9.1 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.914 High
EPSS
Percentile
98.9%
The remote host is missing an update for the
# Copyright (C) 2012 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.850299");
script_version("2022-07-05T11:37:00+0000");
script_tag(name:"last_modification", value:"2022-07-05 11:37:00 +0000 (Tue, 05 Jul 2022)");
script_tag(name:"creation_date", value:"2012-08-03 00:05:56 +0530 (Fri, 03 Aug 2012)");
script_cve_id("CVE-2012-0443", "CVE-2012-0442", "CVE-2011-3670", "CVE-2012-0445",
"CVE-2011-3659", "CVE-2012-0446", "CVE-2012-0447", "CVE-2012-0444",
"CVE-2012-0449", "CVE-2012-0450");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_xref(name:"openSUSE-SU", value:"2012:0234-1");
script_name("openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2012:0234-1)");
script_tag(name:"summary", value:"The remote host is missing an update for the 'MozillaFirefox'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=openSUSE11\.4");
script_tag(name:"affected", value:"MozillaFirefox on openSUSE 11.4");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"insight", value:"Mozilla Firefox was updated to version 10 to fix bugs and
security issues.
MFSA 2012-01: Mozilla developers identified and fixed
several memory safety bugs in the browser engine used in
Firefox and other Mozilla-based products. Some of these
bugs showed evidence of memory corruption under certain
circumstances, and we presume that with enough effort at
least some of these could be exploited to run arbitrary
code.
In general these flaws cannot be exploited through email in
the Thunderbird and SeaMonkey products because scripting is
disabled, but are potentially a risk in browser or
browser-like contexts in those products. References
CVE-2012-0443: Ben Hawkes, Christian Holler, Honza Bombas,
Jason Orendorff, Jesse Ruderman, Jan Odvarko, Peter Van Der
Beken, and Bill McCloskey reported memory safety problems
that were fixed in Firefox 10.
CVE-2012-0442: Jesse Ruderman and Bob Clary reported memory
safety problems that were fixed in both Firefox 10 and
Firefox 3.6.26.
MFSA 2012-02/CVE-2011-3670: For historical reasons Firefox
has been generous in its interpretation of web addresses
containing square brackets around the host. If this host
was not a valid IPv6 literal address, Firefox attempted to
interpret the host as a regular domain name. Gregory
Fleischer reported that requests made using IPv6 syntax
using XMLHttpRequest objects through a proxy may generate
errors depending on proxy configuration for IPv6. The
resulting error messages from the proxy may disclose
sensitive data because Same-Origin Policy (SOP) will allow
the XMLHttpRequest object to read these error messages,
allowing user privacy to be eroded. Firefox now enforces
RFC 3986 IPv6 literal syntax and that may break links
written using the non-standard Firefox-only forms that were
previously accepted.
This was fixed previously for Firefox 7.0, Thunderbird 7.0,
and SeaMonkey 2.4 but only fixed in Firefox 3.6.26 and
Thunderbird 3.1.18 during 2012.
MFSA 2012-03/CVE-2012-0445: Alex Dvorov reported that an
attacker could replace a sub-frame in another domain's
document by using the name attribute of the sub-frame as a
form submission target. This can potentially allow for
phishing attacks against users and violates the HTML5 frame
navigation policy.
Firefox 3.6 and Thunderbird 3.1 are not affected by this
vulnerability
MFSA 2012-04/CVE-2011-3659: Security researcher regenrecht
reported via TippingPoint's Zero Day Initiative that
removed child nodes of nsDOMAttribute can be accessed under
certain circumstances because o ...
Description truncated, please see the referenced URL(s) for more information.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "openSUSE11.4") {
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~10.0~0.2.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-branding-upstream", rpm:"MozillaFirefox-branding-upstream~10.0~0.2.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-buildsymbols", rpm:"MozillaFirefox-buildsymbols~10.0~0.2.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-devel", rpm:"MozillaFirefox-devel~10.0~0.2.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-translations-common", rpm:"MozillaFirefox-translations-common~10.0~0.2.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-translations-other", rpm:"MozillaFirefox-translations-other~10.0~0.2.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird", rpm:"MozillaThunderbird~3.1.18~0.23.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-buildsymbols", rpm:"MozillaThunderbird-buildsymbols~3.1.18~0.23.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-devel", rpm:"MozillaThunderbird-devel~3.1.18~0.23.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-translations-common", rpm:"MozillaThunderbird-translations-common~3.1.18~0.23.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-translations-other", rpm:"MozillaThunderbird-translations-other~3.1.18~0.23.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"enigmail", rpm:"enigmail~1.1.2+3.1.18~0.23.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-js192", rpm:"mozilla-js192~1.9.2.26~0.2.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192", rpm:"mozilla-xulrunner192~1.9.2.26~0.2.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-buildsymbols", rpm:"mozilla-xulrunner192-buildsymbols~1.9.2.26~0.2.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-devel", rpm:"mozilla-xulrunner192-devel~1.9.2.26~0.2.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-gnome", rpm:"mozilla-xulrunner192-gnome~1.9.2.26~0.2.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-translations-common", rpm:"mozilla-xulrunner192-translations-common~1.9.2.26~0.2.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-translations-other", rpm:"mozilla-xulrunner192-translations-other~1.9.2.26~0.2.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~2.7~0.2.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"seamonkey-dom-inspector", rpm:"seamonkey-dom-inspector~2.7~0.2.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"seamonkey-irc", rpm:"seamonkey-irc~2.7~0.2.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"seamonkey-translations-common", rpm:"seamonkey-translations-common~2.7~0.2.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"seamonkey-translations-other", rpm:"seamonkey-translations-other~2.7~0.2.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"seamonkey-venkman", rpm:"seamonkey-venkman~2.7~0.2.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-js192-32bit", rpm:"mozilla-js192-32bit~1.9.2.26~0.2.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-32bit", rpm:"mozilla-xulrunner192-32bit~1.9.2.26~0.2.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-gnome-32bit", rpm:"mozilla-xulrunner192-gnome-32bit~1.9.2.26~0.2.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-translations-common-32bit", rpm:"mozilla-xulrunner192-translations-common-32bit~1.9.2.26~0.2.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-translations-other-32bit", rpm:"mozilla-xulrunner192-translations-other-32bit~1.9.2.26~0.2.1", rls:"openSUSE11.4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);