-18 18:55:01
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.6 High

AI Score

Confidence

High

0.423 Medium

EPSS

Percentile

97.3%

JSON
Related for OPENVAS:1361412562310802153
openvas25nessus24mozilla4suse4ubuntu3seebug1securityvulns1freebsd1ubuntucve8cvelist8cve8prion8nvd8gentoo1