Lucene search
Copyright (C) 2012 Greenbone AGOPENVAS:1361412562310841252HistoryDec 14, 2012 - 12:00 a.m.
Ubuntu: Security Advisory (USN-1665-1)
2012-12-1400:00:00
Copyright (C) 2012 Greenbone AG
plugins.openvas.org
10
6.7 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
54.3%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2012 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.841252");
script_cve_id("CVE-2012-0958");
script_tag(name:"creation_date", value:"2012-12-14 04:21:58 +0000 (Fri, 14 Dec 2012)");
script_version("2024-02-02T05:06:04+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:04 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_name("Ubuntu: Security Advisory (USN-1665-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2012 Greenbone AG");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU12\.10");
script_xref(name:"Advisory-ID", value:"USN-1665-1");
script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-1665-1");
script_tag(name:"summary", value:"The remote host is missing an update for the 'unity-firefox-extension' package(s) announced via the USN-1665-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"It was discovered that unity-firefox-extension bypassed the same origin
policy checks in certain circumstances. If a user were tricked into opening
a malicious page, an attacker could exploit this to steal confidential data
or perform other security-sensitive operations.");
script_tag(name:"affected", value:"'unity-firefox-extension' package(s) on Ubuntu 12.10.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "UBUNTU12.10") {
if(!isnull(res = isdpkgvuln(pkg:"xul-ext-unity", ver:"2.4.1-0ubuntu1.2", rls:"UBUNTU12.10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
securityvulns
securityvulns
unity firefox extension crossorigin policy bypass
2012-12-17 00:00:00
[USN-1665-1] unity-firefox-extension vulnerability
2012-12-17 00:00:00
openvas
openvas
Ubuntu Update for unity-firefox-extension USN-1665-1
2012-12-14 00:00:00
nessus
nessus
Ubuntu 12.10 : unity-firefox-extension vulnerability (USN-1665-1)
2012-12-14 00:00:00
ubuntu
ubuntu
unity-firefox-extension vulnerability
2012-12-13 00:00:00
ubuntucve
ubuntucve
CVE-2012-0958
2012-11-06 00:00:00
cvelist
cvelist
CVE-2012-0958
2022-10-03 16:15:41
prion
prion
Design/Logic Flaw
2012-12-26 22:55:00
cve
cve
CVE-2012-0958
2012-12-26 22:55:00
6.7 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
54.3%
Related for OPENVAS:1361412562310841252