Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2012 Greenbone Networks GmbHOPENVAS:802890
HistoryJul 23, 2012 - 12:00 a.m.

Mozilla Products Multiple Vulnerabilities - July12 (Mac OS X)

2012-07-2300:00:00
Copyright (C) 2012 Greenbone Networks GmbH
plugins.openvas.org
8

0.265 Low

EPSS

Percentile

96.3%

JSON

This host is installed with Mozilla firefox/thunderbird/seamonkey and is
prone to multiple vulnerabilities.

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_mozilla_prdts_mult_vuln_jul12_macosx.nasl 6445 2017-06-27 12:31:06Z santu $
#
# Mozilla Products Multiple Vulnerabilities - July12 (Mac OS X)
#
# Authors:
# Rachana Shetty <[email protected]>
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_solution = "Upgrade to Mozilla Firefox version 14.0 or ESR version 10.0.6 or later,
  For updates refer to http://www.mozilla.com/en-US/firefox/all.html

  Upgrade to SeaMonkey version to 2.11 or later,
  http://www.mozilla.org/projects/seamonkey/

  Upgrade to Thunderbird version to 14.0 or ESR 10.0.6 or later,
  http://www.mozilla.org/en-US/thunderbird/";

tag_impact = "Successful exploitation could allow attackers to inject scripts, bypass
  certain security restrictions, execute arbitrary code in the context of the
  browser or cause a denial of service.
  Impact Level: System/Application";
tag_affected = "SeaMonkey version before 2.11
  Thunderbird version 5.0 through 13.0
  Mozilla Firefox version 4.x through 13.0
  Thunderbird ESR version 10.x before 10.0.6
  Mozilla Firefox ESR version 10.x before 10.0.6 on Mac OS X";
tag_insight = "- Use-after-free error exists within the functions
   'nsGlobalWindow::PageHidden()', 'nsSMILTimeValueSpec::IsEventBased',
   'nsDocument::AdoptNode' and 'JSDependentString::undepend'.
  - Multiple unspecified errors within the browser engine can be exploited to
    corrupt memory.
  - An error within the feed-view functionality.
  - An out-of-bounds read error within the
   'ElementAnimations::EnsureStyleRuleFor()'.
  - A bad cast error within the 'nsTableFrame::InsertFrames()', can be
    exploited to corrupt memory";
tag_summary = "This host is installed with Mozilla firefox/thunderbird/seamonkey and is
  prone to multiple vulnerabilities.";

if(description)
{
  script_id(802890);
  script_version("$Revision: 6445 $");
  script_cve_id("CVE-2012-1948", "CVE-2012-1951", "CVE-2012-1952", "CVE-2012-1953",
                "CVE-2012-1954", "CVE-2012-1955", "CVE-2012-1957", "CVE-2012-1958",
                "CVE-2012-1959", "CVE-2012-1961", "CVE-2012-1962", "CVE-2012-1963",
                "CVE-2012-1967");
  script_bugtraq_id(54580, 54578, 54586, 54583, 54574, 54576, 54584,
                    54575, 54582, 54573);
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"$Date: 2017-06-27 14:31:06 +0200 (Tue, 27 Jun 2017) $");
  script_tag(name:"creation_date", value:"2012-07-23 17:31:44 +0530 (Mon, 23 Jul 2012)");
  script_name("Mozilla Products Multiple Vulnerabilities - July12 (Mac OS X)");

  script_xref(name : "URL" , value : "http://secunia.com/advisories/49965");
  script_xref(name : "URL" , value : "http://securitytracker.com/id/1027256");
  script_xref(name : "URL" , value : "http://securitytracker.com/id/1027257");
  script_xref(name : "URL" , value : "http://www.mozilla.org/security/announce/2012/mfsa2012-42.html");
  script_xref(name : "URL" , value : "http://www.mozilla.org/security/announce/2012/mfsa2012-44.html");
  script_xref(name : "URL" , value : "http://www.mozilla.org/security/announce/2012/mfsa2012-45.html");
  script_xref(name : "URL" , value : "http://www.mozilla.org/security/announce/2012/mfsa2012-47.html");
  script_xref(name : "URL" , value : "http://www.mozilla.org/security/announce/2012/mfsa2012-48.html");
  script_xref(name : "URL" , value : "http://www.mozilla.org/security/announce/2012/mfsa2012-49.html");
  script_xref(name : "URL" , value : "http://www.mozilla.org/security/announce/2012/mfsa2012-51.html");
  script_xref(name : "URL" , value : "http://www.mozilla.org/security/announce/2012/mfsa2012-53.html");
  script_xref(name : "URL" , value : "http://www.mozilla.org/security/announce/2012/mfsa2012-56.html");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
  script_family("General");
  script_dependencies("gb_mozilla_prdts_detect_macosx.nasl");
  script_mandatory_keys("Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Mac/Installed");
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("version_func.inc");

# Firefox Check
ffVer = "";
ffVer = get_kb_item("Mozilla/Firefox/MacOSX/Version");

if(ffVer)
{
  # Grep for Firefox version
  if(version_in_range(version:ffVer, test_version:"4.0", test_version2:"10.0.5")||
     version_in_range(version:ffVer, test_version:"11.0", test_version2:"13.0"))
  {
    security_message(0);
    exit(0);
  }
}

# SeaMonkey Check
seaVer = "";
seaVer = get_kb_item("SeaMonkey/MacOSX/Version");

if(seaVer)
{
  # Grep for SeaMonkey version
  if(version_is_less(version:seaVer, test_version:"2.11"))
  {
    security_message(0);
    exit(0);
  }
}

# Thunderbird Check
tbVer = "";
tbVer = get_kb_item("ThunderBird/MacOSX/Version");

if(tbVer)
{
  # Grep for Thunderbird version
  if(version_in_range(version:tbVer, test_version:"5.0", test_version2:"10.0.5")||
     version_in_range(version:tbVer, test_version:"11.0", test_version2:"13.0"))
  {
    security_message(0);
    exit(0);
  }
}

Related

openvas 57
oraclelinux 2
suse 7
redhat 2
nessus 38
ubuntu 3
centos 2
veracode 17
securityvulns 1
mozilla 10
freebsd 1
osv 3
debian 3
prion 13
ubuntucve 13
cve 13
checkpoint_advisories 1
gentoo 1
openvas
openvas
Mozilla Products Multiple Vulnerabilities - July12 (Windows)
2012-07-23 00:00:00
Mozilla Products Multiple Vulnerabilities (Jul 2012) - Windows
2012-07-23 00:00:00
Mozilla Products Multiple Vulnerabilities (Jul 2012) - Mac OS X
2012-07-23 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2012-07-17 00:00:00
firefox security update
2012-07-17 00:00:00
suse
suse
seamonkey: Update to Seamonkey 2.11 (important)
2012-08-01 18:08:34
MozillaThunderbird: update to Thunderbird 14.0 (important)
2012-07-27 13:08:18
Security update for Mozilla Firefox (important)
2012-07-21 01:08:17
redhat
redhat
(RHSA-2012:1089) Critical: thunderbird security update
2012-07-17 00:00:00
(RHSA-2012:1088) Critical: firefox security update
2012-07-17 00:00:00
nessus
nessus
Thunderbird 10.0.x < 10.0.6 Multiple Vulnerabilities (Mac OS X)
2012-07-19 00:00:00
Mozilla Thunderbird 10.0.x < 10.0.6 Multiple Vulnerabilities
2012-07-19 00:00:00
Mozilla Thunderbird 13.x < 13 Multiple Vulnerabilities
2012-07-23 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2012-07-17 00:00:00
Firefox vulnerabilities
2012-07-17 00:00:00
ubufox update
2012-07-18 00:00:00
centos
centos
thunderbird security update
2012-07-17 21:25:02
firefox, xulrunner security update
2012-07-17 20:41:16
veracode
veracode
Spoofing Vulnerability
2019-05-02 04:42:26
Denial Of Service (DoS)
2019-05-02 04:42:24
Arbitrary Code Execution
2019-05-02 04:42:29
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-08-13 00:00:00
mozilla
mozilla
Gecko memory corruption — Mozilla
2012-07-17 00:00:00
Content Security Policy 1.0 implementation errors cause data leakage — Mozilla
2012-07-17 00:00:00
Spoofing issue with location — Mozilla
2012-07-17 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-07-17 00:00:00
osv
osv
iceape - several vulnerabilities
2012-07-17 00:00:00
icedove - several
2012-08-14 00:00:00
iceweasel - several vulnerabilities
2012-07-17 00:00:00
debian
debian
[SECURITY] [DSA 2513-1] iceape security update
2012-07-17 19:55:29
[SECURITY] [DSA 2528-1] icedove security update
2012-08-14 19:26:56
[SECURITY] [DSA 2514-1] iceweasel security update
2012-07-17 20:04:25
prion
prion
Design/Logic Flaw
2012-07-18 10:26:00
Design/Logic Flaw
2012-07-18 10:26:00
Heap overflow
2012-07-18 10:26:00
ubuntucve
ubuntucve
CVE-2012-1951
2012-07-17 00:00:00
CVE-2012-1963
2012-07-17 00:00:00
CVE-2012-1948
2012-07-17 00:00:00
cve
cve
CVE-2012-1963
2012-07-18 10:26:00
CVE-2012-1951
2012-07-18 10:26:00
CVE-2012-1953
2012-07-18 10:26:00
checkpoint_advisories
checkpoint_advisories
Mozilla Multiple Products Table Frames Memory Corruption (CVE-2012-1952)
2012-10-14 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00

0.265 Low

EPSS

Percentile

96.3%

JSON
Related for OPENVAS:802890
openvas57oraclelinux2suse7redhat2nessus38ubuntu3centos2veracode17securityvulns1mozilla10freebsd1osv3debian3prion13ubuntucve13cve13checkpoint_advisories1gentoo1