Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2012 Greenbone Networks GmbHOPENVAS:803011
HistoryAug 30, 2012 - 12:00 a.m.

Mozilla Products Multiple Vulnerabilities - August12 (Windows)

2012-08-3000:00:00
Copyright (C) 2012 Greenbone Networks GmbH
plugins.openvas.org
90

0.174 Low

EPSS

Percentile

95.6%

JSON

This host is installed with Mozilla firefox/thunderbird/seamonkey and is
prone to multiple vulnerabilities.

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_mozilla_prdts_mult_vuln_aug12_win.nasl 6444 2017-06-27 11:24:02Z santu $
#
# Mozilla Products Multiple Vulnerabilities - August12 (Windows)
#
# Authors:
# Rachana Shetty <[email protected]>
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_solution = "Upgrade to Mozilla Firefox version 15.0 or ESR version 10.0.7 or later,
  For updates refer to http://www.mozilla.com/en-US/firefox/all.html

  Upgrade to SeaMonkey version to 2.12 or later,
  http://www.mozilla.org/projects/seamonkey/

  Upgrade to Thunderbird version to 15.0 or ESR 10.0.7 or later,
  http://www.mozilla.org/en-US/thunderbird/";

tag_impact = "Successful exploitation could allow attackers to inject scripts, bypass
  certain security restrictions, execute arbitrary code in the context of the
  browser or cause a denial of service.
  Impact Level: System/Application";
tag_affected = "SeaMonkey version before 2.12 on Windows
  Thunderbird version before 15.0 on Windows
  Mozilla Firefox version before 15.0 on Windows
  Thunderbird ESR version 10.x before 10.0.7 on Windows
  Mozilla Firefox ESR version 10.x before 10.0.7 on Windows";
tag_insight = "- Use-after-free error exists within the functions
   'nsRangeUpdater::SelAdjDeleteNode', 'nsHTMLEditRules::DeleteNonTableElements',
   'MediaStreamGraphThreadRunnable::Run', 'nsTArray_base::Length',
   'nsHTMLSelectElement::SubmitNamesValues', 'PresShell::CompleteMove',
   'gfxTextRun::GetUserData' and 'gfxTextRun::CanBreakLineBefore'.
  - Multiple unspecified errors within funcions 'nsBlockFrame::MarkLineDirty'
    and the browser engine can be exploited to
    corrupt memory.
  - Errors in 'Silf::readClassMap' and 'Pass::readPass' functions within
    Graphite 2 library.
  - Use-after-free error exists within the WebGL implementation.";
tag_summary = "This host is installed with Mozilla firefox/thunderbird/seamonkey and is
  prone to multiple vulnerabilities.";

if(description)
{
  script_id(803011);
  script_version("$Revision: 6444 $");
  script_cve_id("CVE-2012-3959", "CVE-2012-3958", "CVE-2012-3957", "CVE-2012-3972",
                "CVE-2012-3956", "CVE-2012-3971", "CVE-2012-1976", "CVE-2012-3970",
                "CVE-2012-1975", "CVE-2012-3969", "CVE-2012-1974", "CVE-2012-3968",
                "CVE-2012-1973", "CVE-2012-3967", "CVE-2012-3966", "CVE-2012-1970",
                "CVE-2012-3964", "CVE-2012-3963", "CVE-2012-3962", "CVE-2012-3978");
  script_bugtraq_id(55249);
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"$Date: 2017-06-27 13:24:02 +0200 (Tue, 27 Jun 2017) $");
  script_tag(name:"creation_date", value:"2012-08-30 12:20:04 +0530 (Thu, 30 Aug 2012)");
  script_name("Mozilla Products Multiple Vulnerabilities - August12 (Windows)");

  script_xref(name : "URL" , value : "http://secunia.com/advisories/50088");
  script_xref(name : "URL" , value : "http://securitytracker.com/id/1027450");
  script_xref(name : "URL" , value : "http://securitytracker.com/id/1027451");
  script_xref(name : "URL" , value : "http://www.mozilla.org/security/announce/2012/mfsa2012-57.html");
  script_xref(name : "URL" , value : "http://www.mozilla.org/security/announce/2012/mfsa2012-58.html");
  script_xref(name : "URL" , value : "http://www.mozilla.org/security/announce/2012/mfsa2012-62.html");
  script_xref(name : "URL" , value : "http://www.mozilla.org/security/announce/2012/mfsa2012-63.html");
  script_xref(name : "URL" , value : "http://www.mozilla.org/security/announce/2012/mfsa2012-64.html");
  script_xref(name : "URL" , value : "http://www.mozilla.org/security/announce/2012/mfsa2012-70.html");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
  script_family("General");
  script_dependencies("gb_firefox_detect_win.nasl", "gb_seamonkey_detect_win.nasl",
                      "gb_thunderbird_detect_win.nasl");
  script_mandatory_keys("Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed");
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name:"qod_type", value:"registry");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("version_func.inc");

# Firefox Check
ffVer = "";
ffVer = get_kb_item("Firefox/Win/Ver");

if(ffVer)
{
  # Grep for Firefox version
  if(version_is_less(version:ffVer, test_version:"10.0.7")||
     version_in_range(version:ffVer, test_version:"11.0", test_version2:"14.0"))
  {
    security_message(0);
    exit(0);
  }
}

# SeaMonkey Check
seaVer = "";
seaVer = get_kb_item("Seamonkey/Win/Ver");

if(seaVer)
{
  # Grep for SeaMonkey version
  if(version_is_less(version:seaVer, test_version:"2.12"))
  {
    security_message(0);
    exit(0);
  }
}

# Thunderbird Check
tbVer = "";
tbVer = get_kb_item("Thunderbird/Win/Ver");

if(tbVer)
{
  # Grep for Thunderbird version
  if(version_is_less(version:tbVer, test_version:"10.0.7")||
     version_in_range(version:tbVer, test_version:"11.0", test_version2:"14.0"))
  {
    security_message(0);
    exit(0);
  }
}

Related

openvas 45
nessus 38
redhat 2
centos 2
osv 3
debian 3
oraclelinux 2
veracode 23
ubuntu 4
suse 4
mozilla 8
securityvulns 2
freebsd 1
ibm 2
cve 20
prion 20
ubuntucve 20
openvas
openvas
Mozilla Products Multiple Vulnerabilities - August12 (Windows)
2012-08-30 00:00:00
Mozilla Products Multiple Vulnerabilities - August12 (Mac OS X)
2012-08-30 00:00:00
Mozilla Products Multiple Vulnerabilities - August12 (Mac OS X)
2012-08-30 00:00:00
nessus
nessus
RHEL 5 / 6 : thunderbird (RHSA-2012:1211)
2012-08-29 00:00:00
Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20120829)
2012-08-30 00:00:00
Oracle Linux 6 : thunderbird (ELSA-2012-1211)
2013-07-12 00:00:00
redhat
redhat
(RHSA-2012:1211) Critical: thunderbird security update
2012-08-29 00:00:00
(RHSA-2012:1210) Critical: firefox security update
2012-08-29 00:00:00
centos
centos
thunderbird security update
2012-08-29 12:53:01
firefox, xulrunner security update
2012-08-29 12:43:30
osv
osv
iceweasel - several
2012-09-24 00:00:00
icedove - several
2012-10-07 00:00:00
iceape - several
2012-09-26 00:00:00
debian
debian
[SECURITY] [DSA 2556-1] icedove security update
2012-10-07 13:13:58
[SECURITY] [DSA 2554-1] iceape security update
2012-09-26 19:00:31
[SECURITY] [DSA 2553-1] iceweasel security update
2012-09-24 17:18:25
oraclelinux
oraclelinux
thunderbird security update
2012-08-29 00:00:00
firefox security update
2012-08-29 00:00:00
veracode
veracode
Memory Corruption
2019-05-02 04:42:51
Denial Of Service (DoS)
2019-05-02 04:42:57
Information Disclosure
2019-05-02 04:42:57
ubuntu
ubuntu
Thunderbird regressions
2012-09-28 00:00:00
Thunderbird vulnerabilities
2012-08-30 00:00:00
Firefox vulnerabilities
2012-08-29 00:00:00
suse
suse
MozillaFirefox: Update to version 15 (critical)
2012-08-30 12:09:32
MozillaFirefox: Update to version 15 (critical)
2012-08-30 12:09:15
Security update for Mozilla Firefox (important)
2012-09-14 02:08:30
mozilla
mozilla
Use-after-free issues found using Address Sanitizer — Mozilla
2012-08-28 00:00:00
WebGL use-after-free and memory corruption — Mozilla
2012-08-28 00:00:00
SVG buffer overflow and use-after-free issues — Mozilla
2012-08-28 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-09-18 00:00:00
VUPEN - Mozilla Firefox &quot;nsHTMLEditRules&quot; Remote Use-after-free &#40;CVE-2012-3958 / MFSA 2012-58&#41;
2012-09-18 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-08-28 00:00:00
ibm
ibm
Security Bulletin: Storwize V7000 Unified V1.4.1.0 Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
cve
cve
CVE-2012-3971
2012-08-29 10:56:00
CVE-2012-3967
2012-08-29 10:56:00
CVE-2012-1970
2012-08-29 10:56:00
prion
prion
Integer overflow
2012-08-29 10:56:00
Memory corruption
2012-08-29 10:56:00
Memory corruption
2012-08-29 10:56:00
ubuntucve
ubuntucve
CVE-2012-3971
2012-08-29 00:00:00
CVE-2012-3957
2012-08-29 00:00:00
CVE-2012-1970
2012-08-29 00:00:00

0.174 Low

EPSS

Percentile

95.6%

JSON
Related for OPENVAS:803011
openvas45nessus38redhat2centos2osv3debian3oraclelinux2veracode23ubuntu4suse4mozilla8securityvulns2freebsd1ibm2cve20prion20ubuntucve20