Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2012 Greenbone Networks GmbHOPENVAS:803012
HistoryAug 30, 2012 - 12:00 a.m.

Mozilla Products Multiple Vulnerabilities - August12 (Mac OS X)

2012-08-3000:00:00
Copyright (C) 2012 Greenbone Networks GmbH
plugins.openvas.org
15

0.174 Low

EPSS

Percentile

95.6%

JSON

This host is installed with Mozilla firefox/thunderbird/seamonkey and is
prone to multiple vulnerabilities.

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_mozilla_prdts_mult_vuln_aug12_macosx.nasl 6445 2017-06-27 12:31:06Z santu $
#
# Mozilla Products Multiple Vulnerabilities - August12 (Mac OS X)
#
# Authors:
# Rachana Shetty <[email protected]>
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_solution = "Upgrade to Mozilla Firefox version 15.0 or ESR version 10.0.7 or later,
  For updates refer to http://www.mozilla.com/en-US/firefox/all.html

  Upgrade to SeaMonkey version to 2.12 or later,
  http://www.mozilla.org/projects/seamonkey/

  Upgrade to Thunderbird version to 15.0 or ESR 10.0.7 or later,
  http://www.mozilla.org/en-US/thunderbird/";

tag_impact = "Successful exploitation could allow attackers to inject scripts, bypass
  certain security restrictions, execute arbitrary code in the context of the
  browser or cause a denial of service.
  Impact Level: System/Application";
tag_affected = "SeaMonkey version before 2.12 on Mac OS X
  Thunderbird version before 15.0 on Mac OS X
  Mozilla Firefox version before 15.0 on Mac OS X
  Thunderbird ESR version 10.x before 10.0.7 on Mac OS X
  Mozilla Firefox ESR version 10.x before 10.0.7 on Mac OS X";
tag_insight = "- Use-after-free error exists within the functions
   'nsRangeUpdater::SelAdjDeleteNode', 'nsHTMLEditRules::DeleteNonTableElements',
   'MediaStreamGraphThreadRunnable::Run', 'nsTArray_base::Length',
   'nsHTMLSelectElement::SubmitNamesValues', 'PresShell::CompleteMove',
   'gfxTextRun::GetUserData' and 'gfxTextRun::CanBreakLineBefore'.
  - Multiple unspecified errors within funcions 'nsBlockFrame::MarkLineDirty'
    and the browser engine can be exploited to
    corrupt memory.
  - Errors in 'Silf::readClassMap' and 'Pass::readPass' functions within
    Graphite 2 library.
  - Use-after-free error exists within the WebGL implementation.";
tag_summary = "This host is installed with Mozilla firefox/thunderbird/seamonkey and is
  prone to multiple vulnerabilities.";

if(description)
{
  script_id(803012);
  script_version("$Revision: 6445 $");
  script_cve_id("CVE-2012-3959", "CVE-2012-3958", "CVE-2012-3957", "CVE-2012-3972",
                "CVE-2012-3956", "CVE-2012-3971", "CVE-2012-1976", "CVE-2012-3970",
                "CVE-2012-1975", "CVE-2012-3969", "CVE-2012-1974", "CVE-2012-3968",
                "CVE-2012-1973", "CVE-2012-3967", "CVE-2012-3966", "CVE-2012-1970",
                "CVE-2012-3964", "CVE-2012-3963", "CVE-2012-3962", "CVE-2012-3978");
  script_bugtraq_id(55249);
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"$Date: 2017-06-27 14:31:06 +0200 (Tue, 27 Jun 2017) $");
  script_tag(name:"creation_date", value:"2012-08-30 12:20:04 +0530 (Thu, 30 Aug 2012)");
  script_name("Mozilla Products Multiple Vulnerabilities - August12 (Mac OS X)");

  script_xref(name : "URL" , value : "http://secunia.com/advisories/50088");
  script_xref(name : "URL" , value : "http://securitytracker.com/id/1027450");
  script_xref(name : "URL" , value : "http://securitytracker.com/id/1027451");
  script_xref(name : "URL" , value : "http://www.mozilla.org/security/announce/2012/mfsa2012-57.html");
  script_xref(name : "URL" , value : "http://www.mozilla.org/security/announce/2012/mfsa2012-58.html");
  script_xref(name : "URL" , value : "http://www.mozilla.org/security/announce/2012/mfsa2012-62.html");
  script_xref(name : "URL" , value : "http://www.mozilla.org/security/announce/2012/mfsa2012-63.html");
  script_xref(name : "URL" , value : "http://www.mozilla.org/security/announce/2012/mfsa2012-64.html");
  script_xref(name : "URL" , value : "http://www.mozilla.org/security/announce/2012/mfsa2012-70.html");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
  script_family("General");
  script_dependencies("gb_mozilla_prdts_detect_macosx.nasl");
  script_mandatory_keys("Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Mac/Installed");
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("version_func.inc");

# Firefox Check
ffVer = "";
ffVer = get_kb_item("Mozilla/Firefox/MacOSX/Version");

if(ffVer)
{
  # Grep for Firefox version
  if(version_is_less(version:ffVer, test_version:"10.0.7")||
     version_in_range(version:ffVer, test_version:"11.0", test_version2:"14.0"))
  {
    security_message(0);
    exit(0);
  }
}

# SeaMonkey Check
seaVer = "";
seaVer = get_kb_item("SeaMonkey/MacOSX/Version");

if(seaVer)
{
  # Grep for SeaMonkey version
  if(version_is_less(version:seaVer, test_version:"2.12"))
  {
    security_message(0);
    exit(0);
  }
}

# Thunderbird Check
tbVer = "";
tbVer = get_kb_item("ThunderBird/MacOSX/Version");

if(tbVer)
{
  # Grep for Thunderbird version
  if(version_is_less(version:tbVer, test_version:"10.0.7")||
     version_in_range(version:tbVer, test_version:"11.0", test_version2:"14.0"))
  {
    security_message(0);
    exit(0);
  }
}

Related

openvas 50
nessus 38
redhat 2
centos 2
oraclelinux 2
veracode 23
debian 3
osv 3
ubuntu 4
suse 4
mozilla 7
securityvulns 2
freebsd 1
ibm 2
cve 20
ubuntucve 18
prion 18
openvas
openvas
Mozilla Products Multiple Vulnerabilities (Aug 2012) - Windows
2012-08-30 00:00:00
Mozilla Products Multiple Vulnerabilities (Aug 2012) - Mac OS X
2012-08-30 00:00:00
Mozilla Products Multiple Vulnerabilities - August12 (Windows)
2012-08-30 00:00:00
nessus
nessus
Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20120829)
2012-08-30 00:00:00
Oracle Linux 6 : thunderbird (ELSA-2012-1211)
2013-07-12 00:00:00
RHEL 5 / 6 : thunderbird (RHSA-2012:1211)
2012-08-29 00:00:00
redhat
redhat
(RHSA-2012:1211) Critical: thunderbird security update
2012-08-29 00:00:00
(RHSA-2012:1210) Critical: firefox security update
2012-08-29 00:00:00
centos
centos
thunderbird security update
2012-08-29 12:53:01
firefox, xulrunner security update
2012-08-29 12:43:30
oraclelinux
oraclelinux
firefox security update
2012-08-29 00:00:00
thunderbird security update
2012-08-29 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:42:57
Information Disclosure
2019-05-02 04:42:57
Arbitrary Code Execution
2019-05-02 04:42:57
debian
debian
[SECURITY] [DSA 2554-1] iceape security update
2012-09-26 19:00:31
[SECURITY] [DSA 2553-1] iceweasel security update
2012-09-24 17:18:25
[SECURITY] [DSA 2556-1] icedove security update
2012-10-07 13:13:58
osv
osv
icedove - several
2012-10-07 00:00:00
iceweasel - several
2012-09-24 00:00:00
iceape - several
2012-09-26 00:00:00
ubuntu
ubuntu
Thunderbird regressions
2012-09-28 00:00:00
Thunderbird vulnerabilities
2012-08-30 00:00:00
Firefox vulnerabilities
2012-08-29 00:00:00
suse
suse
MozillaFirefox: Update to version 15 (critical)
2012-08-30 12:09:15
MozillaFirefox: Update to version 15 (critical)
2012-08-30 12:09:32
Security update for Mozilla Firefox (important)
2012-09-14 02:08:30
mozilla
mozilla
Use-after-free issues found using Address Sanitizer — Mozilla
2012-08-28 00:00:00
WebGL use-after-free and memory corruption — Mozilla
2012-08-28 00:00:00
SVG buffer overflow and use-after-free issues — Mozilla
2012-08-28 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-09-18 00:00:00
VUPEN - Mozilla Firefox &quot;nsHTMLEditRules&quot; Remote Use-after-free &#40;CVE-2012-3958 / MFSA 2012-58&#41;
2012-09-18 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-08-28 00:00:00
ibm
ibm
Security Bulletin: Storwize V7000 Unified V1.4.1.0 Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
cve
cve
CVE-2012-3971
2012-08-29 10:56:00
CVE-2012-3958
2012-08-29 10:56:00
CVE-2012-3967
2012-08-29 10:56:00
ubuntucve
ubuntucve
CVE-2012-3971
2012-08-29 00:00:00
CVE-2012-3969
2012-08-29 00:00:00
CVE-2012-3957
2012-08-29 00:00:00
prion
prion
Memory corruption
2012-08-29 10:56:00
Integer overflow
2012-08-29 10:56:00
Memory corruption
2012-08-29 10:56:00

0.174 Low

EPSS

Percentile

95.6%

JSON
Related for OPENVAS:803012
openvas50nessus38redhat2centos2oraclelinux2veracode23debian3osv3ubuntu4suse4mozilla7securityvulns2freebsd1ibm2cve20ubuntucve18prion18