Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2011 Greenbone AGOPENVAS:1361412562310802517
HistoryNov 11, 2011 - 12:00 a.m.

Mozilla Products Privilege Escalation Vulnerability (MFSA2011-46) - Windows

2011-11-1100:00:00
Copyright (C) 2011 Greenbone AG
plugins.openvas.org
8

9.5 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.3%

JSON

Mozilla Firefox/Thunderbird is prone to a privilege escalation
vulnerability.

# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.802517");
  script_version("2023-07-14T16:09:26+0000");
  script_cve_id("CVE-2011-3647");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2023-07-14 16:09:26 +0000 (Fri, 14 Jul 2023)");
  script_tag(name:"creation_date", value:"2011-11-11 15:30:20 +0530 (Fri, 11 Nov 2011)");
  script_name("Mozilla Products Privilege Escalation Vulnerability (MFSA2011-46) - Windows");

  script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-46/");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50589");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 Greenbone AG");
  script_family("Privilege escalation");
  script_dependencies("gb_firefox_detect_portable_win.nasl", "gb_thunderbird_detect_portable_win.nasl");
  script_mandatory_keys("Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed");

  script_tag(name:"summary", value:"Mozilla Firefox/Thunderbird is prone to a privilege escalation
  vulnerability.");

  script_tag(name:"insight", value:"An error exists in JSSubScriptLoader, which fails to handle
  XPCNativeWrappers during calls to the loadSubScript method in an add-on.");

  script_tag(name:"impact", value:"Successful exploitation will let attackers to gain privileges via
  a crafted web site that leverages certain unwrapping behavior.");

  script_tag(name:"affected", value:"- Mozilla Thunderbird version prior to 3.1.16

  - Mozilla Firefox version prior to 3.6.24");

  script_tag(name:"solution", value:"- Update Mozilla Firefox to version 3.6.24 or later

  - Update Mozilla Thunderbird to version to 3.1.16 or later");

  script_tag(name:"qod_type", value:"registry");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("version_func.inc");

vers = get_kb_item("Firefox/Win/Ver");
if(vers) {
  if(version_is_less(version:vers, test_version:"3.6.24")) {
    report = report_fixed_ver(installed_version:vers, fixed_version:"3.6.24");
    security_message(port:0, data:report);
    exit(0);
  }
}

vers = get_kb_item("Thunderbird/Win/Ver");
if(vers) {
  if(version_is_less(version:vers, test_version:"3.1.16")) {
    report = report_fixed_ver(installed_version:vers, fixed_version:"3.1.16");
    security_message(port:0, data:report);
    exit(0);
  }
}

exit(99);

Related

openvas 31
mozilla 1
veracode 1
securityvulns 2
cve 1
ubuntucve 1
cvelist 1
prion 1
nessus 25
oraclelinux 2
redhat 2
centos 1
debian 1
freebsd 1
suse 1
gentoo 1
openvas
openvas
Mozilla Products Privilege Escalation Vulnerabily (MAC OS X)
2011-11-14 00:00:00
Mozilla Products Privilege Escalation Vulnerabily (Windows)
2011-11-11 00:00:00
Mozilla Products Privilege Escalation Vulnerability (MFSA2011-46) - Mac OS X
2011-11-14 00:00:00
mozilla
mozilla
loadSubScript unwraps XPCNativeWrapper scope parameter (1.9.2 branch) — Mozilla
2011-11-08 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 01:06:23
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2011-46
2011-11-25 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2011-11-25 00:00:00
cve
cve
CVE-2011-3647
2011-11-09 11:55:03
ubuntucve
ubuntucve
CVE-2011-3647
2011-11-09 00:00:00
cvelist
cvelist
CVE-2011-3647
2011-11-09 11:00:00
prion
prion
Design/Logic Flaw
2011-11-09 11:55:00
nessus
nessus
Mozilla Firefox < 3.6.24 Multiple Vulnerabilities
2016-06-24 00:00:00
Oracle Linux 4 / 5 / 6 : firefox (ELSA-2011-1437)
2013-07-12 00:00:00
Thunderbird 3.1 < 3.1.16 Multiple Vulnerabilities (Mac OS X)
2011-11-09 00:00:00
oraclelinux
oraclelinux
firefox security update
2011-11-09 00:00:00
thunderbird security update
2011-11-09 00:00:00
redhat
redhat
(RHSA-2011:1437) Critical: firefox security update
2011-11-08 00:00:00
(RHSA-2011:1439) Critical: thunderbird security update
2011-11-08 00:00:00
centos
centos
firefox, xulrunner security update
2011-11-09 20:48:22
debian
debian
[BSA-056] Security update for Iceweasel
2011-11-16 11:46:20
freebsd
freebsd
mozilla -- multiple vulnerabilities
2011-11-08 00:00:00
suse
suse
Security update for mozilla-nss (critical)
2011-11-18 22:08:26
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00

9.5 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.3%

JSON
Related for OPENVAS:1361412562310802517
openvas31mozilla1veracode1securityvulns2cve1ubuntucve1cvelist1prion1nessus25oraclelinux2redhat2centos1debian1freebsd1suse1gentoo1