Lucene search

K

Mozilla Firefox Security Advisory (MFSA2014-86) - Linux

🗓️ 11 Nov 2021 00:00:00Reported by Copyright (C) 2021 Greenbone Networks GmbHType 
openvas
 openvas
🔗 plugins.openvas.org👁 14 Views

This host is missing a security update for Mozilla Firefox. CSP leaks redirect data via violation reports

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
Cvelist
CVE-2014-1591
11 Dec 201411:00
cvelist
Mozilla
CSP leaks redirect data via violation reports — Mozilla
2 Dec 201400:00
mozilla
NVD
CVE-2014-1591
11 Dec 201411:59
nvd
Prion
Design/Logic Flaw
11 Dec 201411:59
prion
UbuntuCve
CVE-2014-1591
2 Dec 201400:00
ubuntucve
CVE
CVE-2014-1591
11 Dec 201411:59
cve
OpenVAS
Mozilla Firefox CSP Information Disclosure Vulnerability (Dec 2014) - Mac OS X
16 Dec 201400:00
openvas
OpenVAS
Mozilla Firefox CSP Information Disclosure Vulnerability (Dec 2014) - Windows
16 Dec 201400:00
openvas
OpenVAS
SUSE: Security Advisory (SUSE-SU-2014:1624-1)
9 Jun 202100:00
openvas
OpenVAS
Ubuntu: Security Advisory (USN-2424-1)
26 Aug 202200:00
openvas
Rows per page
# Copyright (C) 2021 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

CPE = "cpe:/a:mozilla:firefox";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.2.1.2014.86");
  script_cve_id("CVE-2014-1591");
  script_tag(name:"creation_date", value:"2021-11-11 09:42:47 +0000 (Thu, 11 Nov 2021)");
  script_version("2021-11-15T03:01:29+0000");
  script_tag(name:"last_modification", value:"2021-11-15 03:01:29 +0000 (Mon, 15 Nov 2021)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:N/A:N");

  script_name("Mozilla Firefox Security Advisory (MFSA2014-86) - Linux");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2021 Greenbone Networks GmbH");
  script_family("General");
  script_dependencies("gb_firefox_detect_lin.nasl");
  script_mandatory_keys("mozilla/firefox/linux/detected");

  script_xref(name:"Advisory-ID", value:"MFSA2014-86");
  script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2014-86/");
  script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1069762");

  script_tag(name:"summary", value:"This host is missing a security update for Mozilla Firefox.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"CSP leaks redirect data via violation reports
Security researcher Muneaki Nishimura discovered that Content Security Policy (CSP) violation reports triggered by a redirect did not remove path information as required by the CSP specification. This potentially reveals information about the redirect that would not otherwise be known to the original site. This could be used by a malicious site to obtain sensitive information such as usernames or single-sign-on tokens encoded within the target URLs.");

  script_tag(name:"affected", value:"Firefox version(s) below 34.");

  script_tag(name:"solution", value:"The vendor has released an update. Please see the reference(s) for more information.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"executable_version_unreliable");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (!infos = get_app_version_and_location(cpe: CPE, exit_no_version: TRUE))
  exit(0);

version = infos["version"];
location = infos["location"];

if (version_is_less(version: version, test_version: "34")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "34", install_path: location);
  security_message(port: 0, data: report);
  exit(0);
}

exit(99);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
11 Nov 2021 00:00Current
9.5High risk
Vulners AI Score9.5
EPSS0.003
14
.json
Report