Lucene search
Copyright (c) 2005 E-Soft Inc. http://www.securityspace.comOPENVAS:52364HistorySep 04, 2008 - 12:00 a.m.
FreeBSD Ports: thunderbird
2008-09-0400:00:00
Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com
plugins.openvas.org
17
0.037 Low
EPSS
Percentile
90.8%
The remote host is missing an update to the system
as announced in the referenced advisory.
#
#VID b2e6d1d6-1339-11d9-bc4a-000c41e2cdad
# OpenVAS Vulnerability Test
# $
# Description: Auto generated from vuxml or freebsd advisories
#
# Authors:
# Thomas Reinke <[email protected]>
#
# Copyright:
# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "The following packages are affected:
thunderbird
de-linux-mozillafirebird
el-linux-mozillafirebird
firefox
ja-linux-mozillafirebird-gtk1
ja-mozillafirebird-gtk2
linux-mozillafirebird
ru-linux-mozillafirebird
zhCN-linux-mozillafirebird
zhTW-linux-mozillafirebird
de-netscape7
fr-netscape7
ja-netscape7
netscape7
pt_BR-netscape7
mozilla-gtk1
linux-mozilla
linux-mozilla-devel
mozilla
de-linux-netscape
fr-linux-netscape
ja-linux-netscape
linux-netscape
linux-phoenix
mozilla+ipv6
mozilla-embedded
mozilla-firebird
mozilla-gtk2
mozilla-gtk
mozilla-thunderbird
phoenix
CVE-2004-0905
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and
Thunderbird before 0.8 allows remote attackers to perform cross-domain
scripting and possible execute arbitrary code by convincing a user to
drag and drop javascript: links to a frame or page in another domain.
CVE-2004-0908
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and
Thunderbird before 0.8 allows untrusted Javascript code to read and
write to the clipboard, and possibly obtain sensitive information, via
script-generated events such as Ctrl-Ins.
CVE-2004-0909
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and
Thunderbird before 0.8 may allow remote attackers to trick users into
performing unexpected actions, including installing software, via
signed scripts that request enhanced abilities using the
enablePrivilege parameter, then modify the meaning of certain
security-relevant dialog messages.";
tag_solution = "Update your system with the appropriate patches or
software upgrades.
http://bugzilla.mozilla.org/show_bug.cgi?id=250862
http://bugzilla.mozilla.org/show_bug.cgi?id=257523
http://bugzilla.mozilla.org/show_bug.cgi?id=253942
http://www.vuxml.org/freebsd/b2e6d1d6-1339-11d9-bc4a-000c41e2cdad.html";
tag_summary = "The remote host is missing an update to the system
as announced in the referenced advisory.";
if(description)
{
script_id(52364);
script_version("$Revision: 4203 $");
script_tag(name:"last_modification", value:"$Date: 2016-10-04 07:30:30 +0200 (Tue, 04 Oct 2016) $");
script_tag(name:"creation_date", value:"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)");
script_cve_id("CVE-2004-0905", "CVE-2004-0908", "CVE-2004-0909");
script_tag(name:"cvss_base", value:"5.1");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:P/I:P/A:P");
script_name("FreeBSD Ports: thunderbird");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com");
script_family("FreeBSD Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/freebsdrel", "login/SSH/success");
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-bsd.inc");
txt = "";
vuln = 0;
bver = portver(pkg:"thunderbird");
if(!isnull(bver) && revcomp(a:bver, b:"0.8")<0) {
txt += 'Package thunderbird version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"de-linux-mozillafirebird");
if(!isnull(bver) && revcomp(a:bver, b:"1.p")<0) {
txt += 'Package de-linux-mozillafirebird version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"el-linux-mozillafirebird");
if(!isnull(bver) && revcomp(a:bver, b:"1.p")<0) {
txt += 'Package el-linux-mozillafirebird version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"firefox");
if(!isnull(bver) && revcomp(a:bver, b:"1.p")<0) {
txt += 'Package firefox version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"ja-linux-mozillafirebird-gtk1");
if(!isnull(bver) && revcomp(a:bver, b:"1.p")<0) {
txt += 'Package ja-linux-mozillafirebird-gtk1 version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"ja-mozillafirebird-gtk2");
if(!isnull(bver) && revcomp(a:bver, b:"1.p")<0) {
txt += 'Package ja-mozillafirebird-gtk2 version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"linux-mozillafirebird");
if(!isnull(bver) && revcomp(a:bver, b:"1.p")<0) {
txt += 'Package linux-mozillafirebird version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"ru-linux-mozillafirebird");
if(!isnull(bver) && revcomp(a:bver, b:"1.p")<0) {
txt += 'Package ru-linux-mozillafirebird version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"zhCN-linux-mozillafirebird");
if(!isnull(bver) && revcomp(a:bver, b:"1.p")<0) {
txt += 'Package zhCN-linux-mozillafirebird version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"zhTW-linux-mozillafirebird");
if(!isnull(bver) && revcomp(a:bver, b:"1.p")<0) {
txt += 'Package zhTW-linux-mozillafirebird version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"de-netscape7");
if(!isnull(bver) && revcomp(a:bver, b:"7.2")<=0) {
txt += 'Package de-netscape7 version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"fr-netscape7");
if(!isnull(bver) && revcomp(a:bver, b:"7.2")<=0) {
txt += 'Package fr-netscape7 version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"ja-netscape7");
if(!isnull(bver) && revcomp(a:bver, b:"7.2")<=0) {
txt += 'Package ja-netscape7 version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"netscape7");
if(!isnull(bver) && revcomp(a:bver, b:"7.2")<=0) {
txt += 'Package netscape7 version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"pt_BR-netscape7");
if(!isnull(bver) && revcomp(a:bver, b:"7.2")<=0) {
txt += 'Package pt_BR-netscape7 version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"mozilla-gtk1");
if(!isnull(bver) && revcomp(a:bver, b:"1.7.3")<0) {
txt += 'Package mozilla-gtk1 version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"linux-mozilla");
if(!isnull(bver) && revcomp(a:bver, b:"1.7.3")<0) {
txt += 'Package linux-mozilla version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"linux-mozilla-devel");
if(!isnull(bver) && revcomp(a:bver, b:"1.7.3")<0) {
txt += 'Package linux-mozilla-devel version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"mozilla");
if(!isnull(bver) && revcomp(a:bver, b:"1.7.3,2")<0) {
txt += 'Package mozilla version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"de-linux-netscape");
if(!isnull(bver) && revcomp(a:bver, b:"0")>=0) {
txt += 'Package de-linux-netscape version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"fr-linux-netscape");
if(!isnull(bver) && revcomp(a:bver, b:"0")>=0) {
txt += 'Package fr-linux-netscape version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"ja-linux-netscape");
if(!isnull(bver) && revcomp(a:bver, b:"0")>=0) {
txt += 'Package ja-linux-netscape version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"linux-netscape");
if(!isnull(bver) && revcomp(a:bver, b:"0")>=0) {
txt += 'Package linux-netscape version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"linux-phoenix");
if(!isnull(bver) && revcomp(a:bver, b:"0")>=0) {
txt += 'Package linux-phoenix version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"mozilla+ipv6");
if(!isnull(bver) && revcomp(a:bver, b:"0")>=0) {
txt += 'Package mozilla+ipv6 version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"mozilla-embedded");
if(!isnull(bver) && revcomp(a:bver, b:"0")>=0) {
txt += 'Package mozilla-embedded version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"mozilla-firebird");
if(!isnull(bver) && revcomp(a:bver, b:"0")>=0) {
txt += 'Package mozilla-firebird version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"mozilla-gtk2");
if(!isnull(bver) && revcomp(a:bver, b:"0")>=0) {
txt += 'Package mozilla-gtk2 version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"mozilla-gtk");
if(!isnull(bver) && revcomp(a:bver, b:"0")>=0) {
txt += 'Package mozilla-gtk version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"mozilla-thunderbird");
if(!isnull(bver) && revcomp(a:bver, b:"0")>=0) {
txt += 'Package mozilla-thunderbird version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"phoenix");
if(!isnull(bver) && revcomp(a:bver, b:"0")>=0) {
txt += 'Package phoenix version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
if(vuln) {
security_message(data:string(txt));
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
Related
freebsd
freebsd
mozilla -- scripting vulnerabilities
2004-09-13 00:00:00
nessus
nessus
FreeBSD : mozilla -- scripting vulnerabilities (b2e6d1d6-1339-11d9-bc4a-000c41e2cdad)
2005-07-13 00:00:00
Mandrake Linux Security Advisory : mozilla (MDKSA-2004:107)
2004-10-20 00:00:00
Mozilla Browsers Multiple Vulnerabilities
2004-09-15 00:00:00
openvas
openvas
FreeBSD Ports: thunderbird
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200409-26 (Mozilla)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200409-26 (Mozilla)
2008-09-24 00:00:00
gentoo
gentoo
Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities
2004-09-20 00:00:00
redhat
redhat
(RHSA-2004:486) mozilla security update
2004-09-30 00:00:00
cve
cve
suse
suse
various vulnerabilities in mozilla
2004-10-06 13:11:21