ID RHSA-2012:1089 Type redhat Reporter RedHat Modified 2018-06-06T20:24:13
Description
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed content. Malicious
content could cause Thunderbird to crash or, potentially, execute arbitrary
code with the privileges of the user running Thunderbird. (CVE-2012-1948,
CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1958,
CVE-2012-1962, CVE-2012-1967)
Malicious content could bypass same-compartment security wrappers (SCSW)
and execute arbitrary code with chrome privileges. (CVE-2012-1959)
A flaw in the way Thunderbird called history.forward and history.back could
allow an attacker to conceal a malicious URL, possibly tricking a user
into believing they are viewing trusted content. (CVE-2012-1955)
A flaw in a parser utility class used by Thunderbird to parse feeds (such
as RSS) could allow an attacker to execute arbitrary JavaScript with the
privileges of the user running Thunderbird. This issue could have affected
other Thunderbird components or add-ons that assume the class returns
sanitized input. (CVE-2012-1957)
A flaw in the way Thunderbird handled X-Frame-Options headers could allow
malicious content to perform a clickjacking attack. (CVE-2012-1961)
A flaw in the way Content Security Policy (CSP) reports were generated by
Thunderbird could allow malicious content to steal a victim's OAuth 2.0
access tokens and OpenID credentials. (CVE-2012-1963)
A flaw in the way Thunderbird handled certificate warnings could allow a
man-in-the-middle attacker to create a crafted warning, possibly tricking
a user into accepting an arbitrary certificate as trusted. (CVE-2012-1964)
The nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6
introduced a mitigation for the CVE-2011-3389 flaw. For compatibility
reasons, it remains disabled by default in the nss packages. This update
makes Thunderbird enable the mitigation by default. It can be disabled by
setting the NSS_SSL_CBC_RANDOM_IV environment variable to 0 before
launching Thunderbird. (BZ#838879)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Benoit Jacob, Jesse Ruderman, Christian Holler, Bill
McCloskey, Abhishek Arya, Arthur Gerkis, Bill Keese, moz_bug_r_a4, Bobby
Holley, Mariusz Mlynski, Mario Heiderich, Frederic Buclin, Karthikeyan
Bhargavan, and Matt McCutchen as the original reporters of these issues.
Note: None of the issues in this advisory can be exploited by a
specially-crafted HTML mail message as JavaScript is disabled by default
for mail messages. They could be exploited another way in Thunderbird, for
example, when viewing the full remote content of an RSS feed.
All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 10.0.6 ESR, which corrects these issues. After
installing the update, Thunderbird must be restarted for the changes to
take effect.
{"id": "RHSA-2012:1089", "hash": "b3cf411ab360721ddf5d7403039a8cd9", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2012:1089) Critical: thunderbird security update", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content. Malicious\ncontent could cause Thunderbird to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Thunderbird. (CVE-2012-1948,\nCVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1958,\nCVE-2012-1962, CVE-2012-1967)\n\nMalicious content could bypass same-compartment security wrappers (SCSW)\nand execute arbitrary code with chrome privileges. (CVE-2012-1959)\n\nA flaw in the way Thunderbird called history.forward and history.back could\nallow an attacker to conceal a malicious URL, possibly tricking a user\ninto believing they are viewing trusted content. (CVE-2012-1955)\n\nA flaw in a parser utility class used by Thunderbird to parse feeds (such\nas RSS) could allow an attacker to execute arbitrary JavaScript with the\nprivileges of the user running Thunderbird. This issue could have affected\nother Thunderbird components or add-ons that assume the class returns\nsanitized input. (CVE-2012-1957)\n\nA flaw in the way Thunderbird handled X-Frame-Options headers could allow\nmalicious content to perform a clickjacking attack. (CVE-2012-1961)\n\nA flaw in the way Content Security Policy (CSP) reports were generated by\nThunderbird could allow malicious content to steal a victim's OAuth 2.0\naccess tokens and OpenID credentials. (CVE-2012-1963)\n\nA flaw in the way Thunderbird handled certificate warnings could allow a\nman-in-the-middle attacker to create a crafted warning, possibly tricking\na user into accepting an arbitrary certificate as trusted. (CVE-2012-1964)\n\nThe nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6\nintroduced a mitigation for the CVE-2011-3389 flaw. For compatibility\nreasons, it remains disabled by default in the nss packages. This update\nmakes Thunderbird enable the mitigation by default. It can be disabled by\nsetting the NSS_SSL_CBC_RANDOM_IV environment variable to 0 before\nlaunching Thunderbird. (BZ#838879)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Benoit Jacob, Jesse Ruderman, Christian Holler, Bill\nMcCloskey, Abhishek Arya, Arthur Gerkis, Bill Keese, moz_bug_r_a4, Bobby\nHolley, Mariusz Mlynski, Mario Heiderich, Frederic Buclin, Karthikeyan\nBhargavan, and Matt McCutchen as the original reporters of these issues.\n\nNote: None of the issues in this advisory can be exploited by a\nspecially-crafted HTML mail message as JavaScript is disabled by default\nfor mail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 10.0.6 ESR, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes to\ntake effect.\n", "published": "2012-07-17T04:00:00", "modified": "2018-06-06T20:24:13", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2012:1089", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2011-3389", "CVE-2012-1948", "CVE-2012-1951", "CVE-2012-1952", "CVE-2012-1953", "CVE-2012-1954", "CVE-2012-1955", "CVE-2012-1957", "CVE-2012-1958", "CVE-2012-1959", "CVE-2012-1961", "CVE-2012-1962", "CVE-2012-1963", "CVE-2012-1964", "CVE-2012-1967"], "lastseen": "2018-12-11T19:41:03", "history": [{"bulletin": {"id": "RHSA-2012:1089", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2012:1089) Critical: thunderbird security update", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content. Malicious\ncontent could cause Thunderbird to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Thunderbird. (CVE-2012-1948,\nCVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1958,\nCVE-2012-1962, CVE-2012-1967)\n\nMalicious content could bypass same-compartment security wrappers (SCSW)\nand execute arbitrary code with chrome privileges. (CVE-2012-1959)\n\nA flaw in the way Thunderbird called history.forward and history.back could\nallow an attacker to conceal a malicious URL, possibly tricking a user\ninto believing they are viewing trusted content. (CVE-2012-1955)\n\nA flaw in a parser utility class used by Thunderbird to parse feeds (such\nas RSS) could allow an attacker to execute arbitrary JavaScript with the\nprivileges of the user running Thunderbird. This issue could have affected\nother Thunderbird components or add-ons that assume the class returns\nsanitized input. (CVE-2012-1957)\n\nA flaw in the way Thunderbird handled X-Frame-Options headers could allow\nmalicious content to perform a clickjacking attack. (CVE-2012-1961)\n\nA flaw in the way Content Security Policy (CSP) reports were generated by\nThunderbird could allow malicious content to steal a victim's OAuth 2.0\naccess tokens and OpenID credentials. (CVE-2012-1963)\n\nA flaw in the way Thunderbird handled certificate warnings could allow a\nman-in-the-middle attacker to create a crafted warning, possibly tricking\na user into accepting an arbitrary certificate as trusted. (CVE-2012-1964)\n\nThe nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6\nintroduced a mitigation for the CVE-2011-3389 flaw. For compatibility\nreasons, it remains disabled by default in the nss packages. This update\nmakes Thunderbird enable the mitigation by default. It can be disabled by\nsetting the NSS_SSL_CBC_RANDOM_IV environment variable to 0 before\nlaunching Thunderbird. (BZ#838879)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Benoit Jacob, Jesse Ruderman, Christian Holler, Bill\nMcCloskey, Abhishek Arya, Arthur Gerkis, Bill Keese, moz_bug_r_a4, Bobby\nHolley, Mariusz Mlynski, Mario Heiderich, Fr\u00e9d\u00e9ric Buclin, Karthikeyan\nBhargavan, and Matt McCutchen as the original reporters of these issues.\n\nNote: None of the issues in this advisory can be exploited by a\nspecially-crafted HTML mail message as JavaScript is disabled by default\nfor mail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 10.0.6 ESR, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes to\ntake effect.\n", "published": "2012-07-17T04:00:00", "modified": "2017-03-03T17:24:11", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2012:1089", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2012-1962", "CVE-2012-1948", "CVE-2012-1953", "CVE-2011-3389", "CVE-2012-1954", "CVE-2012-1967", "CVE-2012-1961", "CVE-2012-1951", "CVE-2012-1952", "CVE-2012-1955", "CVE-2012-1959", "CVE-2012-1957", "CVE-2012-1958", "CVE-2012-1964", "CVE-2012-1963"], "lastseen": "2017-03-05T13:18:31", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageFilename": "thunderbird-debuginfo-10.0.6-1.el6_3.s390x.rpm", "OS": "RedHat", "arch": "s390x", "packageName": "thunderbird-debuginfo", "OSVersion": "6", "packageVersion": "10.0.6-1.el6_3", "operator": "lt"}, {"packageFilename": "thunderbird-10.0.6-1.el6_3.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "thunderbird", "OSVersion": "6", "packageVersion": "10.0.6-1.el6_3", "operator": "lt"}, {"packageFilename": "thunderbird-10.0.6-1.el5_8.src.rpm", "OS": "RedHat", "arch": "src", "packageName": "thunderbird", "OSVersion": "5", "packageVersion": "10.0.6-1.el5_8", "operator": "lt"}, {"packageFilename": "thunderbird-debuginfo-10.0.6-1.el6_3.ppc64.rpm", "OS": "RedHat", "arch": "ppc64", "packageName": "thunderbird-debuginfo", "OSVersion": "6", "packageVersion": "10.0.6-1.el6_3", "operator": "lt"}, {"packageFilename": "thunderbird-10.0.6-1.el5_8.i386.rpm", "OS": "RedHat", "arch": "i386", "packageName": "thunderbird", "OSVersion": "5", "packageVersion": "10.0.6-1.el5_8", "operator": "lt"}, {"packageFilename": "thunderbird-debuginfo-10.0.6-1.el6_3.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "thunderbird-debuginfo", "OSVersion": "6", "packageVersion": "10.0.6-1.el6_3", "operator": "lt"}, {"packageFilename": "thunderbird-debuginfo-10.0.6-1.el6_3.i686.rpm", "OS": "RedHat", "arch": "i686", "packageName": "thunderbird-debuginfo", "OSVersion": "6", "packageVersion": "10.0.6-1.el6_3", "operator": "lt"}, {"packageFilename": "thunderbird-10.0.6-1.el6_3.ppc64.rpm", "OS": "RedHat", "arch": "ppc64", "packageName": "thunderbird", "OSVersion": "6", "packageVersion": "10.0.6-1.el6_3", "operator": "lt"}, {"packageFilename": "thunderbird-10.0.6-1.el6_3.src.rpm", "OS": "RedHat", "arch": "src", "packageName": "thunderbird", "OSVersion": "6", "packageVersion": "10.0.6-1.el6_3", "operator": "lt"}, {"packageFilename": "thunderbird-debuginfo-10.0.6-1.el5_8.i386.rpm", "OS": "RedHat", "arch": "i386", "packageName": "thunderbird-debuginfo", "OSVersion": "5", "packageVersion": "10.0.6-1.el5_8", "operator": "lt"}, {"packageFilename": "thunderbird-10.0.6-1.el6_3.i686.rpm", "OS": "RedHat", "arch": "i686", "packageName": "thunderbird", "OSVersion": "6", "packageVersion": "10.0.6-1.el6_3", "operator": "lt"}, {"packageFilename": "thunderbird-debuginfo-10.0.6-1.el5_8.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "thunderbird-debuginfo", "OSVersion": "5", "packageVersion": "10.0.6-1.el5_8", "operator": "lt"}, {"packageFilename": "thunderbird-10.0.6-1.el5_8.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "thunderbird", "OSVersion": "5", "packageVersion": "10.0.6-1.el5_8", "operator": "lt"}, {"packageFilename": "thunderbird-10.0.6-1.el6_3.s390x.rpm", "OS": "RedHat", "arch": "s390x", "packageName": "thunderbird", "OSVersion": "6", "packageVersion": "10.0.6-1.el6_3", "operator": "lt"}]}, "lastseen": "2017-03-05T13:18:31", "differentElements": ["affectedPackage", "description", "modified"], "edition": 1}, {"bulletin": {"id": "RHSA-2012:1089", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2012:1089) Critical: thunderbird security update", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content. Malicious\ncontent could cause Thunderbird to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Thunderbird. (CVE-2012-1948,\nCVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1958,\nCVE-2012-1962, CVE-2012-1967)\n\nMalicious content could bypass same-compartment security wrappers (SCSW)\nand execute arbitrary code with chrome privileges. (CVE-2012-1959)\n\nA flaw in the way Thunderbird called history.forward and history.back could\nallow an attacker to conceal a malicious URL, possibly tricking a user\ninto believing they are viewing trusted content. (CVE-2012-1955)\n\nA flaw in a parser utility class used by Thunderbird to parse feeds (such\nas RSS) could allow an attacker to execute arbitrary JavaScript with the\nprivileges of the user running Thunderbird. This issue could have affected\nother Thunderbird components or add-ons that assume the class returns\nsanitized input. (CVE-2012-1957)\n\nA flaw in the way Thunderbird handled X-Frame-Options headers could allow\nmalicious content to perform a clickjacking attack. (CVE-2012-1961)\n\nA flaw in the way Content Security Policy (CSP) reports were generated by\nThunderbird could allow malicious content to steal a victim's OAuth 2.0\naccess tokens and OpenID credentials. (CVE-2012-1963)\n\nA flaw in the way Thunderbird handled certificate warnings could allow a\nman-in-the-middle attacker to create a crafted warning, possibly tricking\na user into accepting an arbitrary certificate as trusted. (CVE-2012-1964)\n\nThe nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6\nintroduced a mitigation for the CVE-2011-3389 flaw. For compatibility\nreasons, it remains disabled by default in the nss packages. This update\nmakes Thunderbird enable the mitigation by default. It can be disabled by\nsetting the NSS_SSL_CBC_RANDOM_IV environment variable to 0 before\nlaunching Thunderbird. (BZ#838879)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Benoit Jacob, Jesse Ruderman, Christian Holler, Bill\nMcCloskey, Abhishek Arya, Arthur Gerkis, Bill Keese, moz_bug_r_a4, Bobby\nHolley, Mariusz Mlynski, Mario Heiderich, Frederic Buclin, Karthikeyan\nBhargavan, and Matt McCutchen as the original reporters of these issues.\n\nNote: None of the issues in this advisory can be exploited by a\nspecially-crafted HTML mail message as JavaScript is disabled by default\nfor mail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 10.0.6 ESR, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes to\ntake effect.\n", "published": "2012-07-17T04:00:00", "modified": "2017-07-28T18:45:30", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2012:1089", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2011-3389", "CVE-2012-1948", "CVE-2012-1951", "CVE-2012-1952", "CVE-2012-1953", "CVE-2012-1954", "CVE-2012-1955", "CVE-2012-1957", "CVE-2012-1958", "CVE-2012-1959", "CVE-2012-1961", "CVE-2012-1962", "CVE-2012-1963", "CVE-2012-1964", "CVE-2012-1967"], "lastseen": "2017-08-01T08:57:37", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "10.0.6-1.el5_8", "packageName": "thunderbird", "packageFilename": "thunderbird-10.0.6-1.el5_8.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}]}, "lastseen": "2017-08-01T08:57:37", "differentElements": ["affectedPackage", "modified"], "edition": 2}, {"bulletin": {"id": "RHSA-2012:1089", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2012:1089) Critical: thunderbird security update", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content. Malicious\ncontent could cause Thunderbird to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Thunderbird. (CVE-2012-1948,\nCVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1958,\nCVE-2012-1962, CVE-2012-1967)\n\nMalicious content could bypass same-compartment security wrappers (SCSW)\nand execute arbitrary code with chrome privileges. (CVE-2012-1959)\n\nA flaw in the way Thunderbird called history.forward and history.back could\nallow an attacker to conceal a malicious URL, possibly tricking a user\ninto believing they are viewing trusted content. (CVE-2012-1955)\n\nA flaw in a parser utility class used by Thunderbird to parse feeds (such\nas RSS) could allow an attacker to execute arbitrary JavaScript with the\nprivileges of the user running Thunderbird. This issue could have affected\nother Thunderbird components or add-ons that assume the class returns\nsanitized input. (CVE-2012-1957)\n\nA flaw in the way Thunderbird handled X-Frame-Options headers could allow\nmalicious content to perform a clickjacking attack. (CVE-2012-1961)\n\nA flaw in the way Content Security Policy (CSP) reports were generated by\nThunderbird could allow malicious content to steal a victim's OAuth 2.0\naccess tokens and OpenID credentials. (CVE-2012-1963)\n\nA flaw in the way Thunderbird handled certificate warnings could allow a\nman-in-the-middle attacker to create a crafted warning, possibly tricking\na user into accepting an arbitrary certificate as trusted. (CVE-2012-1964)\n\nThe nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6\nintroduced a mitigation for the CVE-2011-3389 flaw. For compatibility\nreasons, it remains disabled by default in the nss packages. This update\nmakes Thunderbird enable the mitigation by default. It can be disabled by\nsetting the NSS_SSL_CBC_RANDOM_IV environment variable to 0 before\nlaunching Thunderbird. (BZ#838879)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Benoit Jacob, Jesse Ruderman, Christian Holler, Bill\nMcCloskey, Abhishek Arya, Arthur Gerkis, Bill Keese, moz_bug_r_a4, Bobby\nHolley, Mariusz Mlynski, Mario Heiderich, Frederic Buclin, Karthikeyan\nBhargavan, and Matt McCutchen as the original reporters of these issues.\n\nNote: None of the issues in this advisory can be exploited by a\nspecially-crafted HTML mail message as JavaScript is disabled by default\nfor mail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 10.0.6 ESR, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes to\ntake effect.\n", "published": "2012-07-17T04:00:00", "modified": "2017-09-08T12:16:07", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2012:1089", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2011-3389", "CVE-2012-1948", "CVE-2012-1951", "CVE-2012-1952", "CVE-2012-1953", "CVE-2012-1954", "CVE-2012-1955", "CVE-2012-1957", "CVE-2012-1958", "CVE-2012-1959", "CVE-2012-1961", "CVE-2012-1962", "CVE-2012-1963", "CVE-2012-1964", "CVE-2012-1967"], "lastseen": "2017-09-09T07:20:27", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "10.0.6-1.el5_8", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-10.0.6-1.el5_8.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "10.0.6-1.el5_8", "packageName": "thunderbird", "packageFilename": "thunderbird-10.0.6-1.el5_8.src.rpm", "arch": "src", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "10.0.6-1.el5_8", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-10.0.6-1.el5_8.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "10.0.6-1.el5_8", "packageName": "thunderbird", "packageFilename": "thunderbird-10.0.6-1.el5_8.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "10.0.6-1.el5_8", "packageName": "thunderbird", "packageFilename": "thunderbird-10.0.6-1.el5_8.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "10.0.6-1.el6_3", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-10.0.6-1.el6_3.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "10.0.6-1.el6_3", "packageName": "thunderbird", "packageFilename": "thunderbird-10.0.6-1.el6_3.src.rpm", "arch": "src", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "10.0.6-1.el6_3", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-10.0.6-1.el6_3.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "10.0.6-1.el6_3", "packageName": "thunderbird", "packageFilename": "thunderbird-10.0.6-1.el6_3.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "10.0.6-1.el6_3", "packageName": "thunderbird", "packageFilename": "thunderbird-10.0.6-1.el6_3.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "10.0.6-1.el6_3", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-10.0.6-1.el6_3.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "10.0.6-1.el6_3", "packageName": "thunderbird", "packageFilename": "thunderbird-10.0.6-1.el6_3.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "10.0.6-1.el6_3", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-10.0.6-1.el6_3.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "10.0.6-1.el6_3", "packageName": "thunderbird", "packageFilename": "thunderbird-10.0.6-1.el6_3.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}]}, "lastseen": "2017-09-09T07:20:27", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "RHSA-2012:1089", "hash": "eb3aef1549b2d9467bc9ed862ea44471", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2012:1089) Critical: thunderbird security update", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content. Malicious\ncontent could cause Thunderbird to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Thunderbird. (CVE-2012-1948,\nCVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1958,\nCVE-2012-1962, CVE-2012-1967)\n\nMalicious content could bypass same-compartment security wrappers (SCSW)\nand execute arbitrary code with chrome privileges. (CVE-2012-1959)\n\nA flaw in the way Thunderbird called history.forward and history.back could\nallow an attacker to conceal a malicious URL, possibly tricking a user\ninto believing they are viewing trusted content. (CVE-2012-1955)\n\nA flaw in a parser utility class used by Thunderbird to parse feeds (such\nas RSS) could allow an attacker to execute arbitrary JavaScript with the\nprivileges of the user running Thunderbird. This issue could have affected\nother Thunderbird components or add-ons that assume the class returns\nsanitized input. (CVE-2012-1957)\n\nA flaw in the way Thunderbird handled X-Frame-Options headers could allow\nmalicious content to perform a clickjacking attack. (CVE-2012-1961)\n\nA flaw in the way Content Security Policy (CSP) reports were generated by\nThunderbird could allow malicious content to steal a victim's OAuth 2.0\naccess tokens and OpenID credentials. (CVE-2012-1963)\n\nA flaw in the way Thunderbird handled certificate warnings could allow a\nman-in-the-middle attacker to create a crafted warning, possibly tricking\na user into accepting an arbitrary certificate as trusted. (CVE-2012-1964)\n\nThe nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6\nintroduced a mitigation for the CVE-2011-3389 flaw. For compatibility\nreasons, it remains disabled by default in the nss packages. This update\nmakes Thunderbird enable the mitigation by default. It can be disabled by\nsetting the NSS_SSL_CBC_RANDOM_IV environment variable to 0 before\nlaunching Thunderbird. (BZ#838879)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Benoit Jacob, Jesse Ruderman, Christian Holler, Bill\nMcCloskey, Abhishek Arya, Arthur Gerkis, Bill Keese, moz_bug_r_a4, Bobby\nHolley, Mariusz Mlynski, Mario Heiderich, Frederic Buclin, Karthikeyan\nBhargavan, and Matt McCutchen as the original reporters of these issues.\n\nNote: None of the issues in this advisory can be exploited by a\nspecially-crafted HTML mail message as JavaScript is disabled by default\nfor mail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 10.0.6 ESR, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes to\ntake effect.\n", "published": "2012-07-17T04:00:00", "modified": "2018-06-06T20:24:13", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2012:1089", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2011-3389", "CVE-2012-1948", "CVE-2012-1951", "CVE-2012-1952", "CVE-2012-1953", "CVE-2012-1954", "CVE-2012-1955", "CVE-2012-1957", "CVE-2012-1958", "CVE-2012-1959", "CVE-2012-1961", "CVE-2012-1962", "CVE-2012-1963", "CVE-2012-1964", "CVE-2012-1967"], "lastseen": "2018-06-06T18:04:59", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "thunderbird-debuginfo", "packageVersion": "10.0.6-1.el5_8", "packageFilename": "thunderbird-debuginfo-10.0.6-1.el5_8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "src", "packageName": "thunderbird", "packageVersion": "10.0.6-1.el5_8", "packageFilename": "thunderbird-10.0.6-1.el5_8.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "thunderbird-debuginfo", "packageVersion": "10.0.6-1.el5_8", "packageFilename": "thunderbird-debuginfo-10.0.6-1.el5_8.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "thunderbird", "packageVersion": "10.0.6-1.el5_8", "packageFilename": "thunderbird-10.0.6-1.el5_8.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "thunderbird", "packageVersion": "10.0.6-1.el5_8", "packageFilename": "thunderbird-10.0.6-1.el5_8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "thunderbird-debuginfo", "packageVersion": "10.0.6-1.el6_3", "packageFilename": "thunderbird-debuginfo-10.0.6-1.el6_3.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "src", "packageName": "thunderbird", "packageVersion": "10.0.6-1.el6_3", "packageFilename": "thunderbird-10.0.6-1.el6_3.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "thunderbird-debuginfo", "packageVersion": "10.0.6-1.el6_3", "packageFilename": "thunderbird-debuginfo-10.0.6-1.el6_3.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "thunderbird", "packageVersion": "10.0.6-1.el6_3", "packageFilename": "thunderbird-10.0.6-1.el6_3.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "thunderbird", "packageVersion": "10.0.6-1.el6_3", "packageFilename": "thunderbird-10.0.6-1.el6_3.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "thunderbird-debuginfo", "packageVersion": "10.0.6-1.el6_3", "packageFilename": "thunderbird-debuginfo-10.0.6-1.el6_3.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "thunderbird", "packageVersion": "10.0.6-1.el6_3", "packageFilename": "thunderbird-10.0.6-1.el6_3.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "thunderbird-debuginfo", "packageVersion": "10.0.6-1.el6_3", "packageFilename": "thunderbird-debuginfo-10.0.6-1.el6_3.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "thunderbird", "packageVersion": "10.0.6-1.el6_3", "packageFilename": "thunderbird-10.0.6-1.el6_3.s390x.rpm", "operator": "lt"}]}, "lastseen": "2018-06-06T18:04:59", "differentElements": ["affectedPackage"], "edition": 4}], "viewCount": 0, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:802889", "OPENVAS:1361412562310802890", "OPENVAS:1361412562310802889", "OPENVAS:802890", "OPENVAS:870792", "OPENVAS:1361412562310881168", "OPENVAS:881187", "OPENVAS:881201", "OPENVAS:870790", "OPENVAS:881168"]}, {"type": "redhat", "idList": ["RHSA-2012:1088"]}, {"type": "nessus", "idList": ["SL_20120717_THUNDERBIRD_ON_SL5_X.NASL", "SOLARIS11_THUNDERBIRD_20130129.NASL", "UBUNTU_USN-1509-2.NASL", "MACOSX_FIREFOX_10_0_6.NASL", "SUSE_11_FIREFOX-201207-120719.NASL", "UBUNTU_USN-1509-1.NASL", "OPENSUSE-2012-410.NASL", "OPENSUSE-2012-465.NASL", "SUSE_FIREFOX-201207-8226.NASL", "MOZILLA_THUNDERBIRD_1006.NASL"]}, {"type": "centos", "idList": ["CESA-2012:1088", "CESA-2012:1089"]}, {"type": "suse", "idList": ["SUSE-SU-2012:0895-1", "OPENSUSE-SU-2012:0899-1", "OPENSUSE-SU-2012:0924-1", "SUSE-SU-2012:0896-1", "OPENSUSE-SU-2012:0935-1", "OPENSUSE-SU-2012:0917-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-1088", "ELSA-2012-1089"]}, {"type": "ubuntu", "idList": ["USN-1509-1", "USN-1509-2", "USN-1510-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12483"]}, {"type": "freebsd", "idList": ["DBF338D0-DCE5-11E1-B655-14DAE9EBCF89"]}, {"type": "cve", "idList": ["CVE-2012-1953", "CVE-2012-1951", "CVE-2012-1967", "CVE-2012-1958", "CVE-2012-1963", "CVE-2012-1964", "CVE-2012-1959", "CVE-2012-1962", "CVE-2012-1954", "CVE-2012-1948"]}, {"type": "mozilla", "idList": ["MFSA2012-44"]}], "modified": "2018-12-11T19:41:03"}, "vulnersScore": 9.3}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "thunderbird-debuginfo", "packageVersion": "10.0.6-1.el5_8", "packageFilename": "thunderbird-debuginfo-10.0.6-1.el5_8.x86_64.rpm", "operator": "lt"}], "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"]}
{"openvas": [{"lastseen": "2017-07-12T10:51:23", "bulletinFamily": "scanner", "description": "This host is installed with Mozilla firefox/thunderbird/seamonkey and is\n prone to multiple vulnerabilities.", "modified": "2017-06-27T00:00:00", "published": "2012-07-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=802889", "id": "OPENVAS:802889", "title": "Mozilla Products Multiple Vulnerabilities - July12 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_prdts_mult_vuln_jul12_win.nasl 6444 2017-06-27 11:24:02Z santu $\n#\n# Mozilla Products Multiple Vulnerabilities - July12 (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Upgrade to Mozilla Firefox version 14.0 or ESR version 10.0.6 or later,\n For updates refer to http://www.mozilla.com/en-US/firefox/all.html\n\n Upgrade to SeaMonkey version to 2.11 or later,\n http://www.mozilla.org/projects/seamonkey/\n\n Upgrade to Thunderbird version to 14.0 or ESR 10.0.6 or later,\n http://www.mozilla.org/en-US/thunderbird/\";\n\ntag_impact = \"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser or cause a denial of service.\n Impact Level: System/Application\";\ntag_affected = \"SeaMonkey version before 2.11\n Thunderbird version 5.0 through 13.0\n Mozilla Firefox version 4.x through 13.0\n Thunderbird ESR version 10.x before 10.0.6\n Mozilla Firefox ESR version 10.x before 10.0.6 on Windows\";\ntag_insight = \"- Use-after-free error exists within the functions\n 'nsGlobalWindow::PageHidden()', 'nsSMILTimeValueSpec::IsEventBased',\n 'nsDocument::AdoptNode' and 'JSDependentString::undepend'.\n - Multiple unspecified errors within the browser engine can be exploited to\n corrupt memory.\n - An error within the feed-view functionality.\n - An out-of-bounds read error within the\n 'ElementAnimations::EnsureStyleRuleFor()'.\n - A bad cast error within the 'nsTableFrame::InsertFrames()', can be\n exploited to corrupt memory.\";\ntag_summary = \"This host is installed with Mozilla firefox/thunderbird/seamonkey and is\n prone to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(802889);\n script_version(\"$Revision: 6444 $\");\n script_cve_id(\"CVE-2012-1948\", \"CVE-2012-1951\", \"CVE-2012-1952\", \"CVE-2012-1953\",\n \"CVE-2012-1954\", \"CVE-2012-1955\", \"CVE-2012-1957\", \"CVE-2012-1958\",\n \"CVE-2012-1959\", \"CVE-2012-1961\", \"CVE-2012-1962\", \"CVE-2012-1963\",\n \"CVE-2012-1967\");\n script_bugtraq_id(54580, 54578, 54586, 54583, 54574, 54576, 54584,\n 54575, 54582, 54573);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-27 13:24:02 +0200 (Tue, 27 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-23 17:31:44 +0530 (Mon, 23 Jul 2012)\");\n script_name(\"Mozilla Products Multiple Vulnerabilities - July12 (Windows)\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/49965\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id/1027256\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id/1027257\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-42.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-44.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-45.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-47.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-48.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-49.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-51.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-53.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-56.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_win.nasl\", \"gb_seamonkey_detect_win.nasl\",\n \"gb_thunderbird_detect_win.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Firefox Check\nffVer = \"\";\nffVer = get_kb_item(\"Firefox/Win/Ver\");\n\nif(ffVer)\n{\n # Grep for Firefox version\n if(version_in_range(version:ffVer, test_version:\"4.0\", test_version2:\"10.0.5\")||\n version_in_range(version:ffVer, test_version:\"11.0\", test_version2:\"13.0\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# SeaMonkey Check\nseaVer = \"\";\nseaVer = get_kb_item(\"Seamonkey/Win/Ver\");\n\nif(seaVer)\n{\n # Grep for SeaMonkey version\n if(version_is_less(version:seaVer, test_version:\"2.11\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Thunderbird Check\ntbVer = \"\";\ntbVer = get_kb_item(\"Thunderbird/Win/Ver\");\n\nif(tbVer)\n{\n # Grep for Thunderbird version\n if(version_in_range(version:tbVer, test_version:\"5.0\", test_version2:\"10.0.5\")||\n version_in_range(version:tbVer, test_version:\"11.0\", test_version2:\"13.0\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:43:52", "bulletinFamily": "scanner", "description": "This host is installed with Mozilla firefox/thunderbird/seamonkey and is\n prone to multiple vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2012-07-23T00:00:00", "id": "OPENVAS:1361412562310802890", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802890", "title": "Mozilla Products Multiple Vulnerabilities - July12 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_prdts_mult_vuln_jul12_macosx.nasl 11861 2018-10-12 09:29:59Z cfischer $\n#\n# Mozilla Products Multiple Vulnerabilities - July12 (Mac OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802890\");\n script_version(\"$Revision: 11861 $\");\n script_cve_id(\"CVE-2012-1948\", \"CVE-2012-1951\", \"CVE-2012-1952\", \"CVE-2012-1953\",\n \"CVE-2012-1954\", \"CVE-2012-1955\", \"CVE-2012-1957\", \"CVE-2012-1958\",\n \"CVE-2012-1959\", \"CVE-2012-1961\", \"CVE-2012-1962\", \"CVE-2012-1963\",\n \"CVE-2012-1967\");\n script_bugtraq_id(54580, 54578, 54586, 54583, 54574, 54576, 54584,\n 54575, 54582, 54573);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 11:29:59 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-23 17:31:44 +0530 (Mon, 23 Jul 2012)\");\n script_name(\"Mozilla Products Multiple Vulnerabilities - July12 (Mac OS X)\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/49965\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id/1027256\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id/1027257\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-42.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-44.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-45.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-47.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-48.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-49.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-51.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-53.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-56.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Mac/Installed\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser or cause a denial of service.\");\n script_tag(name:\"affected\", value:\"SeaMonkey version before 2.11\n Thunderbird version 5.0 through 13.0\n Mozilla Firefox version 4.x through 13.0\n Thunderbird ESR version 10.x before 10.0.6\n Mozilla Firefox ESR version 10.x before 10.0.6 on Mac OS X\");\n script_tag(name:\"insight\", value:\"- Use-after-free error exists within the functions\n 'nsGlobalWindow::PageHidden()', 'nsSMILTimeValueSpec::IsEventBased',\n 'nsDocument::AdoptNode' and 'JSDependentString::undepend'.\n\n - Multiple unspecified errors within the browser engine can be exploited to\n corrupt memory.\n\n - An error within the feed-view functionality.\n\n - An out-of-bounds read error within the\n 'ElementAnimations::EnsureStyleRuleFor()'.\n\n - A bad cast error within the 'nsTableFrame::InsertFrames()', can be\n exploited to corrupt memory\");\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla firefox/thunderbird/seamonkey and is\n prone to multiple vulnerabilities.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 14.0 or ESR version 10.0.6 or later, upgrade to SeaMonkey version to 2.11 or later,\n upgrade to Thunderbird version to 14.0 or ESR 10.0.6 or later.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/firefox/all.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/projects/seamonkey/\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/en-US/thunderbird/\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Mozilla/Firefox/MacOSX/Version\");\n\nif(ffVer)\n{\n if(version_in_range(version:ffVer, test_version:\"4.0\", test_version2:\"10.0.5\")||\n version_in_range(version:ffVer, test_version:\"11.0\", test_version2:\"13.0\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\nseaVer = get_kb_item(\"SeaMonkey/MacOSX/Version\");\n\nif(seaVer)\n{\n if(version_is_less(version:seaVer, test_version:\"2.11\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\ntbVer = get_kb_item(\"ThunderBird/MacOSX/Version\");\n\nif(tbVer)\n{\n if(version_in_range(version:tbVer, test_version:\"5.0\", test_version2:\"10.0.5\")||\n version_in_range(version:tbVer, test_version:\"11.0\", test_version2:\"13.0\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-12T10:51:46", "bulletinFamily": "scanner", "description": "This host is installed with Mozilla firefox/thunderbird/seamonkey and is\n prone to multiple vulnerabilities.", "modified": "2017-06-27T00:00:00", "published": "2012-07-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=802890", "id": "OPENVAS:802890", "title": "Mozilla Products Multiple Vulnerabilities - July12 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_prdts_mult_vuln_jul12_macosx.nasl 6445 2017-06-27 12:31:06Z santu $\n#\n# Mozilla Products Multiple Vulnerabilities - July12 (Mac OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Upgrade to Mozilla Firefox version 14.0 or ESR version 10.0.6 or later,\n For updates refer to http://www.mozilla.com/en-US/firefox/all.html\n\n Upgrade to SeaMonkey version to 2.11 or later,\n http://www.mozilla.org/projects/seamonkey/\n\n Upgrade to Thunderbird version to 14.0 or ESR 10.0.6 or later,\n http://www.mozilla.org/en-US/thunderbird/\";\n\ntag_impact = \"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser or cause a denial of service.\n Impact Level: System/Application\";\ntag_affected = \"SeaMonkey version before 2.11\n Thunderbird version 5.0 through 13.0\n Mozilla Firefox version 4.x through 13.0\n Thunderbird ESR version 10.x before 10.0.6\n Mozilla Firefox ESR version 10.x before 10.0.6 on Mac OS X\";\ntag_insight = \"- Use-after-free error exists within the functions\n 'nsGlobalWindow::PageHidden()', 'nsSMILTimeValueSpec::IsEventBased',\n 'nsDocument::AdoptNode' and 'JSDependentString::undepend'.\n - Multiple unspecified errors within the browser engine can be exploited to\n corrupt memory.\n - An error within the feed-view functionality.\n - An out-of-bounds read error within the\n 'ElementAnimations::EnsureStyleRuleFor()'.\n - A bad cast error within the 'nsTableFrame::InsertFrames()', can be\n exploited to corrupt memory\";\ntag_summary = \"This host is installed with Mozilla firefox/thunderbird/seamonkey and is\n prone to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(802890);\n script_version(\"$Revision: 6445 $\");\n script_cve_id(\"CVE-2012-1948\", \"CVE-2012-1951\", \"CVE-2012-1952\", \"CVE-2012-1953\",\n \"CVE-2012-1954\", \"CVE-2012-1955\", \"CVE-2012-1957\", \"CVE-2012-1958\",\n \"CVE-2012-1959\", \"CVE-2012-1961\", \"CVE-2012-1962\", \"CVE-2012-1963\",\n \"CVE-2012-1967\");\n script_bugtraq_id(54580, 54578, 54586, 54583, 54574, 54576, 54584,\n 54575, 54582, 54573);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-27 14:31:06 +0200 (Tue, 27 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-23 17:31:44 +0530 (Mon, 23 Jul 2012)\");\n script_name(\"Mozilla Products Multiple Vulnerabilities - July12 (Mac OS X)\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/49965\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id/1027256\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id/1027257\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-42.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-44.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-45.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-47.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-48.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-49.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-51.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-53.html\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2012/mfsa2012-56.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Mac/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Firefox Check\nffVer = \"\";\nffVer = get_kb_item(\"Mozilla/Firefox/MacOSX/Version\");\n\nif(ffVer)\n{\n # Grep for Firefox version\n if(version_in_range(version:ffVer, test_version:\"4.0\", test_version2:\"10.0.5\")||\n version_in_range(version:ffVer, test_version:\"11.0\", test_version2:\"13.0\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# SeaMonkey Check\nseaVer = \"\";\nseaVer = get_kb_item(\"SeaMonkey/MacOSX/Version\");\n\nif(seaVer)\n{\n # Grep for SeaMonkey version\n if(version_is_less(version:seaVer, test_version:\"2.11\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Thunderbird Check\ntbVer = \"\";\ntbVer = get_kb_item(\"ThunderBird/MacOSX/Version\");\n\nif(tbVer)\n{\n # Grep for Thunderbird version\n if(version_in_range(version:tbVer, test_version:\"5.0\", test_version2:\"10.0.5\")||\n version_in_range(version:tbVer, test_version:\"11.0\", test_version2:\"13.0\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:42:55", "bulletinFamily": "scanner", "description": "This host is installed with Mozilla firefox/thunderbird/seamonkey and is\n prone to multiple vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2012-07-23T00:00:00", "id": "OPENVAS:1361412562310802889", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802889", "title": "Mozilla Products Multiple Vulnerabilities - July12 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_prdts_mult_vuln_jul12_win.nasl 11861 2018-10-12 09:29:59Z cfischer $\n#\n# Mozilla Products Multiple Vulnerabilities - July12 (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802889\");\n script_version(\"$Revision: 11861 $\");\n script_cve_id(\"CVE-2012-1948\", \"CVE-2012-1951\", \"CVE-2012-1952\", \"CVE-2012-1953\",\n \"CVE-2012-1954\", \"CVE-2012-1955\", \"CVE-2012-1957\", \"CVE-2012-1958\",\n \"CVE-2012-1959\", \"CVE-2012-1961\", \"CVE-2012-1962\", \"CVE-2012-1963\",\n \"CVE-2012-1967\");\n script_bugtraq_id(54580, 54578, 54586, 54583, 54574, 54576, 54584,\n 54575, 54582, 54573);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 11:29:59 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-23 17:31:44 +0530 (Mon, 23 Jul 2012)\");\n script_name(\"Mozilla Products Multiple Vulnerabilities - July12 (Windows)\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/49965\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id/1027256\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id/1027257\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-42.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-44.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-45.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-47.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-48.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-49.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-51.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-53.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-56.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\", \"gb_seamonkey_detect_win.nasl\",\n \"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to inject scripts, bypass\n certain security restrictions, execute arbitrary code in the context of the\n browser or cause a denial of service.\");\n script_tag(name:\"affected\", value:\"SeaMonkey version before 2.11\n\n Thunderbird version 5.0 through 13.0\n\n Mozilla Firefox version 4.x through 13.0\n\n Thunderbird ESR version 10.x before 10.0.6\n\n Mozilla Firefox ESR version 10.x before 10.0.6 on Windows\");\n script_tag(name:\"insight\", value:\"- Use-after-free error exists within the functions\n 'nsGlobalWindow::PageHidden()', 'nsSMILTimeValueSpec::IsEventBased',\n 'nsDocument::AdoptNode' and 'JSDependentString::undepend'.\n\n - Multiple unspecified errors within the browser engine can be exploited to\n corrupt memory.\n\n - An error within the feed-view functionality.\n\n - An out-of-bounds read error within the\n 'ElementAnimations::EnsureStyleRuleFor()'.\n\n - A bad cast error within the 'nsTableFrame::InsertFrames()', can be\n exploited to corrupt memory.\");\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla firefox/thunderbird/seamonkey and is\n prone to multiple vulnerabilities.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 14.0 or ESR version 10.0.6 or later, upgrade to SeaMonkey version to 2.11 or later,\n upgrade to Thunderbird version to 14.0 or ESR 10.0.6 or later.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/firefox/all.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/projects/seamonkey/\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/en-US/thunderbird/\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(ffVer)\n{\n if(version_in_range(version:ffVer, test_version:\"4.0\", test_version2:\"10.0.5\")||\n version_in_range(version:ffVer, test_version:\"11.0\", test_version2:\"13.0\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\nseaVer = get_kb_item(\"Seamonkey/Win/Ver\");\nif(seaVer)\n{\n if(version_is_less(version:seaVer, test_version:\"2.11\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\ntbVer = get_kb_item(\"Thunderbird/Win/Ver\");\nif(tbVer)\n{\n if(version_in_range(version:tbVer, test_version:\"5.0\", test_version2:\"10.0.5\")||\n version_in_range(version:tbVer, test_version:\"11.0\", test_version2:\"13.0\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-06T13:07:41", "bulletinFamily": "scanner", "description": "Check for the Version of firefox", "modified": "2018-01-04T00:00:00", "published": "2012-07-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870792", "id": "OPENVAS:870792", "title": "RedHat Update for firefox RHSA-2012:1088-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2012:1088-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n A web page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2012-1948, CVE-2012-1951, CVE-2012-1952, CVE-2012-1953,\n CVE-2012-1954, CVE-2012-1958, CVE-2012-1962, CVE-2012-1967)\n\n A malicious web page could bypass same-compartment security wrappers (SCSW)\n and execute arbitrary code with chrome privileges. (CVE-2012-1959)\n\n A flaw in the context menu functionality in Firefox could allow a malicious\n website to bypass intended restrictions and allow a cross-site scripting\n attack. (CVE-2012-1966)\n\n A page different to that in the address bar could be displayed when\n dragging and dropping to the address bar, possibly making it easier for a\n malicious site or user to perform a phishing attack. (CVE-2012-1950)\n\n A flaw in the way Firefox called history.forward and history.back could\n allow an attacker to conceal a malicious URL, possibly tricking a user\n into believing they are viewing a trusted site. (CVE-2012-1955)\n\n A flaw in a parser utility class used by Firefox to parse feeds (such as\n RSS) could allow an attacker to execute arbitrary JavaScript with the\n privileges of the user running Firefox. This issue could have affected\n other browser components or add-ons that assume the class returns\n sanitized input. (CVE-2012-1957)\n\n A flaw in the way Firefox handled X-Frame-Options headers could allow a\n malicious website to perform a clickjacking attack. (CVE-2012-1961)\n\n A flaw in the way Content Security Policy (CSP) reports were generated by\n Firefox could allow a malicious web page to steal a victim's OAuth 2.0\n access tokens and OpenID credentials. (CVE-2012-1963)\n\n A flaw in the way Firefox handled certificate warnings could allow a\n man-in-the-middle attacker to create a crafted warning, possibly tricking\n a user into accepting an arbitrary certificate as trusted. (CVE-2012-1964)\n\n A flaw in the way Firefox handled feed:javascript URLs could allow output\n filtering to be bypassed, possibly leading to a cross-site scripting\n attack. (CVE-2012-1965)\n\n The nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6\n introduced a mitigation for the CVE-2011-3389 flaw. For compatibility\n reasons, it remains disabled by default in the nss packages. This update\n ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-July/msg00015.html\");\n script_id(870792);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-19 10:28:50 +0530 (Thu, 19 Jul 2012)\");\n script_cve_id(\"CVE-2012-1948\", \"CVE-2012-1950\", \"CVE-2012-1951\", \"CVE-2012-1952\",\n \"CVE-2012-1953\", \"CVE-2012-1954\", \"CVE-2012-1955\", \"CVE-2012-1957\",\n \"CVE-2012-1958\", \"CVE-2012-1959\", \"CVE-2012-1961\", \"CVE-2012-1962\",\n \"CVE-2012-1963\", \"CVE-2012-1964\", \"CVE-2012-1965\", \"CVE-2012-1966\",\n \"CVE-2012-1967\", \"CVE-2011-3389\", \"CVE-2012-1949\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:1088-01\");\n script_name(\"RedHat Update for firefox RHSA-2012:1088-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.6~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~10.0.6~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.6~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~10.0.6~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.6~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~10.0.6~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.6~2.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~10.0.6~2.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.6~2.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:58:52", "bulletinFamily": "scanner", "description": "Check for the Version of thunderbird", "modified": "2018-04-06T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881168", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881168", "title": "CentOS Update for thunderbird CESA-2012:1089 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2012:1089 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed content. Malicious\n content could cause Thunderbird to crash or, potentially, execute arbitrary\n code with the privileges of the user running Thunderbird. (CVE-2012-1948,\n CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1958,\n CVE-2012-1962, CVE-2012-1967)\n \n Malicious content could bypass same-compartment security wrappers (SCSW)\n and execute arbitrary code with chrome privileges. (CVE-2012-1959)\n \n A flaw in the way Thunderbird called history.forward and history.back could\n allow an attacker to conceal a malicious URL, possibly tricking a user\n into believing they are viewing trusted content. (CVE-2012-1955)\n \n A flaw in a parser utility class used by Thunderbird to parse feeds (such\n as RSS) could allow an attacker to execute arbitrary JavaScript with the\n privileges of the user running Thunderbird. This issue could have affected\n other Thunderbird components or add-ons that assume the class returns\n sanitized input. (CVE-2012-1957)\n \n A flaw in the way Thunderbird handled X-Frame-Options headers could allow\n malicious content to perform a clickjacking attack. (CVE-2012-1961)\n \n A flaw in the way Content Security Policy (CSP) reports were generated by\n Thunderbird could allow malicious content to steal a victim's OAuth 2.0\n access tokens and OpenID credentials. (CVE-2012-1963)\n \n A flaw in the way Thunderbird handled certificate warnings could allow a\n man-in-the-middle attacker to create a crafted warning, possibly tricking\n a user into accepting an arbitrary certificate as trusted. (CVE-2012-1964)\n \n The nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6\n introduced a mitigation for the CVE-2011-3389 flaw. For compatibility\n reasons, it remains disabled by default in the nss packages. This update\n makes Thunderbird enable the mitigation by default. It can be disabled by\n setting the NSS_SSL_CBC_RANDOM_IV environment variable to 0 before\n launching Thunderbird. (BZ#838879)\n \n Red Hat would like to thank the Mozilla project for reporting these issues.\n Upstream acknowledges Benoit Jacob, Jesse Ruderman, Christian Holler, Bill\n McCloskey, Abhishek Arya, Arthur Gerkis, Bill Keese, moz_bug_r_a4, Bobby\n Holley, Mariusz Mlynski, Mario Heiderich, Fr\u00e9d\u00e9ric Buclin, Karthikeyan\n Bhargavan, and Matt McCutchen as the original reporters of these issues.\n \n Note: None of the issues in this advisory can be exploited by a\n specially-crafted HTML mail message as JavaScript is disabled by default\n for ma ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"thunderbird on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-July/018748.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881168\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:30:00 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-1948\", \"CVE-2012-1951\", \"CVE-2012-1952\", \"CVE-2012-1953\",\n \"CVE-2012-1954\", \"CVE-2012-1955\", \"CVE-2012-1957\", \"CVE-2012-1958\",\n \"CVE-2012-1959\", \"CVE-2012-1961\", \"CVE-2012-1962\", \"CVE-2012-1963\",\n \"CVE-2012-1964\", \"CVE-2012-1967\", \"CVE-2011-3389\", \"CVE-2012-1949\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:1089\");\n script_name(\"CentOS Update for thunderbird CESA-2012:1089 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.6~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-23T15:16:33", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2012-07-19T00:00:00", "id": "OPENVAS:1361412562310870792", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870792", "title": "RedHat Update for firefox RHSA-2012:1088-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2012:1088-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-July/msg00015.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870792\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-19 10:28:50 +0530 (Thu, 19 Jul 2012)\");\n script_cve_id(\"CVE-2012-1948\", \"CVE-2012-1950\", \"CVE-2012-1951\", \"CVE-2012-1952\",\n \"CVE-2012-1953\", \"CVE-2012-1954\", \"CVE-2012-1955\", \"CVE-2012-1957\",\n \"CVE-2012-1958\", \"CVE-2012-1959\", \"CVE-2012-1961\", \"CVE-2012-1962\",\n \"CVE-2012-1963\", \"CVE-2012-1964\", \"CVE-2012-1965\", \"CVE-2012-1966\",\n \"CVE-2012-1967\", \"CVE-2011-3389\", \"CVE-2012-1949\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:1088-01\");\n script_name(\"RedHat Update for firefox RHSA-2012:1088-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n script_tag(name:\"affected\", value:\"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n A web page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2012-1948, CVE-2012-1951, CVE-2012-1952, CVE-2012-1953,\n CVE-2012-1954, CVE-2012-1958, CVE-2012-1962, CVE-2012-1967)\n\n A malicious web page could bypass same-compartment security wrappers (SCSW)\n and execute arbitrary code with chrome privileges. (CVE-2012-1959)\n\n A flaw in the context menu functionality in Firefox could allow a malicious\n website to bypass intended restrictions and allow a cross-site scripting\n attack. (CVE-2012-1966)\n\n A page different to that in the address bar could be displayed when\n dragging and dropping to the address bar, possibly making it easier for a\n malicious site or user to perform a phishing attack. (CVE-2012-1950)\n\n A flaw in the way Firefox called history.forward and history.back could\n allow an attacker to conceal a malicious URL, possibly tricking a user\n into believing they are viewing a trusted site. (CVE-2012-1955)\n\n A flaw in a parser utility class used by Firefox to parse feeds (such as\n RSS) could allow an attacker to execute arbitrary JavaScript with the\n privileges of the user running Firefox. This issue could have affected\n other browser components or add-ons that assume the class returns\n sanitized input. (CVE-2012-1957)\n\n A flaw in the way Firefox handled X-Frame-Options headers could allow a\n malicious website to perform a clickjacking attack. (CVE-2012-1961)\n\n A flaw in the way Content Security Policy (CSP) reports were generated by\n Firefox could allow a malicious web page to steal a victim's OAuth 2.0\n access tokens and OpenID credentials. (CVE-2012-1963)\n\n A flaw in the way Firefox handled certificate warnings could allow a\n man-in-the-middle attacker to create a crafted warning, possibly tricking\n a user into accepting an arbitrary certificate as trusted. (CVE-2012-1964)\n\n A flaw in the way Firefox handled feed:javascript URLs could allow output\n filtering to be bypassed, possibly leading to a cross-site scripting\n attack. (CVE-2012-1965)\n\n The nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6\n introduced a mitigation for the CVE-2011-3389 flaw. For compatibility\n reasons, it remains disabled by default in the nss packages. This update\n ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.6~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~10.0.6~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.6~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~10.0.6~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.6~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~10.0.6~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.6~2.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~10.0.6~2.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.6~2.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-11T11:06:43", "bulletinFamily": "scanner", "description": "Check for the Version of firefox", "modified": "2018-01-09T00:00:00", "published": "2012-07-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881201", "id": "OPENVAS:881201", "title": "CentOS Update for firefox CESA-2012:1088 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2012:1088 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n A web page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2012-1948, CVE-2012-1951, CVE-2012-1952, CVE-2012-1953,\n CVE-2012-1954, CVE-2012-1958, CVE-2012-1962, CVE-2012-1967)\n \n A malicious web page could bypass same-compartment security wrappers (SCSW)\n and execute arbitrary code with chrome privileges. (CVE-2012-1959)\n \n A flaw in the context menu functionality in Firefox could allow a malicious\n website to bypass intended restrictions and allow a cross-site scripting\n attack. (CVE-2012-1966)\n \n A page different to that in the address bar could be displayed when\n dragging and dropping to the address bar, possibly making it easier for a\n malicious site or user to perform a phishing attack. (CVE-2012-1950)\n \n A flaw in the way Firefox called history.forward and history.back could\n allow an attacker to conceal a malicious URL, possibly tricking a user\n into believing they are viewing a trusted site. (CVE-2012-1955)\n \n A flaw in a parser utility class used by Firefox to parse feeds (such as\n RSS) could allow an attacker to execute arbitrary JavaScript with the\n privileges of the user running Firefox. This issue could have affected\n other browser components or add-ons that assume the class returns\n sanitized input. (CVE-2012-1957)\n \n A flaw in the way Firefox handled X-Frame-Options headers could allow a\n malicious website to perform a clickjacking attack. (CVE-2012-1961)\n \n A flaw in the way Content Security Policy (CSP) reports were generated by\n Firefox could allow a malicious web page to steal a victim's OAuth 2.0\n access tokens and OpenID credentials. (CVE-2012-1963)\n \n A flaw in the way Firefox handled certificate warnings could allow a\n man-in-the-middle attacker to create a crafted warning, possibly tricking\n a user into accepting an arbitrary certificate as trusted. (CVE-2012-1964)\n \n A flaw in the way Firefox handled feed:javascript URLs could allow output\n filtering to be bypassed, possibly leading to a cross-site scripting\n attack. (CVE-2012-1965)\n \n The nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6\n introduced a mitigation for the CVE-2011-3389 flaw. For compatibility\n reasons, it remains disabled by default in the nss packages. This update\n makes Firefox enable the mitigation by default. It can be disabled by\n setting the NSS_SSL_CBC_RANDOM_IV environment variable to 0 before\n launching Firefox. ( ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"firefox on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-July/018747.html\");\n script_id(881201);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:41:42 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-1948\", \"CVE-2012-1950\", \"CVE-2012-1951\", \"CVE-2012-1952\",\n \"CVE-2012-1953\", \"CVE-2012-1954\", \"CVE-2012-1955\", \"CVE-2012-1957\",\n \"CVE-2012-1958\", \"CVE-2012-1959\", \"CVE-2012-1961\", \"CVE-2012-1962\",\n \"CVE-2012-1963\", \"CVE-2012-1964\", \"CVE-2012-1965\", \"CVE-2012-1966\",\n \"CVE-2012-1967\", \"CVE-2011-3389\", \"CVE-2012-1949\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:1088\");\n script_name(\"CentOS Update for firefox CESA-2012:1088 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.6~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.6~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.6~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:58:07", "bulletinFamily": "scanner", "description": "Check for the Version of thunderbird", "modified": "2017-12-28T00:00:00", "published": "2012-07-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870790", "id": "OPENVAS:870790", "title": "RedHat Update for thunderbird RHSA-2012:1089-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2012:1089-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n Several flaws were found in the processing of malformed content. Malicious\n content could cause Thunderbird to crash or, potentially, execute arbitrary\n code with the privileges of the user running Thunderbird. (CVE-2012-1948,\n CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1958,\n CVE-2012-1962, CVE-2012-1967)\n\n Malicious content could bypass same-compartment security wrappers (SCSW)\n and execute arbitrary code with chrome privileges. (CVE-2012-1959)\n\n A flaw in the way Thunderbird called history.forward and history.back could\n allow an attacker to conceal a malicious URL, possibly tricking a user\n into believing they are viewing trusted content. (CVE-2012-1955)\n\n A flaw in the way Thunderbird handled X-Frame-Options headers could allow\n malicious content to perform a clickjacking attack. (CVE-2012-1961)\n\n A flaw in the way Content Security Policy (CSP) reports were generated by\n Thunderbird could allow malicious content to steal a victim's OAuth 2.0\n access tokens and OpenID credentials. (CVE-2012-1963)\n\n A flaw in the way Thunderbird handled certificate warnings could allow a\n man-in-the-middle attacker to create a crafted warning, possibly tricking\n a user into accepting an arbitrary certificate as trusted. (CVE-2012-1964)\n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"thunderbird on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-July/msg00016.html\");\n script_id(870790);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-19 10:28:00 +0530 (Thu, 19 Jul 2012)\");\n script_cve_id(\"CVE-2012-1948\", \"CVE-2012-1951\", \"CVE-2012-1952\", \"CVE-2012-1953\",\n \"CVE-2012-1954\", \"CVE-2012-1955\", \"CVE-2012-1957\", \"CVE-2012-1958\",\n \"CVE-2012-1959\", \"CVE-2012-1961\", \"CVE-2012-1962\", \"CVE-2012-1963\",\n \"CVE-2012-1964\", \"CVE-2012-1967\", \"CVE-2011-3389\", \"CVE-2012-1949\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:1089-01\");\n script_name(\"RedHat Update for thunderbird RHSA-2012:1089-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.6~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~10.0.6~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:57:04", "bulletinFamily": "scanner", "description": "Check for the Version of firefox", "modified": "2018-01-01T00:00:00", "published": "2012-07-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881187", "id": "OPENVAS:881187", "title": "CentOS Update for firefox CESA-2012:1088 centos5 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2012:1088 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n A web page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2012-1948, CVE-2012-1951, CVE-2012-1952, CVE-2012-1953,\n CVE-2012-1954, CVE-2012-1958, CVE-2012-1962, CVE-2012-1967)\n \n A malicious web page could bypass same-compartment security wrappers (SCSW)\n and execute arbitrary code with chrome privileges. (CVE-2012-1959)\n \n A flaw in the context menu functionality in Firefox could allow a malicious\n website to bypass intended restrictions and allow a cross-site scripting\n attack. (CVE-2012-1966)\n \n A page different to that in the address bar could be displayed when\n dragging and dropping to the address bar, possibly making it easier for a\n malicious site or user to perform a phishing attack. (CVE-2012-1950)\n \n A flaw in the way Firefox called history.forward and history.back could\n allow an attacker to conceal a malicious URL, possibly tricking a user\n into believing they are viewing a trusted site. (CVE-2012-1955)\n \n A flaw in a parser utility class used by Firefox to parse feeds (such as\n RSS) could allow an attacker to execute arbitrary JavaScript with the\n privileges of the user running Firefox. This issue could have affected\n other browser components or add-ons that assume the class returns\n sanitized input. (CVE-2012-1957)\n \n A flaw in the way Firefox handled X-Frame-Options headers could allow a\n malicious website to perform a clickjacking attack. (CVE-2012-1961)\n \n A flaw in the way Content Security Policy (CSP) reports were generated by\n Firefox could allow a malicious web page to steal a victim's OAuth 2.0\n access tokens and OpenID credentials. (CVE-2012-1963)\n \n A flaw in the way Firefox handled certificate warnings could allow a\n man-in-the-middle attacker to create a crafted warning, possibly tricking\n a user into accepting an arbitrary certificate as trusted. (CVE-2012-1964)\n \n A flaw in the way Firefox handled feed:javascript URLs could allow output\n filtering to be bypassed, possibly leading to a cross-site scripting\n attack. (CVE-2012-1965)\n \n The nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6\n introduced a mitigation for the CVE-2011-3389 flaw. For compatibility\n reasons, it remains disabled by default in the nss packages. This update\n makes Firefox enable the mitigation by default. It can be disabled by\n setting the NSS_SSL_CBC_RANDOM_IV environment variable to 0 before\n launching Firefox. ( ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"firefox on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-July/018744.html\");\n script_id(881187);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:37:11 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-1948\", \"CVE-2012-1950\", \"CVE-2012-1951\", \"CVE-2012-1952\",\n \"CVE-2012-1953\", \"CVE-2012-1954\", \"CVE-2012-1955\", \"CVE-2012-1957\",\n \"CVE-2012-1958\", \"CVE-2012-1959\", \"CVE-2012-1961\", \"CVE-2012-1962\",\n \"CVE-2012-1963\", \"CVE-2012-1964\", \"CVE-2012-1965\", \"CVE-2012-1966\",\n \"CVE-2012-1967\", \"CVE-2011-3389\", \"CVE-2012-1949\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:1088\");\n script_name(\"CentOS Update for firefox CESA-2012:1088 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.6~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.6~2.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.6~2.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T19:41:23", "bulletinFamily": "unix", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nA web page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2012-1948, CVE-2012-1951, CVE-2012-1952, CVE-2012-1953,\nCVE-2012-1954, CVE-2012-1958, CVE-2012-1962, CVE-2012-1967)\n\nA malicious web page could bypass same-compartment security wrappers (SCSW)\nand execute arbitrary code with chrome privileges. (CVE-2012-1959)\n\nA flaw in the context menu functionality in Firefox could allow a malicious\nwebsite to bypass intended restrictions and allow a cross-site scripting\nattack. (CVE-2012-1966)\n\nA page different to that in the address bar could be displayed when\ndragging and dropping to the address bar, possibly making it easier for a\nmalicious site or user to perform a phishing attack. (CVE-2012-1950)\n\nA flaw in the way Firefox called history.forward and history.back could\nallow an attacker to conceal a malicious URL, possibly tricking a user\ninto believing they are viewing a trusted site. (CVE-2012-1955)\n\nA flaw in a parser utility class used by Firefox to parse feeds (such as\nRSS) could allow an attacker to execute arbitrary JavaScript with the\nprivileges of the user running Firefox. This issue could have affected\nother browser components or add-ons that assume the class returns\nsanitized input. (CVE-2012-1957)\n\nA flaw in the way Firefox handled X-Frame-Options headers could allow a\nmalicious website to perform a clickjacking attack. (CVE-2012-1961)\n\nA flaw in the way Content Security Policy (CSP) reports were generated by\nFirefox could allow a malicious web page to steal a victim's OAuth 2.0\naccess tokens and OpenID credentials. (CVE-2012-1963)\n\nA flaw in the way Firefox handled certificate warnings could allow a\nman-in-the-middle attacker to create a crafted warning, possibly tricking\na user into accepting an arbitrary certificate as trusted. (CVE-2012-1964)\n\nA flaw in the way Firefox handled feed:javascript URLs could allow output\nfiltering to be bypassed, possibly leading to a cross-site scripting\nattack. (CVE-2012-1965)\n\nThe nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6\nintroduced a mitigation for the CVE-2011-3389 flaw. For compatibility\nreasons, it remains disabled by default in the nss packages. This update\nmakes Firefox enable the mitigation by default. It can be disabled by\nsetting the NSS_SSL_CBC_RANDOM_IV environment variable to 0 before\nlaunching Firefox. (BZ#838879)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 10.0.6 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Benoit Jacob, Jesse Ruderman, Christian Holler, Bill\nMcCloskey, Abhishek Arya, Arthur Gerkis, Bill Keese, moz_bug_r_a4, Bobby\nHolley, Code Audit Labs, Mariusz Mlynski, Mario Heiderich, Frederic Buclin,\nKarthikeyan Bhargavan, Matt McCutchen, Mario Gomes, and Soroush Dalili as\nthe original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 10.0.6 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n", "modified": "2018-06-06T20:24:34", "published": "2012-07-17T04:00:00", "id": "RHSA-2012:1088", "href": "https://access.redhat.com/errata/RHSA-2012:1088", "type": "redhat", "title": "(RHSA-2012:1088) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:17:24", "bulletinFamily": "scanner", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-1948, CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1958, CVE-2012-1962, CVE-2012-1967)\n\nMalicious content could bypass same-compartment security wrappers (SCSW) and execute arbitrary code with chrome privileges.\n(CVE-2012-1959)\n\nA flaw in the way Thunderbird called history.forward and history.back could allow an attacker to conceal a malicious URL, possibly tricking a user into believing they are viewing trusted content.\n(CVE-2012-1955)\n\nA flaw in a parser utility class used by Thunderbird to parse feeds (such as RSS) could allow an attacker to execute arbitrary JavaScript with the privileges of the user running Thunderbird. This issue could have affected other Thunderbird components or add-ons that assume the class returns sanitized input. (CVE-2012-1957)\n\nA flaw in the way Thunderbird handled X-Frame-Options headers could allow malicious content to perform a clickjacking attack.\n(CVE-2012-1961)\n\nA flaw in the way Content Security Policy (CSP) reports were generated by Thunderbird could allow malicious content to steal a victim's OAuth 2.0 access tokens and OpenID credentials. (CVE-2012-1963)\n\nA flaw in the way Thunderbird handled certificate warnings could allow a man-in-the-middle attacker to create a crafted warning, possibly tricking a user into accepting an arbitrary certificate as trusted.\n(CVE-2012-1964)\n\nA previous nss update introduced a mitigation for the CVE-2011-3389 flaw. For compatibility reasons, it remains disabled by default in the nss packages. This update makes Thunderbird enable the mitigation by default. It can be disabled by setting the NSS_SSL_CBC_RANDOM_IV environment variable to 0 before launching Thunderbird.\n\nNote: None of the issues in this advisory can be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.6 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes to take effect.", "modified": "2018-12-31T00:00:00", "id": "SL_20120717_THUNDERBIRD_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61367", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61367);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/12/31 11:35:01\");\n\n script_cve_id(\"CVE-2012-1948\", \"CVE-2012-1951\", \"CVE-2012-1955\", \"CVE-2012-1957\", \"CVE-2012-1958\", \"CVE-2012-1959\", \"CVE-2012-1961\", \"CVE-2012-1962\", \"CVE-2012-1963\", \"CVE-2012-1964\", \"CVE-2012-1967\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2012-1948, CVE-2012-1951, CVE-2012-1952,\nCVE-2012-1953, CVE-2012-1954, CVE-2012-1958, CVE-2012-1962,\nCVE-2012-1967)\n\nMalicious content could bypass same-compartment security wrappers\n(SCSW) and execute arbitrary code with chrome privileges.\n(CVE-2012-1959)\n\nA flaw in the way Thunderbird called history.forward and history.back\ncould allow an attacker to conceal a malicious URL, possibly tricking\na user into believing they are viewing trusted content.\n(CVE-2012-1955)\n\nA flaw in a parser utility class used by Thunderbird to parse feeds\n(such as RSS) could allow an attacker to execute arbitrary JavaScript\nwith the privileges of the user running Thunderbird. This issue could\nhave affected other Thunderbird components or add-ons that assume the\nclass returns sanitized input. (CVE-2012-1957)\n\nA flaw in the way Thunderbird handled X-Frame-Options headers could\nallow malicious content to perform a clickjacking attack.\n(CVE-2012-1961)\n\nA flaw in the way Content Security Policy (CSP) reports were generated\nby Thunderbird could allow malicious content to steal a victim's OAuth\n2.0 access tokens and OpenID credentials. (CVE-2012-1963)\n\nA flaw in the way Thunderbird handled certificate warnings could allow\na man-in-the-middle attacker to create a crafted warning, possibly\ntricking a user into accepting an arbitrary certificate as trusted.\n(CVE-2012-1964)\n\nA previous nss update introduced a mitigation for the CVE-2011-3389\nflaw. For compatibility reasons, it remains disabled by default in the\nnss packages. This update makes Thunderbird enable the mitigation by\ndefault. It can be disabled by setting the NSS_SSL_CBC_RANDOM_IV\nenvironment variable to 0 before launching Thunderbird.\n\nNote: None of the issues in this advisory can be exploited by a\nspecially crafted HTML mail message as JavaScript is disabled by\ndefault for mail messages. They could be exploited another way in\nThunderbird, for example, when viewing the full remote content of an\nRSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 10.0.6 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1207&L=scientific-linux-errata&T=0&P=5041\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0d45e8a9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-10.0.6-1.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-debuginfo-10.0.6-1.el5_8\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-10.0.6-1.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-debuginfo-10.0.6-1.el6_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:16:58", "bulletinFamily": "scanner", "description": "The installed version of Thunderbird 10.0.x is potentially affected by the following security issues :\n\n - Several memory safety issues exist, some of which could potentially allow arbitrary code execution.\n (CVE-2012-1948)\n\n - Several memory safety issues exist related to the Gecko layout engine. (CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954)\n\n - An error related to JavaScript functions 'history.forward' and 'history.back' can allow incorrect URLs to be displayed. (CVE-2012-1955)\n\n - Cross-site scripting attacks are possible due to an error related to the '<embed>' tag within an RSS '<description>' element. (CVE-2012-1957)\n\n - A use-after-free error exists related to the method 'nsGlobalWindow::PageHidden'. (CVE-2012-1958)\n\n - An error exists that can allow 'same-compartment security wrappers' (SCSW) to be bypassed.\n (CVE-2012-1959)\n\n - The 'X-Frames-Options' header is ignored if it is duplicated. (CVE-2012-1961)\n\n - A memory corruption error exists related to the method 'JSDependentString::undepend'. (CVE-2012-1962)\n\n - An error related to the 'Content Security Policy' (CSP) implementation can allow the disclosure of OAuth 2.0 access tokens and OpenID credentials. (CVE-2012-1963)\n\n - An error exists related to the certificate warning page that can allow 'clickjacking' thereby tricking a user into accepting unintended certificates. (CVE-2012-1964)\n\n - An error exists related to the 'javascript:' URL that can allow scripts to run at elevated privileges outside the sandbox. (CVE-2012-1967)", "modified": "2018-07-14T00:00:00", "id": "MACOSX_THUNDERBIRD_10_0_6.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60040", "published": "2012-07-19T00:00:00", "title": "Thunderbird 10.0.x < 10.0.6 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60040);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2012-1948\",\n \"CVE-2012-1951\",\n \"CVE-2012-1952\",\n \"CVE-2012-1953\",\n \"CVE-2012-1954\",\n \"CVE-2012-1955\",\n \"CVE-2012-1957\",\n \"CVE-2012-1958\",\n \"CVE-2012-1959\",\n \"CVE-2012-1961\",\n \"CVE-2012-1962\",\n \"CVE-2012-1963\",\n \"CVE-2012-1964\",\n \"CVE-2012-1967\"\n );\n script_bugtraq_id(\n 54573,\n 54574,\n 54575,\n 54576,\n 54578,\n 54581,\n 54582,\n 54583,\n 54584,\n 54586\n );\n\n script_name(english:\"Thunderbird 10.0.x < 10.0.6 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Mac OS X host contains a mail client that is potentially\naffected by several vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The installed version of Thunderbird 10.0.x is potentially affected \nby the following security issues :\n\n - Several memory safety issues exist, some of which could\n potentially allow arbitrary code execution.\n (CVE-2012-1948)\n\n - Several memory safety issues exist related to the Gecko\n layout engine. (CVE-2012-1951, CVE-2012-1952,\n CVE-2012-1953, CVE-2012-1954)\n\n - An error related to JavaScript functions\n 'history.forward' and 'history.back' can allow\n incorrect URLs to be displayed. (CVE-2012-1955)\n\n - Cross-site scripting attacks are possible due to an\n error related to the '<embed>' tag within an RSS\n '<description>' element. (CVE-2012-1957)\n\n - A use-after-free error exists related to the method\n 'nsGlobalWindow::PageHidden'. (CVE-2012-1958)\n\n - An error exists that can allow 'same-compartment\n security wrappers' (SCSW) to be bypassed.\n (CVE-2012-1959)\n\n - The 'X-Frames-Options' header is ignored if it is\n duplicated. (CVE-2012-1961)\n\n - A memory corruption error exists related to the method\n 'JSDependentString::undepend'. (CVE-2012-1962)\n\n - An error related to the 'Content Security Policy' (CSP)\n implementation can allow the disclosure of OAuth 2.0\n access tokens and OpenID credentials. (CVE-2012-1963)\n\n - An error exists related to the certificate warning page\n that can allow 'clickjacking' thereby tricking a user\n into accepting unintended certificates. (CVE-2012-1964)\n\n - An error exists related to the 'javascript:' URL that\n can allow scripts to run at elevated privileges outside\n the sandbox. (CVE-2012-1967)\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-42/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-44/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-45/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-47/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-48/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-49/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-51/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-52/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-53/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-54/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-56/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Thunderbird 10.0.6 ESR or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_thunderbird_installed.nasl\");\n script_require_keys(\"MacOSX/Thunderbird/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nkb_base = \"MacOSX/Thunderbird\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nmozilla_check_version(product:'thunderbird', version:version, path:path, fix:'10.0.6', min:'10.0', severity:SECURITY_HOLE, xss:TRUE);", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:16:57", "bulletinFamily": "scanner", "description": "An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-1948, CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1958, CVE-2012-1962, CVE-2012-1967)\n\nMalicious content could bypass same-compartment security wrappers (SCSW) and execute arbitrary code with chrome privileges.\n(CVE-2012-1959)\n\nA flaw in the way Thunderbird called history.forward and history.back could allow an attacker to conceal a malicious URL, possibly tricking a user into believing they are viewing trusted content.\n(CVE-2012-1955)\n\nA flaw in a parser utility class used by Thunderbird to parse feeds (such as RSS) could allow an attacker to execute arbitrary JavaScript with the privileges of the user running Thunderbird. This issue could have affected other Thunderbird components or add-ons that assume the class returns sanitized input. (CVE-2012-1957)\n\nA flaw in the way Thunderbird handled X-Frame-Options headers could allow malicious content to perform a clickjacking attack.\n(CVE-2012-1961)\n\nA flaw in the way Content Security Policy (CSP) reports were generated by Thunderbird could allow malicious content to steal a victim's OAuth 2.0 access tokens and OpenID credentials. (CVE-2012-1963)\n\nA flaw in the way Thunderbird handled certificate warnings could allow a man-in-the-middle attacker to create a crafted warning, possibly tricking a user into accepting an arbitrary certificate as trusted.\n(CVE-2012-1964)\n\nThe nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6 introduced a mitigation for the CVE-2011-3389 flaw. For compatibility reasons, it remains disabled by default in the nss packages. This update makes Thunderbird enable the mitigation by default. It can be disabled by setting the NSS_SSL_CBC_RANDOM_IV environment variable to 0 before launching Thunderbird. (BZ#838879)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Abhishek Arya, Arthur Gerkis, Bill Keese, moz_bug_r_a4, Bobby Holley, Mariusz Mlynski, Mario Heiderich, Frederic Buclin, Karthikeyan Bhargavan, and Matt McCutchen as the original reporters of these issues.\n\nNote: None of the issues in this advisory can be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.6 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes to take effect.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2012-1089.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59999", "published": "2012-07-18T00:00:00", "title": "CentOS 5 / 6 : thunderbird (CESA-2012:1089)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1089 and \n# CentOS Errata and Security Advisory 2012:1089 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59999);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:30\");\n\n script_cve_id(\"CVE-2012-1948\", \"CVE-2012-1951\", \"CVE-2012-1952\", \"CVE-2012-1953\", \"CVE-2012-1954\", \"CVE-2012-1955\", \"CVE-2012-1957\", \"CVE-2012-1958\", \"CVE-2012-1959\", \"CVE-2012-1961\", \"CVE-2012-1962\", \"CVE-2012-1963\", \"CVE-2012-1964\", \"CVE-2012-1967\");\n script_xref(name:\"RHSA\", value:\"2012:1089\");\n\n script_name(english:\"CentOS 5 / 6 : thunderbird (CESA-2012:1089)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2012-1948, CVE-2012-1951, CVE-2012-1952,\nCVE-2012-1953, CVE-2012-1954, CVE-2012-1958, CVE-2012-1962,\nCVE-2012-1967)\n\nMalicious content could bypass same-compartment security wrappers\n(SCSW) and execute arbitrary code with chrome privileges.\n(CVE-2012-1959)\n\nA flaw in the way Thunderbird called history.forward and history.back\ncould allow an attacker to conceal a malicious URL, possibly tricking\na user into believing they are viewing trusted content.\n(CVE-2012-1955)\n\nA flaw in a parser utility class used by Thunderbird to parse feeds\n(such as RSS) could allow an attacker to execute arbitrary JavaScript\nwith the privileges of the user running Thunderbird. This issue could\nhave affected other Thunderbird components or add-ons that assume the\nclass returns sanitized input. (CVE-2012-1957)\n\nA flaw in the way Thunderbird handled X-Frame-Options headers could\nallow malicious content to perform a clickjacking attack.\n(CVE-2012-1961)\n\nA flaw in the way Content Security Policy (CSP) reports were generated\nby Thunderbird could allow malicious content to steal a victim's OAuth\n2.0 access tokens and OpenID credentials. (CVE-2012-1963)\n\nA flaw in the way Thunderbird handled certificate warnings could allow\na man-in-the-middle attacker to create a crafted warning, possibly\ntricking a user into accepting an arbitrary certificate as trusted.\n(CVE-2012-1964)\n\nThe nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6\nintroduced a mitigation for the CVE-2011-3389 flaw. For compatibility\nreasons, it remains disabled by default in the nss packages. This\nupdate makes Thunderbird enable the mitigation by default. It can be\ndisabled by setting the NSS_SSL_CBC_RANDOM_IV environment variable to\n0 before launching Thunderbird. (BZ#838879)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Benoit Jacob, Jesse Ruderman, Christian\nHoller, Bill McCloskey, Abhishek Arya, Arthur Gerkis, Bill Keese,\nmoz_bug_r_a4, Bobby Holley, Mariusz Mlynski, Mario Heiderich, Frederic\nBuclin, Karthikeyan Bhargavan, and Matt McCutchen as the original\nreporters of these issues.\n\nNote: None of the issues in this advisory can be exploited by a\nspecially crafted HTML mail message as JavaScript is disabled by\ndefault for mail messages. They could be exploited another way in\nThunderbird, for example, when viewing the full remote content of an\nRSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 10.0.6 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-July/018745.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?63b8dece\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-July/018748.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6ac2b36a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-10.0.6-1.el5.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-10.0.6-1.el6.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:37", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2012:1088 :\n\nUpdated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.\n\nA web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-1948, CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1958, CVE-2012-1962, CVE-2012-1967)\n\nA malicious web page could bypass same-compartment security wrappers (SCSW) and execute arbitrary code with chrome privileges.\n(CVE-2012-1959)\n\nA flaw in the context menu functionality in Firefox could allow a malicious website to bypass intended restrictions and allow a cross-site scripting attack. (CVE-2012-1966)\n\nA page different to that in the address bar could be displayed when dragging and dropping to the address bar, possibly making it easier for a malicious site or user to perform a phishing attack.\n(CVE-2012-1950)\n\nA flaw in the way Firefox called history.forward and history.back could allow an attacker to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. (CVE-2012-1955)\n\nA flaw in a parser utility class used by Firefox to parse feeds (such as RSS) could allow an attacker to execute arbitrary JavaScript with the privileges of the user running Firefox. This issue could have affected other browser components or add-ons that assume the class returns sanitized input. (CVE-2012-1957)\n\nA flaw in the way Firefox handled X-Frame-Options headers could allow a malicious website to perform a clickjacking attack. (CVE-2012-1961)\n\nA flaw in the way Content Security Policy (CSP) reports were generated by Firefox could allow a malicious web page to steal a victim's OAuth 2.0 access tokens and OpenID credentials. (CVE-2012-1963)\n\nA flaw in the way Firefox handled certificate warnings could allow a man-in-the-middle attacker to create a crafted warning, possibly tricking a user into accepting an arbitrary certificate as trusted.\n(CVE-2012-1964)\n\nA flaw in the way Firefox handled feed:javascript URLs could allow output filtering to be bypassed, possibly leading to a cross-site scripting attack. (CVE-2012-1965)\n\nThe nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6 introduced a mitigation for the CVE-2011-3389 flaw. For compatibility reasons, it remains disabled by default in the nss packages. This update makes Firefox enable the mitigation by default. It can be disabled by setting the NSS_SSL_CBC_RANDOM_IV environment variable to 0 before launching Firefox. (BZ#838879)\n\nFor technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.6 ESR. You can find a link to the Mozilla advisories in the References section of this erratum.\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Abhishek Arya, Arthur Gerkis, Bill Keese, moz_bug_r_a4, Bobby Holley, Code Audit Labs, Mariusz Mlynski, Mario Heiderich, Frederic Buclin, Karthikeyan Bhargavan, Matt McCutchen, Mario Gomes, and Soroush Dalili as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.6 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2012-1088.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68578", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 / 6 : firefox (ELSA-2012-1088)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:1088 and \n# Oracle Linux Security Advisory ELSA-2012-1088 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68578);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2012-1948\", \"CVE-2012-1950\", \"CVE-2012-1951\", \"CVE-2012-1952\", \"CVE-2012-1953\", \"CVE-2012-1954\", \"CVE-2012-1955\", \"CVE-2012-1957\", \"CVE-2012-1958\", \"CVE-2012-1959\", \"CVE-2012-1961\", \"CVE-2012-1962\", \"CVE-2012-1963\", \"CVE-2012-1964\", \"CVE-2012-1965\", \"CVE-2012-1966\", \"CVE-2012-1967\");\n script_xref(name:\"RHSA\", value:\"2012:1088\");\n\n script_name(english:\"Oracle Linux 5 / 6 : firefox (ELSA-2012-1088)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:1088 :\n\nUpdated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nA web page containing malicious content could cause Firefox to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Firefox. (CVE-2012-1948, CVE-2012-1951, CVE-2012-1952,\nCVE-2012-1953, CVE-2012-1954, CVE-2012-1958, CVE-2012-1962,\nCVE-2012-1967)\n\nA malicious web page could bypass same-compartment security wrappers\n(SCSW) and execute arbitrary code with chrome privileges.\n(CVE-2012-1959)\n\nA flaw in the context menu functionality in Firefox could allow a\nmalicious website to bypass intended restrictions and allow a\ncross-site scripting attack. (CVE-2012-1966)\n\nA page different to that in the address bar could be displayed when\ndragging and dropping to the address bar, possibly making it easier\nfor a malicious site or user to perform a phishing attack.\n(CVE-2012-1950)\n\nA flaw in the way Firefox called history.forward and history.back\ncould allow an attacker to conceal a malicious URL, possibly tricking\na user into believing they are viewing a trusted site. (CVE-2012-1955)\n\nA flaw in a parser utility class used by Firefox to parse feeds (such\nas RSS) could allow an attacker to execute arbitrary JavaScript with\nthe privileges of the user running Firefox. This issue could have\naffected other browser components or add-ons that assume the class\nreturns sanitized input. (CVE-2012-1957)\n\nA flaw in the way Firefox handled X-Frame-Options headers could allow\na malicious website to perform a clickjacking attack. (CVE-2012-1961)\n\nA flaw in the way Content Security Policy (CSP) reports were generated\nby Firefox could allow a malicious web page to steal a victim's OAuth\n2.0 access tokens and OpenID credentials. (CVE-2012-1963)\n\nA flaw in the way Firefox handled certificate warnings could allow a\nman-in-the-middle attacker to create a crafted warning, possibly\ntricking a user into accepting an arbitrary certificate as trusted.\n(CVE-2012-1964)\n\nA flaw in the way Firefox handled feed:javascript URLs could allow\noutput filtering to be bypassed, possibly leading to a cross-site\nscripting attack. (CVE-2012-1965)\n\nThe nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6\nintroduced a mitigation for the CVE-2011-3389 flaw. For compatibility\nreasons, it remains disabled by default in the nss packages. This\nupdate makes Firefox enable the mitigation by default. It can be\ndisabled by setting the NSS_SSL_CBC_RANDOM_IV environment variable to\n0 before launching Firefox. (BZ#838879)\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 10.0.6 ESR. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Benoit Jacob, Jesse Ruderman, Christian\nHoller, Bill McCloskey, Abhishek Arya, Arthur Gerkis, Bill Keese,\nmoz_bug_r_a4, Bobby Holley, Code Audit Labs, Mariusz Mlynski, Mario\nHeiderich, Frederic Buclin, Karthikeyan Bhargavan, Matt McCutchen,\nMario Gomes, and Soroush Dalili as the original reporters of these\nissues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 10.0.6 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-July/002939.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-July/002944.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"firefox-10.0.6-1.0.1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-10.0.6-2.0.1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xulrunner-devel-10.0.6-2.0.1.el5_8\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"firefox-10.0.6-1.0.1.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xulrunner-10.0.6-1.0.1.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xulrunner-devel-10.0.6-1.0.1.el6_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / xulrunner / xulrunner-devel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:16:58", "bulletinFamily": "scanner", "description": "The installed version of Firefox 10.0.x is potentially affected by the following security issues :\n\n - Several memory safety issues exist, some of which could potentially allow arbitrary code execution.\n (CVE-2012-1948)\n\n - An error related to drag and drop can allow incorrect URLs to be displayed. (CVE-2012-1950)\n\n - Several memory safety issues exist related to the Gecko layout engine. (CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954)\n\n - An error related to JavaScript functions 'history.forward' and 'history.back' can allow incorrect URLs to be displayed. (CVE-2012-1955)\n\n - Cross-site scripting attacks are possible due to an error related to the '<embed>' tag within an RSS '<description>' element. (CVE-2012-1957)\n\n - A use-after-free error exists related to the method 'nsGlobalWindow::PageHidden'. (CVE-2012-1958)\n\n - An error exists that can allow 'same-compartment security wrappers' (SCSW) to be bypassed.\n (CVE-2012-1959) \n - The 'X-Frames-Options' header is ignored if it is duplicated. (CVE-2012-1961)\n\n - A memory corruption error exists related to the method 'JSDependentString::undepend'. (CVE-2012-1962)\n\n - An error related to the 'Content Security Policy' (CSP) implementation can allow the disclosure of OAuth 2.0 access tokens and OpenID credentials. (CVE-2012-1963)\n\n - An error exists related to the certificate warning page that can allow 'clickjacking' thereby tricking a user into accepting unintended certificates. (CVE-2012-1964)\n\n - An error exists related to the 'feed:' URL that can allow cross-site scripting attacks. (CVE-2012-1965)\n\n - Cross-site scripting attacks are possible due to an error related to the 'data:' URL and context menus.\n (CVE-2012-1966)\n\n - An error exists related to the 'javascript:' URL that can allow scripts to run at elevated privileges outside the sandbox. (CVE-2012-1967)", "modified": "2018-07-16T00:00:00", "id": "MOZILLA_FIREFOX_1006.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60042", "published": "2012-07-19T00:00:00", "title": "Firefox 10.0.x < 10.0.6 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60042);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\n \"CVE-2012-1948\",\n \"CVE-2012-1950\",\n \"CVE-2012-1951\",\n \"CVE-2012-1952\",\n \"CVE-2012-1953\",\n \"CVE-2012-1954\",\n \"CVE-2012-1955\",\n \"CVE-2012-1957\",\n \"CVE-2012-1958\",\n \"CVE-2012-1959\",\n \"CVE-2012-1961\",\n \"CVE-2012-1962\",\n \"CVE-2012-1963\",\n \"CVE-2012-1964\",\n \"CVE-2012-1965\",\n \"CVE-2012-1966\",\n \"CVE-2012-1967\"\n );\n script_bugtraq_id(\n 54573,\n 54574,\n 54575,\n 54576,\n 54577,\n 54578,\n 54579,\n 54581,\n 54582,\n 54583,\n 54584,\n 54585,\n 54586\n );\n\n script_name(english:\"Firefox 10.0.x < 10.0.6 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The installed version of Firefox 10.0.x is potentially\naffected by the following security issues :\n\n - Several memory safety issues exist, some of which could\n potentially allow arbitrary code execution.\n (CVE-2012-1948)\n\n - An error related to drag and drop can allow incorrect\n URLs to be displayed. (CVE-2012-1950)\n\n - Several memory safety issues exist related to the Gecko\n layout engine. (CVE-2012-1951, CVE-2012-1952,\n CVE-2012-1953, CVE-2012-1954)\n\n - An error related to JavaScript functions\n 'history.forward' and 'history.back' can allow\n incorrect URLs to be displayed. (CVE-2012-1955)\n\n - Cross-site scripting attacks are possible due to an\n error related to the '<embed>' tag within an RSS\n '<description>' element. (CVE-2012-1957)\n\n - A use-after-free error exists related to the method\n 'nsGlobalWindow::PageHidden'. (CVE-2012-1958)\n\n - An error exists that can allow 'same-compartment\n security wrappers' (SCSW) to be bypassed.\n (CVE-2012-1959)\n \n - The 'X-Frames-Options' header is ignored if it is\n duplicated. (CVE-2012-1961)\n\n - A memory corruption error exists related to the method\n 'JSDependentString::undepend'. (CVE-2012-1962)\n\n - An error related to the 'Content Security Policy' (CSP)\n implementation can allow the disclosure of OAuth 2.0\n access tokens and OpenID credentials. (CVE-2012-1963)\n\n - An error exists related to the certificate warning page\n that can allow 'clickjacking' thereby tricking a user\n into accepting unintended certificates. (CVE-2012-1964)\n\n - An error exists related to the 'feed:' URL that can\n allow cross-site scripting attacks. (CVE-2012-1965)\n\n - Cross-site scripting attacks are possible due to an\n error related to the 'data:' URL and context menus.\n (CVE-2012-1966)\n\n - An error exists related to the 'javascript:' URL that\n can allow scripts to run at elevated privileges outside\n the sandbox. (CVE-2012-1967)\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-42/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-43/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-44/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-45/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-46/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-47/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-48/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-49/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-51/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-52/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-53/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-54/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-55/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-56/\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox 10.0.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\"); \n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'10.0.6', min:'10.0', severity:SECURITY_HOLE, xss:TRUE);", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:37", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2012:1089 :\n\nAn updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-1948, CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1958, CVE-2012-1962, CVE-2012-1967)\n\nMalicious content could bypass same-compartment security wrappers (SCSW) and execute arbitrary code with chrome privileges.\n(CVE-2012-1959)\n\nA flaw in the way Thunderbird called history.forward and history.back could allow an attacker to conceal a malicious URL, possibly tricking a user into believing they are viewing trusted content.\n(CVE-2012-1955)\n\nA flaw in a parser utility class used by Thunderbird to parse feeds (such as RSS) could allow an attacker to execute arbitrary JavaScript with the privileges of the user running Thunderbird. This issue could have affected other Thunderbird components or add-ons that assume the class returns sanitized input. (CVE-2012-1957)\n\nA flaw in the way Thunderbird handled X-Frame-Options headers could allow malicious content to perform a clickjacking attack.\n(CVE-2012-1961)\n\nA flaw in the way Content Security Policy (CSP) reports were generated by Thunderbird could allow malicious content to steal a victim's OAuth 2.0 access tokens and OpenID credentials. (CVE-2012-1963)\n\nA flaw in the way Thunderbird handled certificate warnings could allow a man-in-the-middle attacker to create a crafted warning, possibly tricking a user into accepting an arbitrary certificate as trusted.\n(CVE-2012-1964)\n\nThe nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6 introduced a mitigation for the CVE-2011-3389 flaw. For compatibility reasons, it remains disabled by default in the nss packages. This update makes Thunderbird enable the mitigation by default. It can be disabled by setting the NSS_SSL_CBC_RANDOM_IV environment variable to 0 before launching Thunderbird. (BZ#838879)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Abhishek Arya, Arthur Gerkis, Bill Keese, moz_bug_r_a4, Bobby Holley, Mariusz Mlynski, Mario Heiderich, Frederic Buclin, Karthikeyan Bhargavan, and Matt McCutchen as the original reporters of these issues.\n\nNote: None of the issues in this advisory can be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.6 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes to take effect.", "modified": "2018-09-05T00:00:00", "id": "ORACLELINUX_ELSA-2012-1089.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68579", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : thunderbird (ELSA-2012-1089)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:1089 and \n# Oracle Linux Security Advisory ELSA-2012-1089 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68579);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/09/05 15:02:26\");\n\n script_cve_id(\"CVE-2012-1948\", \"CVE-2012-1951\", \"CVE-2012-1952\", \"CVE-2012-1953\", \"CVE-2012-1954\", \"CVE-2012-1955\", \"CVE-2012-1957\", \"CVE-2012-1958\", \"CVE-2012-1959\", \"CVE-2012-1961\", \"CVE-2012-1962\", \"CVE-2012-1963\", \"CVE-2012-1964\", \"CVE-2012-1967\");\n script_xref(name:\"RHSA\", value:\"2012:1089\");\n\n script_name(english:\"Oracle Linux 6 : thunderbird (ELSA-2012-1089)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:1089 :\n\nAn updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content.\nMalicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2012-1948, CVE-2012-1951, CVE-2012-1952,\nCVE-2012-1953, CVE-2012-1954, CVE-2012-1958, CVE-2012-1962,\nCVE-2012-1967)\n\nMalicious content could bypass same-compartment security wrappers\n(SCSW) and execute arbitrary code with chrome privileges.\n(CVE-2012-1959)\n\nA flaw in the way Thunderbird called history.forward and history.back\ncould allow an attacker to conceal a malicious URL, possibly tricking\na user into believing they are viewing trusted content.\n(CVE-2012-1955)\n\nA flaw in a parser utility class used by Thunderbird to parse feeds\n(such as RSS) could allow an attacker to execute arbitrary JavaScript\nwith the privileges of the user running Thunderbird. This issue could\nhave affected other Thunderbird components or add-ons that assume the\nclass returns sanitized input. (CVE-2012-1957)\n\nA flaw in the way Thunderbird handled X-Frame-Options headers could\nallow malicious content to perform a clickjacking attack.\n(CVE-2012-1961)\n\nA flaw in the way Content Security Policy (CSP) reports were generated\nby Thunderbird could allow malicious content to steal a victim's OAuth\n2.0 access tokens and OpenID credentials. (CVE-2012-1963)\n\nA flaw in the way Thunderbird handled certificate warnings could allow\na man-in-the-middle attacker to create a crafted warning, possibly\ntricking a user into accepting an arbitrary certificate as trusted.\n(CVE-2012-1964)\n\nThe nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6\nintroduced a mitigation for the CVE-2011-3389 flaw. For compatibility\nreasons, it remains disabled by default in the nss packages. This\nupdate makes Thunderbird enable the mitigation by default. It can be\ndisabled by setting the NSS_SSL_CBC_RANDOM_IV environment variable to\n0 before launching Thunderbird. (BZ#838879)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Benoit Jacob, Jesse Ruderman, Christian\nHoller, Bill McCloskey, Abhishek Arya, Arthur Gerkis, Bill Keese,\nmoz_bug_r_a4, Bobby Holley, Mariusz Mlynski, Mario Heiderich, Frederic\nBuclin, Karthikeyan Bhargavan, and Matt McCutchen as the original\nreporters of these issues.\n\nNote: None of the issues in this advisory can be exploited by a\nspecially crafted HTML mail message as JavaScript is disabled by\ndefault for mail messages. They could be exploited another way in\nThunderbird, for example, when viewing the full remote content of an\nRSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 10.0.6 ESR, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-July/002940.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"thunderbird-10.0.6-1.0.1.el6_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:17:33", "bulletinFamily": "scanner", "description": "Security issues were identified and fixed in mozilla firefox and thunderbird :\n\nMozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2012-1949, CVE-2012-1948).\n\nSecurity researcher Mario Gomes andresearch firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the addressbar by canceling the page load. This causes the address of the previously site entered to be displayed in the addressbar instead of the currently loaded page. This could lead to potential phishing attacks on users (CVE-2012-1950).\n\nGoogle security researcher Abhishek Arya used the Address Sanitizer tool to uncover four issues: two use-after-free problems, one out of bounds read bug, and a bad cast. The first use-after-free problem is caused when an array of nsSMILTimeValueSpec objects is destroyed but attempts are made to call into objects in this array later. The second use-after-free problem is in nsDocument::AdoptNode when it adopts into an empty document and then adopts into another document, emptying the first one. The heap buffer overflow is in ElementAnimations when data is read off of end of an array and then pointers are dereferenced. The bad cast happens when nsTableFrame::InsertFrames is called with frames in aFrameList that are a mix of row group frames and column group frames. AppendFrames is not able to handle this mix. All four of these issues are potentially exploitable (CVE-2012-1951, CVE-2012-1954, CVE-2012-1953, CVE-2012-1952).\n\nSecurity researcher Mariusz Mlynski reported an issue with spoofing of the location property. In this issue, calls to history.forward and history.back are used to navigate to a site while displaying the previous site in the addressbar but changing the baseURI to the newer site. This can be used for phishing by allowing the user input form or other data on the newer, attacking, site while appearing to be on the older, displayed site (CVE-2012-1955).\n\nMozilla security researcher moz_bug_r_a4 reported a cross-site scripting (XSS) attack through the context menu using a data: URL. In this issue, context menu functionality (View Image, Show only this frame, and View background image) are disallowed in a javascript: URL but allowed in a data: URL, allowing for XSS. This can lead to arbitrary code execution (CVE-2012-1966).\n\nSecurity researcher Mario Heiderich reported that JavaScript could be executed in the HTML feed-view using <embed> tag within the RSS <description>. This problem is due to <embed> tags not being filtered out during parsing and can lead to a potential cross-site scripting (XSS) attack. The flaw existed in a parser utility class and could affect other parts of the browser or add-ons which rely on that class to sanitize untrusted input (CVE-2012-1957).\n\nSecurity researcher Arthur Gerkis used the Address Sanitizer tool to find a use-after-free in nsGlobalWindow::PageHidden when mFocusedContent is released and oldFocusedContent is used afterwards.\nThis use-after-free could possibly allow for remote code execution (CVE-2012-1958).\n\nMozilla developer Bobby Holley found that same-compartment security wrappers (SCSW) can be bypassed by passing them to another compartment. Cross-compartment wrappers often do not go through SCSW, but have a filtering policy built into them. When an object is wrapped cross-compartment, the SCSW is stripped off and, when the object is read read back, it is not known that SCSW was previously present, resulting in a bypassing of SCSW. This could result in untrusted content having access to the XBL that implements browser functionality (CVE-2012-1959).\n\nGoogle developer Tony Payne reported an out of bounds (OOB) read in QCMS, Mozillas color management library. With a carefully crafted color profile portions of a user's memory could be incorporated into a transformed image and possibly deciphered (CVE-2012-1960).\n\nBugzilla developer Fredric Buclin reported that the X-Frame-Options header is ignored when the value is duplicated, for example X-Frame-Options: SAMEORIGIN, SAMEORIGIN. This duplication occurs for unknown reasons on some websites and when it occurs results in Mozilla browsers not being protected against possible clickjacking attacks on those pages (CVE-2012-1961).\n\nSecurity researcher Bill Keese reported a memory corruption. This is caused by JSDependentString::undepend changing a dependent string into a fixed string when there are additional dependent strings relying on the same base. When the undepend occurs during conversion, the base data is freed, leaving other dependent strings with dangling pointers.\nThis can lead to a potentially exploitable crash (CVE-2012-1962).\n\nSecurity researcher Karthikeyan Bhargavan of Prosecco at INRIA reported Content Security Policy (CSP) 1.0 implementation errors. CSP violation reports generated by Firefox and sent to the report-uri location include sensitive data within the blocked-uri parameter.\nThese include fragment components and query strings even if the blocked-uri parameter has a different origin than the protected resource. This can be used to retrieve a user's OAuth 2.0 access tokens and OpenID credentials by malicious sites (CVE-2012-1963).\n\nSecurity Researcher Matt McCutchen reported that a clickjacking attack using the certificate warning page. A man-in-the-middle (MITM) attacker can use an iframe to display its own certificate error warning page (about:certerror) with the Add Exception button of a real warning page from a malicious site. This can mislead users to adding a certificate exception for a different site than the perceived one.\nThis can lead to compromised communications with the user perceived site through the MITM attack once the certificate exception has been added (CVE-2012-1964).\n\nSecurity researchers Mario Gomes and Soroush Dalili reported that since Mozilla allows the pseudo-protocol feed: to prefix any valid URL, it is possible to construct feed:javascript: URLs that will execute scripts in some contexts. On some sites it may be possible to use this to evade output filtering that would otherwise strip javascript: URLs and thus contribute to cross-site scripting (XSS) problems on these sites (CVE-2012-1965).\n\nMozilla security researcher moz_bug_r_a4 reported a arbitrary code execution attack using a javascript: URL. The Gecko engine features a JavaScript sandbox utility that allows the browser or add-ons to safely execute script in the context of a web page. In certain cases, javascript: URLs are executed in such a sandbox with insufficient context that can allow those scripts to escape from the sandbox and run with elevated privilege. This can lead to arbitrary code execution (CVE-2012-1967).\n\nThe mozilla firefox and thunderbird packages has been upgraded to the latest respective versions which is unaffected by these security flaws.\n\nAdditionally the rootcerts packages has been upgraded to the latest version which brings updated root CA data.\n\nUpdate :\n\nLocalization packages for firefox was missing with the MDVSA-2012:110 advisory and is being provided with this advisory.", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2012-110.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61963", "published": "2012-09-06T00:00:00", "title": "Mandriva Linux Security Advisory : mozilla (MDVSA-2012:110-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:110. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61963);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\"CVE-2012-1948\", \"CVE-2012-1949\", \"CVE-2012-1950\", \"CVE-2012-1951\", \"CVE-2012-1952\", \"CVE-2012-1953\", \"CVE-2012-1954\", \"CVE-2012-1955\", \"CVE-2012-1957\", \"CVE-2012-1958\", \"CVE-2012-1959\", \"CVE-2012-1960\", \"CVE-2012-1961\", \"CVE-2012-1962\", \"CVE-2012-1963\", \"CVE-2012-1964\", \"CVE-2012-1965\", \"CVE-2012-1966\", \"CVE-2012-1967\");\n script_bugtraq_id(54572, 54573, 54574, 54575, 54577, 54578, 54579, 54580, 54581, 54582, 54583, 54584, 54585, 54586);\n script_xref(name:\"MDVSA\", value:\"2012:110-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : mozilla (MDVSA-2012:110-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security issues were identified and fixed in mozilla firefox and\nthunderbird :\n\nMozilla developers identified and fixed several memory safety bugs in\nthe browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of\nthese could be exploited to run arbitrary code (CVE-2012-1949,\nCVE-2012-1948).\n\nSecurity researcher Mario Gomes andresearch firm Code Audit Labs\nreported a mechanism to short-circuit page loads through drag and drop\nto the addressbar by canceling the page load. This causes the address\nof the previously site entered to be displayed in the addressbar\ninstead of the currently loaded page. This could lead to potential\nphishing attacks on users (CVE-2012-1950).\n\nGoogle security researcher Abhishek Arya used the Address Sanitizer\ntool to uncover four issues: two use-after-free problems, one out of\nbounds read bug, and a bad cast. The first use-after-free problem is\ncaused when an array of nsSMILTimeValueSpec objects is destroyed but\nattempts are made to call into objects in this array later. The second\nuse-after-free problem is in nsDocument::AdoptNode when it adopts into\nan empty document and then adopts into another document, emptying the\nfirst one. The heap buffer overflow is in ElementAnimations when data\nis read off of end of an array and then pointers are dereferenced. The\nbad cast happens when nsTableFrame::InsertFrames is called with frames\nin aFrameList that are a mix of row group frames and column group\nframes. AppendFrames is not able to handle this mix. All four of these\nissues are potentially exploitable (CVE-2012-1951, CVE-2012-1954,\nCVE-2012-1953, CVE-2012-1952).\n\nSecurity researcher Mariusz Mlynski reported an issue with spoofing of\nthe location property. In this issue, calls to history.forward and\nhistory.back are used to navigate to a site while displaying the\nprevious site in the addressbar but changing the baseURI to the newer\nsite. This can be used for phishing by allowing the user input form or\nother data on the newer, attacking, site while appearing to be on the\nolder, displayed site (CVE-2012-1955).\n\nMozilla security researcher moz_bug_r_a4 reported a cross-site\nscripting (XSS) attack through the context menu using a data: URL. In\nthis issue, context menu functionality (View Image, Show only this\nframe, and View background image) are disallowed in a javascript: URL\nbut allowed in a data: URL, allowing for XSS. This can lead to\narbitrary code execution (CVE-2012-1966).\n\nSecurity researcher Mario Heiderich reported that JavaScript could be\nexecuted in the HTML feed-view using <embed> tag within the RSS\n<description>. This problem is due to <embed> tags not being filtered\nout during parsing and can lead to a potential cross-site scripting\n(XSS) attack. The flaw existed in a parser utility class and could\naffect other parts of the browser or add-ons which rely on that class\nto sanitize untrusted input (CVE-2012-1957).\n\nSecurity researcher Arthur Gerkis used the Address Sanitizer tool to\nfind a use-after-free in nsGlobalWindow::PageHidden when\nmFocusedContent is released and oldFocusedContent is used afterwards.\nThis use-after-free could possibly allow for remote code execution\n(CVE-2012-1958).\n\nMozilla developer Bobby Holley found that same-compartment security\nwrappers (SCSW) can be bypassed by passing them to another\ncompartment. Cross-compartment wrappers often do not go through SCSW,\nbut have a filtering policy built into them. When an object is wrapped\ncross-compartment, the SCSW is stripped off and, when the object is\nread read back, it is not known that SCSW was previously present,\nresulting in a bypassing of SCSW. This could result in untrusted\ncontent having access to the XBL that implements browser functionality\n(CVE-2012-1959).\n\nGoogle developer Tony Payne reported an out of bounds (OOB) read in\nQCMS, Mozillas color management library. With a carefully crafted\ncolor profile portions of a user's memory could be incorporated into a\ntransformed image and possibly deciphered (CVE-2012-1960).\n\nBugzilla developer Fredric Buclin reported that the X-Frame-Options\nheader is ignored when the value is duplicated, for example\nX-Frame-Options: SAMEORIGIN, SAMEORIGIN. This duplication occurs for\nunknown reasons on some websites and when it occurs results in Mozilla\nbrowsers not being protected against possible clickjacking attacks on\nthose pages (CVE-2012-1961).\n\nSecurity researcher Bill Keese reported a memory corruption. This is\ncaused by JSDependentString::undepend changing a dependent string into\na fixed string when there are additional dependent strings relying on\nthe same base. When the undepend occurs during conversion, the base\ndata is freed, leaving other dependent strings with dangling pointers.\nThis can lead to a potentially exploitable crash (CVE-2012-1962).\n\nSecurity researcher Karthikeyan Bhargavan of Prosecco at INRIA\nreported Content Security Policy (CSP) 1.0 implementation errors. CSP\nviolation reports generated by Firefox and sent to the report-uri\nlocation include sensitive data within the blocked-uri parameter.\nThese include fragment components and query strings even if the\nblocked-uri parameter has a different origin than the protected\nresource. This can be used to retrieve a user's OAuth 2.0 access\ntokens and OpenID credentials by malicious sites (CVE-2012-1963).\n\nSecurity Researcher Matt McCutchen reported that a clickjacking attack\nusing the certificate warning page. A man-in-the-middle (MITM)\nattacker can use an iframe to display its own certificate error\nwarning page (about:certerror) with the Add Exception button of a real\nwarning page from a malicious site. This can mislead users to adding a\ncertificate exception for a different site than the perceived one.\nThis can lead to compromised communications with the user perceived\nsite through the MITM attack once the certificate exception has been\nadded (CVE-2012-1964).\n\nSecurity researchers Mario Gomes and Soroush Dalili reported that\nsince Mozilla allows the pseudo-protocol feed: to prefix any valid\nURL, it is possible to construct feed:javascript: URLs that will\nexecute scripts in some contexts. On some sites it may be possible to\nuse this to evade output filtering that would otherwise strip\njavascript: URLs and thus contribute to cross-site scripting (XSS)\nproblems on these sites (CVE-2012-1965).\n\nMozilla security researcher moz_bug_r_a4 reported a arbitrary code\nexecution attack using a javascript: URL. The Gecko engine features a\nJavaScript sandbox utility that allows the browser or add-ons to\nsafely execute script in the context of a web page. In certain cases,\njavascript: URLs are executed in such a sandbox with insufficient\ncontext that can allow those scripts to escape from the sandbox and\nrun with elevated privilege. This can lead to arbitrary code execution\n(CVE-2012-1967).\n\nThe mozilla firefox and thunderbird packages has been upgraded to the\nlatest respective versions which is unaffected by these security\nflaws.\n\nAdditionally the rootcerts packages has been upgraded to the latest\nversion which brings updated root CA data.\n\nUpdate :\n\nLocalization packages for firefox was missing with the MDVSA-2012:110\nadvisory and is being provided with this advisory.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-42.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-43.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-44.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-45.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-46.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-47.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-48.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-49.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-50.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-51.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-52.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-53.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-54.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-55.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bn_BD\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bn_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-en_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-en_ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-es_AR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-es_CL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-es_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-es_MX\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ga_IE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-gu_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-hy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ku\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-lg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nb_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nn_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-nso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pa_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-pt_PT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-sv_SE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-ta_LK\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:firefox-zu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-af-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ar-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ast-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-be-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-bg-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-bn_BD-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-bn_IN-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-br-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-bs-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ca-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-cs-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-cy-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-da-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-de-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-el-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-en_GB-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-en_ZA-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-eo-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-es_AR-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-es_CL-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-es_ES-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-es_MX-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-et-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-eu-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-fa-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-fi-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-fr-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-fy-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ga_IE-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-gd-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-gl-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-gu_IN-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-he-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-hi-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-hr-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-hu-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-hy-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-id-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-is-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-it-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ja-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-kk-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-kn-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ko-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ku-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-lg-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-lt-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-lv-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-mai-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-mk-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ml-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-mr-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-nb_NO-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-nl-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-nn_NO-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-nso-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-or-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-pa_IN-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-pl-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-pt_BR-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-pt_PT-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ro-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ru-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-si-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-sk-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-sl-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-sq-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-sr-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-sv_SE-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ta-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-ta_LK-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-te-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-th-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-tr-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-uk-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-vi-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-zh_CN-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-zh_TW-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"firefox-zu-14.0.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:23:17", "bulletinFamily": "scanner", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.\n (CVE-2012-1948)\n\n - The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load. (CVE-2012-1950)\n\n - Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code by interacting with objects used for SMIL Timing.\n (CVE-2012-1951)\n\n - The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site. (CVE-2012-1952)\n\n - The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site. (CVE-2012-1953)\n\n - Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents. (CVE-2012-1954)\n\n - Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls.\n (CVE-2012-1955)\n\n - An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed.\n (CVE-2012-1957)\n\n - Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vectors related to focused content. (CVE-2012-1958)\n\n - Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content.\n (CVE-2012-1959)\n\n - Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attacks via a FRAME element referencing a web site that produces these duplicate values. (CVE-2012-1961)\n\n - Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies.\n (CVE-2012-1962)\n\n - The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation.\n (CVE-2012-1963)\n\n - The certificate-warning functionality in browser/components/certerror/content/ aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted clickjacking of the about:certerror page, which allows man-in-the-middle attackers to trick users into adding an unintended exception via an IFRAME element.\n (CVE-2012-1964)\n\n - Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL. (CVE-2012-1965)\n\n - Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.\n (CVE-2012-1966)\n\n - Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL.\n (CVE-2012-1967)\n\n - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2012-1970)\n\n - Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. (CVE-2012-1973)\n\n - Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component.\n (CVE-2012-3966)", "modified": "2018-11-15T00:00:00", "id": "SOLARIS11_THUNDERBIRD_20130129.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80787", "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird7)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80787);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n\n script_cve_id(\"CVE-2012-1948\", \"CVE-2012-1950\", \"CVE-2012-1951\", \"CVE-2012-1952\", \"CVE-2012-1953\", \"CVE-2012-1954\", \"CVE-2012-1955\", \"CVE-2012-1957\", \"CVE-2012-1958\", \"CVE-2012-1959\", \"CVE-2012-1961\", \"CVE-2012-1962\", \"CVE-2012-1963\", \"CVE-2012-1964\", \"CVE-2012-1965\", \"CVE-2012-1966\", \"CVE-2012-1967\", \"CVE-2012-1970\", \"CVE-2012-1973\", \"CVE-2012-3966\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird7)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Multiple unspecified vulnerabilities in the browser\n engine in Mozilla Firefox 4.x through 13.0, Firefox ESR\n 10.x before 10.0.6, Thunderbird 5.0 through 13.0,\n Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before\n 2.11 allow remote attackers to cause a denial of service\n (memory corruption and application crash) or possibly\n execute arbitrary code via unknown vectors.\n (CVE-2012-1948)\n\n - The drag-and-drop implementation in Mozilla Firefox 4.x\n through 13.0 and Firefox ESR 10.x before 10.0.6 allows\n remote attackers to spoof the address bar by canceling a\n page load. (CVE-2012-1950)\n\n - Use-after-free vulnerability in the\n nsSMILTimeValueSpec::IsEventBased function in Mozilla\n Firefox 4.x through 13.0, Firefox ESR 10.x before\n 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR\n 10.x before 10.0.6, and SeaMonkey before 2.11 allows\n remote attackers to cause a denial of service (heap\n memory corruption) or possibly execute arbitrary code by\n interacting with objects used for SMIL Timing.\n (CVE-2012-1951)\n\n - The nsTableFrame::InsertFrames function in Mozilla\n Firefox 4.x through 13.0, Firefox ESR 10.x before\n 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR\n 10.x before 10.0.6, and SeaMonkey before 2.11 does not\n properly perform a cast of a frame variable during\n processing of mixed row-group and column-group frames,\n which might allow remote attackers to execute arbitrary\n code via a crafted web site. (CVE-2012-1952)\n\n - The ElementAnimations::EnsureStyleRuleFor function in\n Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x\n before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird\n ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows\n remote attackers to cause a denial of service (buffer\n over-read, incorrect pointer dereference, and heap-based\n buffer overflow) or possibly execute arbitrary code via\n a crafted web site. (CVE-2012-1953)\n\n - Use-after-free vulnerability in the\n nsDocument::AdoptNode function in Mozilla Firefox 4.x\n through 13.0, Firefox ESR 10.x before 10.0.6,\n Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x\n before 10.0.6, and SeaMonkey before 2.11 allows remote\n attackers to cause a denial of service (heap memory\n corruption) or possibly execute arbitrary code via\n vectors involving multiple adoptions and empty\n documents. (CVE-2012-1954)\n\n - Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x\n before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird\n ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow\n remote attackers to spoof the address bar via vectors\n involving history.forward and history.back calls.\n (CVE-2012-1955)\n\n - An unspecified parser-utility class in Mozilla Firefox\n 4.x through 13.0, Firefox ESR 10.x before 10.0.6,\n Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x\n before 10.0.6, and SeaMonkey before 2.11 does not\n properly handle EMBED elements within description\n elements in RSS feeds, which allows remote attackers to\n conduct cross-site scripting (XSS) attacks via a feed.\n (CVE-2012-1957)\n\n - Use-after-free vulnerability in the\n nsGlobalWindow::PageHidden function in Mozilla Firefox\n 4.x through 13.0, Firefox ESR 10.x before 10.0.6,\n Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x\n before 10.0.6, and SeaMonkey before 2.11 might allow\n remote attackers to execute arbitrary code via vectors\n related to focused content. (CVE-2012-1958)\n\n - Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x\n before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird\n ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not\n consider the presence of same-compartment security\n wrappers (SCSW) during the cross-compartment wrapping of\n objects, which allows remote attackers to bypass\n intended XBL access restrictions via crafted content.\n (CVE-2012-1959)\n\n - Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x\n before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird\n ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not\n properly handle duplicate values in X-Frame-Options\n headers, which makes it easier for remote attackers to\n conduct clickjacking attacks via a FRAME element\n referencing a web site that produces these duplicate\n values. (CVE-2012-1961)\n\n - Use-after-free vulnerability in the\n JSDependentString::undepend function in Mozilla Firefox\n 4.x through 13.0, Firefox ESR 10.x before 10.0.6,\n Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x\n before 10.0.6, and SeaMonkey before 2.11 allows remote\n attackers to cause a denial of service (memory\n corruption) or possibly execute arbitrary code via\n vectors involving strings with multiple dependencies.\n (CVE-2012-1962)\n\n - The Content Security Policy (CSP) functionality in\n Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x\n before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird\n ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does\n not properly restrict the strings placed into the\n blocked-uri parameter of a violation report, which\n allows remote web servers to capture OpenID credentials\n and OAuth 2.0 access tokens by triggering a violation.\n (CVE-2012-1963)\n\n - The certificate-warning functionality in\n browser/components/certerror/content/\n aboutCertError.xhtml in Mozilla Firefox 4.x through\n 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0\n through 12.0, Thunderbird ESR 10.x before 10.0.6, and\n SeaMonkey before 2.10 does not properly handle attempted\n clickjacking of the about:certerror page, which allows\n man-in-the-middle attackers to trick users into adding\n an unintended exception via an IFRAME element.\n (CVE-2012-1964)\n\n - Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x\n before 10.0.6 do not properly establish the security\n context of a feed: URL, which allows remote attackers to\n bypass unspecified cross-site scripting (XSS) protection\n mechanisms via a feed:javascript: URL. (CVE-2012-1965)\n\n - Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x\n before 10.0.6 do not have the same context-menu\n restrictions for data: URLs as for javascript: URLs,\n which allows remote attackers to conduct cross-site\n scripting (XSS) attacks via a crafted URL.\n (CVE-2012-1966)\n\n - Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x\n before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird\n ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not\n properly implement the JavaScript sandbox utility, which\n allows remote attackers to execute arbitrary JavaScript\n code with improper privileges via a javascript: URL.\n (CVE-2012-1967)\n\n - Multiple unspecified vulnerabilities in the browser\n engine in Mozilla Firefox before 15.0, Firefox ESR 10.x\n before 10.0.7, Thunderbird before 15.0, Thunderbird ESR\n 10.x before 10.0.7, and SeaMonkey before 2.12 allow\n remote attackers to cause a denial of service (memory\n corruption and application crash) or possibly execute\n arbitrary code via unknown vectors. (CVE-2012-1970)\n\n - Use-after-free vulnerability in the\n nsObjectLoadingContent::LoadObject function in Mozilla\n Firefox before 15.0, Firefox ESR 10.x before 10.0.7,\n Thunderbird before 15.0, Thunderbird ESR 10.x before\n 10.0.7, and SeaMonkey before 2.12 allows remote\n attackers to execute arbitrary code or cause a denial of\n service (heap memory corruption) via unspecified\n vectors. (CVE-2012-1973)\n\n - Mozilla Firefox before 15.0, Firefox ESR 10.x before\n 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x\n before 10.0.7, and SeaMonkey before 2.12 allow remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption) via a negative height value\n in a BMP image within a .ICO file, related to (1)\n improper handling of the transparency bitmask by the\n nsICODecoder component and (2) improper processing of\n the alpha channel by the nsBMPDecoder component.\n (CVE-2012-3966)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-thunderbird\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ac78be5f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.2.5.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:thunderbird\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^thunderbird$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.2.0.5.0\", sru:\"SRU 2.5\") > 0) flag++;\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n error_extra = 'Affected package : thunderbird\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_hole(port:0, extra:error_extra);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"thunderbird\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:16:57", "bulletinFamily": "scanner", "description": "USN-1509-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the lastest Firefox.\n\nBenoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1948, CVE-2012-1949)\n\nMario Gomes discovered that the address bar may be incorrectly updated. Drag-and-drop events in the address bar may cause the address of the previous site to be displayed while a new page is loaded. An attacker could exploit this to conduct phishing attacks. (CVE-2012-1950)\n\nAbhishek Arya discovered four memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954)\n\nMariusz Mlynski discovered that the address bar may be incorrectly updated. Calls to history.forward and history.back could be used to navigate to a site while the address bar still displayed the previous site. A remote attacker could exploit this to conduct phishing attacks.\n(CVE-2012-1955)\n\nMario Heiderich discovered that HTML <embed> tags were not filtered out of the HTML <description> of RSS feeds. A remote attacker could exploit this to conduct cross-site scripting (XSS) attacks via JavaScript execution in the HTML feed view. (CVE-2012-1957)\n\nArthur Gerkis discovered a use-after-free vulnerability. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox.\n(CVE-2012-1958)\n\nBobby Holley discovered that same-compartment security wrappers (SCSW) could be bypassed to allow XBL access. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2012-1959)\n\nTony Payne discovered an out-of-bounds memory read in Mozilla's color management library (QCMS). If the user were tricked into opening a specially crafted color profile, an attacker could possibly exploit this to cause a denial of service via application crash. (CVE-2012-1960)\n\nFrederic Buclin discovered that the X-Frame-Options header was ignored when its value was specified multiple times. An attacker could exploit this to conduct clickjacking attacks.\n(CVE-2012-1961)\n\nBill Keese discovered a memory corruption vulnerability. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox.\n(CVE-2012-1962)\n\nKarthikeyan Bhargavan discovered an information leakage vulnerability in the Content Security Policy (CSP) 1.0 implementation. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to access a user's OAuth 2.0 access tokens and OpenID credentials. (CVE-2012-1963)\n\nMatt McCutchen discovered a clickjacking vulnerability in the certificate warning page. A remote attacker could trick a user into accepting a malicious certificate via a crafted certificate warning page. (CVE-2012-1964)\n\nMario Gomes and Soroush Dalili discovered that JavaScript was not filtered out of feed URLs. If the user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2012-1965)\n\nA vulnerability was discovered in the context menu of data:\nURLs. If the user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2012-1966)\n\nIt was discovered that the execution of javascript: URLs was not properly handled in some cases. A remote attacker could exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2012-1967).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-1509-2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60013", "published": "2012-07-18T00:00:00", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : ubufox update (USN-1509-2)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1509-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60013);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/12/01 13:19:07\");\n\n script_cve_id(\"CVE-2012-1948\", \"CVE-2012-1949\", \"CVE-2012-1950\", \"CVE-2012-1951\", \"CVE-2012-1952\", \"CVE-2012-1953\", \"CVE-2012-1954\", \"CVE-2012-1955\", \"CVE-2012-1957\", \"CVE-2012-1958\", \"CVE-2012-1959\", \"CVE-2012-1960\", \"CVE-2012-1961\", \"CVE-2012-1962\", \"CVE-2012-1963\", \"CVE-2012-1964\", \"CVE-2012-1965\", \"CVE-2012-1966\", \"CVE-2012-1967\");\n script_bugtraq_id(54572, 54573, 54574, 54575, 54576, 54577, 54578, 54579, 54580, 54581, 54583, 54584, 54585, 54586);\n script_xref(name:\"USN\", value:\"1509-2\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : ubufox update (USN-1509-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1509-1 fixed vulnerabilities in Firefox. This update provides an\nupdated ubufox package for use with the lastest Firefox.\n\nBenoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian\nSmith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle\nHuey discovered memory safety issues affecting Firefox. If the user\nwere tricked into opening a specially crafted page, an attacker could\npossibly exploit these to cause a denial of service via application\ncrash, or potentially execute code with the privileges of the user\ninvoking Firefox. (CVE-2012-1948, CVE-2012-1949)\n\nMario Gomes discovered that the address bar may be\nincorrectly updated. Drag-and-drop events in the address bar\nmay cause the address of the previous site to be displayed\nwhile a new page is loaded. An attacker could exploit this\nto conduct phishing attacks. (CVE-2012-1950)\n\nAbhishek Arya discovered four memory safety issues affecting\nFirefox. If the user were tricked into opening a specially\ncrafted page, an attacker could possibly exploit these to\ncause a denial of service via application crash, or\npotentially execute code with the privileges of the user\ninvoking Firefox. (CVE-2012-1951, CVE-2012-1952,\nCVE-2012-1953, CVE-2012-1954)\n\nMariusz Mlynski discovered that the address bar may be\nincorrectly updated. Calls to history.forward and\nhistory.back could be used to navigate to a site while the\naddress bar still displayed the previous site. A remote\nattacker could exploit this to conduct phishing attacks.\n(CVE-2012-1955)\n\nMario Heiderich discovered that HTML <embed> tags were not\nfiltered out of the HTML <description> of RSS feeds. A\nremote attacker could exploit this to conduct cross-site\nscripting (XSS) attacks via JavaScript execution in the HTML\nfeed view. (CVE-2012-1957)\n\nArthur Gerkis discovered a use-after-free vulnerability. If\nthe user were tricked into opening a specially crafted page,\nan attacker could possibly exploit this to cause a denial of\nservice via application crash, or potentially execute code\nwith the privileges of the user invoking Firefox.\n(CVE-2012-1958)\n\nBobby Holley discovered that same-compartment security\nwrappers (SCSW) could be bypassed to allow XBL access. If\nthe user were tricked into opening a specially crafted page,\nan attacker could possibly exploit this to execute code with\nthe privileges of the user invoking Firefox. (CVE-2012-1959)\n\nTony Payne discovered an out-of-bounds memory read in\nMozilla's color management library (QCMS). If the user were\ntricked into opening a specially crafted color profile, an\nattacker could possibly exploit this to cause a denial of\nservice via application crash. (CVE-2012-1960)\n\nFrederic Buclin discovered that the X-Frame-Options header\nwas ignored when its value was specified multiple times. An\nattacker could exploit this to conduct clickjacking attacks.\n(CVE-2012-1961)\n\nBill Keese discovered a memory corruption vulnerability. If\nthe user were tricked into opening a specially crafted page,\nan attacker could possibly exploit this to cause a denial of\nservice via application crash, or potentially execute code\nwith the privileges of the user invoking Firefox.\n(CVE-2012-1962)\n\nKarthikeyan Bhargavan discovered an information leakage\nvulnerability in the Content Security Policy (CSP) 1.0\nimplementation. If the user were tricked into opening a\nspecially crafted page, an attacker could possibly exploit\nthis to access a user's OAuth 2.0 access tokens and OpenID\ncredentials. (CVE-2012-1963)\n\nMatt McCutchen discovered a clickjacking vulnerability in\nthe certificate warning page. A remote attacker could trick\na user into accepting a malicious certificate via a crafted\ncertificate warning page. (CVE-2012-1964)\n\nMario Gomes and Soroush Dalili discovered that JavaScript\nwas not filtered out of feed URLs. If the user were tricked\ninto opening a specially crafted URL, an attacker could\npossibly exploit this to conduct cross-site scripting (XSS)\nattacks. (CVE-2012-1965)\n\nA vulnerability was discovered in the context menu of data:\nURLs. If the user were tricked into opening a specially\ncrafted URL, an attacker could possibly exploit this to\nconduct cross-site scripting (XSS) attacks. (CVE-2012-1966)\n\nIt was discovered that the execution of javascript: URLs was\nnot properly handled in some cases. A remote attacker could\nexploit this to execute code with the privileges of the user\ninvoking Firefox. (CVE-2012-1967).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1509-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ubufox and / or xul-ext-ubufox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ubufox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xul-ext-ubufox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|11\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"ubufox\", pkgver:\"2.1.1-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xul-ext-ubufox\", pkgver:\"2.1.1-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"ubufox\", pkgver:\"2.1.1-0ubuntu0.11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"xul-ext-ubufox\", pkgver:\"2.1.1-0ubuntu0.11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"ubufox\", pkgver:\"2.1.1-0ubuntu0.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"xul-ext-ubufox\", pkgver:\"2.1.1-0ubuntu0.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"ubufox\", pkgver:\"2.1.1-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"xul-ext-ubufox\", pkgver:\"2.1.1-0ubuntu0.12.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ubufox / xul-ext-ubufox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:16:57", "bulletinFamily": "scanner", "description": "The installed version of Firefox is earlier than 10.0.6 and thus, is potentially affected by the following security issues :\n\n - Several memory safety issues exist, some of which could potentially allow arbitrary code execution.\n (CVE-2012-1948)\n\n - An error related to drag and drop can allow incorrect URLs to be displayed. (CVE-2012-1950)\n\n - Several memory safety issues exist related to the Gecko layout engine. (CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954)\n\n - An error related to JavaScript functions 'history.forward' and 'history.back' can allow incorrect URLs to be displayed. (CVE-2012-1955)\n\n - Cross-site scripting attacks are possible due to an error related to the '<embed>' tag within an RSS '<description>' element. (CVE-2012-1957)\n\n - A use-after-free error exists related to the method 'nsGlobalWindow::PageHidden'. (CVE-2012-1958)\n\n - An error exists that can allow 'same-compartment security wrappers' (SCSW) to be bypassed.\n (CVE-2012-1959) \n - The 'X-Frames-Options' header is ignored if it is duplicated. (CVE-2012-1961)\n\n - A memory corruption error exists related to the method 'JSDependentString::undepend'. (CVE-2012-1962)\n\n - An error related to the 'Content Security Policy' (CSP) implementation can allow the disclosure of OAuth 2.0 access tokens and OpenID credentials. (CVE-2012-1963)\n\n - An error exists related to the certificate warning page that can allow 'clickjacking' thereby tricking a user into accepting unintended certificates. (CVE-2012-1964)\n\n - An error exists related to the 'feed:' URL that can allow cross-site scripting attacks. (CVE-2012-1965)\n\n - Cross-site scripting attacks are possible due to an error related to the 'data:' URL and context menus.\n (CVE-2012-1966)\n\n - An error exists related to the 'javascript:' URL that can allow scripts to run at elevated privileges outside the sandbox. (CVE-2012-1967)", "modified": "2018-07-14T00:00:00", "id": "MACOSX_FIREFOX_10_0_6.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60038", "published": "2012-07-19T00:00:00", "title": "Firefox < 10.0.6 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60038);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2012-1948\",\n \"CVE-2012-1950\",\n \"CVE-2012-1951\",\n \"CVE-2012-1952\",\n \"CVE-2012-1953\",\n \"CVE-2012-1954\",\n \"CVE-2012-1955\",\n \"CVE-2012-1957\",\n \"CVE-2012-1958\",\n \"CVE-2012-1959\",\n \"CVE-2012-1961\",\n \"CVE-2012-1962\",\n \"CVE-2012-1963\",\n \"CVE-2012-1964\",\n \"CVE-2012-1965\",\n \"CVE-2012-1966\",\n \"CVE-2012-1967\"\n );\n script_bugtraq_id(\n 54573,\n 54574,\n 54575,\n 54576,\n 54577,\n 54578,\n 54579,\n 54581,\n 54582,\n 54583,\n 54584,\n 54585,\n 54586\n );\n\n script_name(english:\"Firefox < 10.0.6 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The installed version of Firefox is earlier than 10.0.6 and thus, is \npotentially affected by the following security issues :\n\n - Several memory safety issues exist, some of which could\n potentially allow arbitrary code execution.\n (CVE-2012-1948)\n\n - An error related to drag and drop can allow incorrect \n URLs to be displayed. (CVE-2012-1950)\n\n - Several memory safety issues exist related to the Gecko\n layout engine. (CVE-2012-1951, CVE-2012-1952,\n CVE-2012-1953, CVE-2012-1954)\n\n - An error related to JavaScript functions\n 'history.forward' and 'history.back' can allow\n incorrect URLs to be displayed. (CVE-2012-1955)\n\n - Cross-site scripting attacks are possible due to an\n error related to the '<embed>' tag within an RSS\n '<description>' element. (CVE-2012-1957)\n\n - A use-after-free error exists related to the method\n 'nsGlobalWindow::PageHidden'. (CVE-2012-1958)\n\n - An error exists that can allow 'same-compartment\n security wrappers' (SCSW) to be bypassed.\n (CVE-2012-1959)\n \n - The 'X-Frames-Options' header is ignored if it is\n duplicated. (CVE-2012-1961)\n\n - A memory corruption error exists related to the method\n 'JSDependentString::undepend'. (CVE-2012-1962)\n\n - An error related to the 'Content Security Policy' (CSP)\n implementation can allow the disclosure of OAuth 2.0\n access tokens and OpenID credentials. (CVE-2012-1963)\n\n - An error exists related to the certificate warning page\n that can allow 'clickjacking' thereby tricking a user \n into accepting unintended certificates. (CVE-2012-1964)\n\n - An error exists related to the 'feed:' URL that can\n allow cross-site scripting attacks. (CVE-2012-1965)\n\n - Cross-site scripting attacks are possible due to an\n error related to the 'data:' URL and context menus.\n (CVE-2012-1966)\n\n - An error exists related to the 'javascript:' URL that\n can allow scripts to run at elevated privileges outside\n the sandbox. (CVE-2012-1967)\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-42/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-43/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-44/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-45/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-46/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-47/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-48/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-49/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-51/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-52/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-53/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-54/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-55/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-56/\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox 10.0.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'10.0.6', severity:SECURITY_HOLE, xss:TRUE);", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:24:30", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:1088\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nA web page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2012-1948, CVE-2012-1951, CVE-2012-1952, CVE-2012-1953,\nCVE-2012-1954, CVE-2012-1958, CVE-2012-1962, CVE-2012-1967)\n\nA malicious web page could bypass same-compartment security wrappers (SCSW)\nand execute arbitrary code with chrome privileges. (CVE-2012-1959)\n\nA flaw in the context menu functionality in Firefox could allow a malicious\nwebsite to bypass intended restrictions and allow a cross-site scripting\nattack. (CVE-2012-1966)\n\nA page different to that in the address bar could be displayed when\ndragging and dropping to the address bar, possibly making it easier for a\nmalicious site or user to perform a phishing attack. (CVE-2012-1950)\n\nA flaw in the way Firefox called history.forward and history.back could\nallow an attacker to conceal a malicious URL, possibly tricking a user\ninto believing they are viewing a trusted site. (CVE-2012-1955)\n\nA flaw in a parser utility class used by Firefox to parse feeds (such as\nRSS) could allow an attacker to execute arbitrary JavaScript with the\nprivileges of the user running Firefox. This issue could have affected\nother browser components or add-ons that assume the class returns\nsanitized input. (CVE-2012-1957)\n\nA flaw in the way Firefox handled X-Frame-Options headers could allow a\nmalicious website to perform a clickjacking attack. (CVE-2012-1961)\n\nA flaw in the way Content Security Policy (CSP) reports were generated by\nFirefox could allow a malicious web page to steal a victim's OAuth 2.0\naccess tokens and OpenID credentials. (CVE-2012-1963)\n\nA flaw in the way Firefox handled certificate warnings could allow a\nman-in-the-middle attacker to create a crafted warning, possibly tricking\na user into accepting an arbitrary certificate as trusted. (CVE-2012-1964)\n\nA flaw in the way Firefox handled feed:javascript URLs could allow output\nfiltering to be bypassed, possibly leading to a cross-site scripting\nattack. (CVE-2012-1965)\n\nThe nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6\nintroduced a mitigation for the CVE-2011-3389 flaw. For compatibility\nreasons, it remains disabled by default in the nss packages. This update\nmakes Firefox enable the mitigation by default. It can be disabled by\nsetting the NSS_SSL_CBC_RANDOM_IV environment variable to 0 before\nlaunching Firefox. (BZ#838879)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 10.0.6 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Benoit Jacob, Jesse Ruderman, Christian Holler, Bill\nMcCloskey, Abhishek Arya, Arthur Gerkis, Bill Keese, moz_bug_r_a4, Bobby\nHolley, Code Audit Labs, Mariusz Mlynski, Mario Heiderich, Frederic Buclin,\nKarthikeyan Bhargavan, Matt McCutchen, Mario Gomes, and Soroush Dalili as\nthe original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 10.0.6 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-July/018744.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-July/018747.html\n\n**Affected packages:**\nfirefox\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2012-1088.html", "modified": "2012-07-17T21:07:24", "published": "2012-07-17T16:41:16", "href": "http://lists.centos.org/pipermail/centos-announce/2012-July/018744.html", "id": "CESA-2012:1088", "title": "firefox, xulrunner security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:26:21", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:1089\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed content. Malicious\ncontent could cause Thunderbird to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Thunderbird. (CVE-2012-1948,\nCVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1958,\nCVE-2012-1962, CVE-2012-1967)\n\nMalicious content could bypass same-compartment security wrappers (SCSW)\nand execute arbitrary code with chrome privileges. (CVE-2012-1959)\n\nA flaw in the way Thunderbird called history.forward and history.back could\nallow an attacker to conceal a malicious URL, possibly tricking a user\ninto believing they are viewing trusted content. (CVE-2012-1955)\n\nA flaw in a parser utility class used by Thunderbird to parse feeds (such\nas RSS) could allow an attacker to execute arbitrary JavaScript with the\nprivileges of the user running Thunderbird. This issue could have affected\nother Thunderbird components or add-ons that assume the class returns\nsanitized input. (CVE-2012-1957)\n\nA flaw in the way Thunderbird handled X-Frame-Options headers could allow\nmalicious content to perform a clickjacking attack. (CVE-2012-1961)\n\nA flaw in the way Content Security Policy (CSP) reports were generated by\nThunderbird could allow malicious content to steal a victim's OAuth 2.0\naccess tokens and OpenID credentials. (CVE-2012-1963)\n\nA flaw in the way Thunderbird handled certificate warnings could allow a\nman-in-the-middle attacker to create a crafted warning, possibly tricking\na user into accepting an arbitrary certificate as trusted. (CVE-2012-1964)\n\nThe nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6\nintroduced a mitigation for the CVE-2011-3389 flaw. For compatibility\nreasons, it remains disabled by default in the nss packages. This update\nmakes Thunderbird enable the mitigation by default. It can be disabled by\nsetting the NSS_SSL_CBC_RANDOM_IV environment variable to 0 before\nlaunching Thunderbird. (BZ#838879)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Benoit Jacob, Jesse Ruderman, Christian Holler, Bill\nMcCloskey, Abhishek Arya, Arthur Gerkis, Bill Keese, moz_bug_r_a4, Bobby\nHolley, Mariusz Mlynski, Mario Heiderich, Frederic Buclin, Karthikeyan\nBhargavan, and Matt McCutchen as the original reporters of these issues.\n\nNote: None of the issues in this advisory can be exploited by a\nspecially-crafted HTML mail message as JavaScript is disabled by default\nfor mail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 10.0.6 ESR, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-July/018745.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-July/018748.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\n", "modified": "2012-07-17T21:08:26", "published": "2012-07-17T17:25:02", "href": "http://lists.centos.org/pipermail/centos-announce/2012-July/018745.html", "id": "CESA-2012:1089", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:09:51", "bulletinFamily": "unix", "description": "MozillaFirefox have been updated to the 10.0.6ESR security\n release fixing various bugs and several security issues,\n some critical.\n\n The ollowing security issues have been fixed:\n\n *\n\n MFSA 2012-42: Mozilla developers identified and fixed\n several memory safety bugs in the browser engine used in\n Firefox and other Mozilla-based products. Some of these\n bugs showed evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n *\n\n CVE-2012-1948: Benoit Jacob, Jesse Ruderman,\n Christian Holler, and Bill McCloskey reported memory safety\n problems and crashes that affect Firefox ESR 10 and Firefox\n 13.\n\n *\n\n MFSA 2012-43 / CVE-2012-1950: Security researcher\n Mario Gomes andresearch firm Code Audit Labs reported a\n mechanism to short-circuit page loads through drag and drop\n to the addressbar by canceling the page load. This causes\n the address of the previously site entered to be displayed\n in the addressbar instead of the currently loaded page.\n This could lead to potential phishing attacks on users.\n\n *\n\n MFSA 2012-44 Google security researcher Abhishek Arya\n used the Address Sanitizer tool to uncover four issues: two\n use-after-free problems, one out of bounds read bug, and a\n bad cast. The first use-afte.r-free problem is caused when\n an array of nsSMILTimeValueSpec objects is destroyed but\n attempts are made to call into objects in this array later.\n The second use-after-free problem is in\n nsDocument::AdoptNode when it adopts into an empty document\n and then adopts into another document, emptying the first\n one. The heap buffer overflow is in ElementAnimations when\n data is read off of end of an array and then pointers are\n dereferenced. The bad cast happens when\n nsTableFrame::InsertFrames is called with frames in\n aFrameList that are a mix of row group frames and column\n group frames. AppendFrames is not able to handle this mix.\n\n All four of these issues are potentially exploitable.\n\n o CVE-2012-1951: Heap-use-after-free in\n nsSMILTimeValueSpec::IsEventBased o CVE-2012-1954:\n Heap-use-after-free in nsDocument::AdoptNode o\n CVE-2012-1953: Out of bounds read in\n ElementAnimations::EnsureStyleRuleFor o CVE-2012-1952: Bad\n cast in nsTableFrame::InsertFrames\n *\n\n MFSA 2012-45 / CVE-2012-1955: Security researcher\n Mariusz Mlynski reported an issue with spoofing of the\n location property. In this issue, calls to history.forward\n and history.back are used to navigate to a site while\n displaying the previous site in the addressbar but changing\n the baseURI to the newer site. This can be used for\n phishing by allowing the user input form or other data on\n the newer, attacking, site while appearing to be on the\n older, displayed site.\n\n *\n\n MFSA 2012-46 / CVE-2012-1966: Mozilla security\n researcher moz_bug_r_a4 reported a cross-site scripting\n (XSS) attack through the context menu using a data: URL. In\n this issue, context menu functionality ("View Image", "Show\n only this frame", and "View background image") are\n disallowed in a javascript: URL but allowed in a data: URL,\n allowing for XSS. This can lead to arbitrary code execution.\n\n *\n\n MFSA 2012-47 / CVE-2012-1957: Security researcher\n Mario Heiderich reported that javascript could be executed\n in the HTML feed-view using tag within the RSS . This\n problem is due to tags not being filtered out during\n parsing and can lead to a potential cross-site scripting\n (XSS) attack. The flaw existed in a parser utility class\n and could affect other parts of the browser or add-ons\n which rely on that class to sanitize untrusted input.\n\n *\n\n MFSA 2012-48 / CVE-2012-1958: Security researcher\n Arthur Gerkis used the Address Sanitizer tool to find a\n use-after-free in nsGlobalWindow::PageHidden when\n mFocusedContent is released and oldFocusedContent is used\n afterwards. This use-after-free could possibly allow for\n remote code execution.\n\n *\n\n MFSA 2012-49 / CVE-2012-1959: Mozilla developer Bobby\n Holley found that same-compartment security wrappers (SCSW)\n can be bypassed by passing them to another compartment.\n Cross-compartment wrappers often do not go through SCSW,\n but have a filtering policy built into them. When an object\n is wrapped cross-compartment, the SCSW is stripped off and,\n when the object is read read back, it is not known that\n SCSW was previously present, resulting in a bypassing of\n SCSW. This could result in untrusted content having access\n to the XBL that implements browser functionality.\n\n *\n\n MFSA 2012-50 / CVE-2012-1960: Google developer Tony\n Payne reported an out of bounds (OOB) read in QCMS,\n Mozilla's color management library. With a carefully\n crafted color profile portions of a user's memory could be\n incorporated into a transformed image and possibly\n deciphered.\n\n *\n\n MFSA 2012-51 / CVE-2012-1961: Bugzilla developer\n Frederic Buclin reported that the "X-Frame-Options header\n is ignored when the value is duplicated, for example\n X-Frame-Options: SAMEORIGIN, SAMEORIGIN. This duplication\n occurs for unknown reasons on some websites and when it\n occurs results in Mozilla browsers not being protected\n against possible clickjacking attacks on those pages.\n\n *\n\n MFSA 2012-52 / CVE-2012-1962: Security researcher\n Bill Keese reported a memory corruption. This is caused by\n JSDependentString::undepend changing a dependent string\n into a fixed string when there are additional dependent\n strings relying on the same base. When the undepend occurs\n during conversion, the base data is freed, leaving other\n dependent strings with dangling pointers. This can lead to\n a potentially exploitable crash.\n\n *\n\n MFSA 2012-53 / CVE-2012-1963: Security researcher\n Karthikeyan Bhargavan of Prosecco at INRIA reported Content\n Security Policy (CSP) 1.0 implementation errors. CSP\n violation reports generated by Firefox and sent to the\n "report-uri" location include sensitive data within the\n "blocked-uri" parameter. These include fragment components\n and query strings even if the "blocked-uri" parameter has a\n different origin than the protected resource. This can be\n used to retrieve a user's OAuth 2.0 access tokens and\n OpenID credentials by malicious sites.\n\n *\n\n MFSA 2012-54 / CVE-2012-1964: Security Researcher\n Matt McCutchen reported that a clickjacking attack using\n the certificate warning page. A man-in-the-middle (MITM)\n attacker can use an iframe to display its own certificate\n error warning page (about:certerror) with the "Add\n Exception" button of a real warning page from a malicious\n site. This can mislead users to adding a certificate\n exception for a different site than the perceived one. This\n can lead to compromised communications with the user\n perceived site through the MITM attack once the certificate\n exception has been added.\n\n *\n\n MFSA 2012-55 / CVE-2012-1965: Security researchers\n Mario Gomes and Soroush Dalili reported that since Mozilla\n allows the pseudo-protocol feed: to prefix any valid URL,\n it is possible to construct feed:javascript: URLs that will\n execute scripts in some contexts. On some sites it may be\n possible to use this to evade output filtering that would\n otherwise strip javascript: URLs and thus contribute to\n cross-site scripting (XSS) problems on these sites.\n\n *\n\n MFSA 2012-56 / CVE-2012-1967: Mozilla security\n researcher moz_bug_r_a4 reported a arbitrary code execution\n attack using a javascript: URL. The Gecko engine features a\n JavaScript sandbox utility that allows the browser or\n add-ons to safely execute script in the context of a web\n page. In certain cases, javascript: URLs are executed in\n such a sandbox with insufficient context that can allow\n those scripts to escape from the sandbox and run with\n elevated privilege. This can lead to arbitrary code\n execution.\n", "modified": "2012-07-21T01:08:17", "published": "2012-07-21T01:08:17", "id": "SUSE-SU-2012:0895-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html", "type": "suse", "title": "Security update for Mozilla Firefox (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:25:42", "bulletinFamily": "unix", "description": "MozillaFirefox was updated to 14.0.1 to fix various bugs\n and security issues.\n\n\n Following security issues were fixed: MFSA 2012-42: Mozilla\n developers identified and fixed several memory safety bugs\n in the browser engine used in Firefox and other\n Mozilla-based products. Some of these bugs showed evidence\n of memory corruption under certain circumstances, and we\n presume that with enough effort at least some of these\n could be exploited to run arbitrary code.\n\n CVE-2012-1949: Brian Smith, Gary Kwong, Christian Holler,\n Jesse Ruderman, Christoph Diehl, Chris Jones, Brad Lassey,\n and Kyle Huey reported memory safety problems and crashes\n that affect Firefox 13.\n\n CVE-2012-1948: Benoit Jacob, Jesse Ruderman, Christian\n Holler, and Bill McCloskey reported memory safety problems\n and crashes that affect Firefox ESR 10 and Firefox 13.\n\n\n MFSA 2012-43 / CVE-2012-1950: Security researcher Mario\n Gomes andresearch firm Code Audit Labs reported a mechanism\n to short-circuit page loads through drag and drop to the\n addressbar by canceling the page load. This causes the\n address of the previously site entered to be displayed in\n the addressbar instead of the currently loaded page. This\n could lead to potential phishing attacks on users.\n\n MFSA 2012-44 Google security researcher Abhishek Arya used\n the Address Sanitizer tool to uncover four issues: two\n use-after-free problems, one out of bounds read bug, and a\n bad cast. The first use-after-free problem is caused when\n an array of nsSMILTimeValueSpec objects is destroyed but\n attempts are made to call into objects in this array later.\n The second use-after-free problem is in\n nsDocument::AdoptNode when it adopts into an empty document\n and then adopts into another document, emptying the first\n one. The heap buffer overflow is in ElementAnimations when\n data is read off of end of an array and then pointers are\n dereferenced. The bad cast happens when\n nsTableFrame::InsertFrames is called with frames in\n aFrameList that are a mix of row group frames and column\n group frames. AppendFrames is not able to handle this mix.\n\n All four of these issues are potentially exploitable.\n CVE-2012-1951: Heap-use-after-free in\n nsSMILTimeValueSpec::IsEventBased CVE-2012-1954:\n Heap-use-after-free in nsDocument::AdoptNode CVE-2012-1953:\n Out of bounds read in ElementAnimations::EnsureStyleRuleFor\n CVE-2012-1952: Bad cast in nsTableFrame::InsertFrames\n\n\n MFSA 2012-45 / CVE-2012-1955: Security researcher Mariusz\n Mlynski reported an issue with spoofing of the location\n property. In this issue, calls to history.forward and\n history.back are used to navigate to a site while\n displaying the previous site in the addressbar but changing\n the baseURI to the newer site. This can be used for\n phishing by allowing the user input form or other data on\n the newer, attacking, site while appearing to be on the\n older, displayed site.\n\n MFSA 2012-46 / CVE-2012-1966: Mozilla security researcher\n moz_bug_r_a4 reported a cross-site scripting (XSS) attack\n through the context menu using a data: URL. In this issue,\n context menu functionality ("View Image", "Show only this\n frame", and "View background image") are disallowed in a\n javascript: URL but allowed in a data: URL, allowing for\n XSS. This can lead to arbitrary code execution.\n\n MFSA 2012-47 / CVE-2012-1957: Security researcher Mario\n Heiderich reported that javascript could be executed in the\n HTML feed-view using <embed> tag within the RSS\n <description>. This problem is due to <embed> tags not\n being filtered out during parsing and can lead to a\n potential cross-site scripting (XSS) attack. The flaw\n existed in a parser utility class and could affect other\n parts of the browser or add-ons which rely on that class to\n sanitize untrusted input.\n\n\n MFSA 2012-48 / CVE-2012-1958: Security researcher Arthur\n Gerkis used the Address Sanitizer tool to find a\n use-after-free in nsGlobalWindow::PageHidden when\n mFocusedContent is released and oldFocusedContent is used\n afterwards. This use-after-free could possibly allow for\n remote code execution.\n\n\n MFSA 2012-49 / CVE-2012-1959: Mozilla developer Bobby\n Holley found that same-compartment security wrappers (SCSW)\n can be bypassed by passing them to another compartment.\n Cross-compartment wrappers often do not go through SCSW,\n but have a filtering policy built into them. When an object\n is wrapped cross-compartment, the SCSW is stripped off and,\n when the object is read read back, it is not known that\n SCSW was previously present, resulting in a bypassing of\n SCSW. This could result in untrusted content having access\n to the XBL that implements browser functionality.\n\n MFSA 2012-50 / CVE-2012-1960: Google developer Tony Payne\n reported an out of bounds (OOB) read in QCMS, Mozilla\u00c3\u00a2\u00c2\u0080\u00c2\u0099s\n color management library. With a carefully crafted color\n profile portions of a user's memory could be incorporated\n into a transformed image and possibly deciphered.\n\n\n MFSA 2012-51 / CVE-2012-1961: Bugzilla developer Fr\u00c3\u0083\u00c2\u00a9d\u00c3\u0083\u00c2\u00a9ric\n Buclin reported that the "X-Frame-Options header is ignored\n when the value is duplicated, for example X-Frame-Options:\n SAMEORIGIN, SAMEORIGIN. This duplication occurs for unknown\n reasons on some websites and when it occurs results in\n Mozilla browsers not being protected against possible\n clickjacking attacks on those pages.\n\n\n MFSA 2012-52 / CVE-2012-1962: Security researcher Bill\n Keese reported a memory corruption. This is caused by\n JSDependentString::undepend changing a dependent string\n into a fixed string when there are additional dependent\n strings relying on the same base. When the undepend occurs\n during conversion, the base data is freed, leaving other\n dependent strings with dangling pointers. This can lead to\n a potentially exploitable crash.\n\n\n MFSA 2012-53 / CVE-2012-1963: Security researcher\n Karthikeyan Bhargavan of Prosecco at INRIA reported Content\n Security Policy (CSP) 1.0 implementation errors. CSP\n violation reports generated by Firefox and sent to the\n "report-uri" location include sensitive data within the\n "blocked-uri" parameter. These include fragment components\n and query strings even if the "blocked-uri" parameter has a\n different origin than the protected resource. This can be\n used to retrieve a user's OAuth 2.0 access tokens and\n OpenID credentials by malicious sites.\n\n MFSA 2012-54 / CVE-2012-1964: Security Researcher Matt\n McCutchen reported that a clickjacking attack using the\n certificate warning page. A man-in-the-middle (MITM)\n attacker can use an iframe to display its own certificate\n error warning page (about:certerror) with the "Add\n Exception" button of a real warning page from a malicious\n site. This can mislead users to adding a certificate\n exception for a different site than the perceived one. This\n can lead to compromised communications with the user\n perceived site through the MITM attack once the certificate\n exception has been added.\n\n\n MFSA 2012-55 / CVE-2012-1965: Security researchers Mario\n Gomes and Soroush Dalili reported that since Mozilla allows\n the pseudo-protocol feed: to prefix any valid URL, it is\n possible to construct feed:javascript: URLs that will\n execute scripts in some contexts. On some sites it may be\n possible to use this to evade output filtering that would\n otherwise strip javascript: URLs and thus contribute to\n cross-site scripting (XSS) problems on these sites.\n\n MFSA 2012-56 / CVE-2012-1967: Mozilla security researcher\n moz_bug_r_a4 reported a arbitrary code execution attack\n using a javascript: URL. The Gecko engine features a\n JavaScript sandbox utility that allows the browser or\n add-ons to safely execute script in the context of a web\n page. In certain cases, javascript: URLs are executed in\n such a sandbox with insufficient context that can allow\n those scripts to escape from the sandbox and run with\n elevated privilege. This can lead to arbitrary code\n execution.\n\n", "modified": "2012-07-23T14:08:16", "published": "2012-07-23T14:08:16", "id": "OPENSUSE-SU-2012:0899-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html", "title": "MozillaFirefox to 14.0.1 (critical)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:46:38", "bulletinFamily": "unix", "description": "Mozilla XULRunner was updated to 14.0.1, fixing bugs and\n security issues:\n\n\n\n Following security issues were fixed: MFSA 2012-42: Mozilla\n developers identified and fixed several memory safety bugs\n in the browser engine used in Firefox and other\n Mozilla-based products. Some of these bugs showed evidence\n of memory corruption under certain circumstances, and we\n presume that with enough effort at least some of these\n could be exploited to run arbitrary code.\n\n CVE-2012-1949: Brian Smith, Gary Kwong, Christian Holler,\n Jesse Ruderman, Christoph Diehl, Chris Jones, Brad Lassey,\n and Kyle Huey reported memory safety problems and crashes\n that affect Firefox 13.\n\n CVE-2012-1948: Benoit Jacob, Jesse Ruderman, Christian\n Holler, and Bill McCloskey reported memory safety problems\n and crashes that affect Firefox ESR 10 and Firefox 13.\n\n\n MFSA 2012-43 / CVE-2012-1950: Security researcher Mario\n Gomes andresearch firm Code Audit Labs reported a mechanism\n to short-circuit page loads through drag and drop to the\n addressbar by canceling the page load. This causes the\n address of the previously site entered to be displayed in\n the addressbar instead of the currently loaded page. This\n could lead to potential phishing attacks on users.\n\n MFSA 2012-44\n\n Google security researcher Abhishek Arya used the Address\n Sanitizer tool to uncover four issues: two use-after-free\n problems, one out of bounds read bug, and a bad cast. The\n first use-after-free problem is caused when an array of\n nsSMILTimeValueSpec objects is destroyed but attempts are\n made to call into objects in this array later. The second\n use-after-free problem is in nsDocument::AdoptNode when it\n adopts into an empty document and then adopts into another\n document, emptying the first one. The heap buffer overflow\n is in ElementAnimations when data is read off of end of an\n array and then pointers are dereferenced. The bad cast\n happens when nsTableFrame::InsertFrames is called with\n frames in aFrameList that are a mix of row group frames and\n column group frames. AppendFrames is not able to handle\n this mix.\n\n All four of these issues are potentially exploitable.\n CVE-2012-1951: Heap-use-after-free in\n nsSMILTimeValueSpec::IsEventBased CVE-2012-1954:\n Heap-use-after-free in nsDocument::AdoptNode CVE-2012-1953:\n Out of bounds read in ElementAnimations::EnsureStyleRuleFor\n CVE-2012-1952: Bad cast in nsTableFrame::InsertFrames\n\n\n MFSA 2012-45 / CVE-2012-1955: Security researcher Mariusz\n Mlynski reported an issue with spoofing of the location\n property. In this issue, calls to history.forward and\n history.back are used to navigate to a site while\n displaying the previous site in the addressbar but changing\n the baseURI to the newer site. This can be used for\n phishing by allowing the user input form or other data on\n the newer, attacking, site while appearing to be on the\n older, displayed site.\n\n MFSA 2012-46 / CVE-2012-1966: Mozilla security researcher\n moz_bug_r_a4 reported a cross-site scripting (XSS) attack\n through the context menu using a data: URL. In this issue,\n context menu functionality ("View Image", "Show only this\n frame", and "View background image") are disallowed in a\n javascript: URL but allowed in a data: URL, allowing for\n XSS. This can lead to arbitrary code execution.\n\n MFSA 2012-47 / CVE-2012-1957: Security researcher Mario\n Heiderich reported that javascript could be executed in the\n HTML feed-view using tag within the RSS . This problem is\n due to tags not being filtered out during parsing and can\n lead to a potential cross-site scripting (XSS) attack. The\n flaw existed in a parser utility class and could affect\n other parts of the browser or add-ons which rely on that\n class to sanitize untrusted input.\n\n\n MFSA 2012-48 / CVE-2012-1958: Security researcher Arthur\n Gerkis used the Address Sanitizer tool to find a\n use-after-free in nsGlobalWindow::PageHidden when\n mFocusedContent is released and oldFocusedContent is used\n afterwards. This use-after-free could possibly allow for\n remote code execution.\n\n\n MFSA 2012-49 / CVE-2012-1959: Mozilla developer Bobby\n Holley found that same-compartment security wrappers (SCSW)\n can be bypassed by passing them to another compartment.\n Cross-compartment wrappers often do not go through SCSW,\n\n but have a filtering policy built into them. When an object\n is wrapped cross-compartment, the SCSW is stripped off and,\n when the object is read read back, it is not known that\n SCSW was previously present, resulting in a bypassing of\n SCSW. This could result in untrusted content having access\n to the XBL that implements browser functionality.\n\n MFSA 2012-50 / CVE-2012-1960: Google developer Tony Payne\n reported an out of bounds (OOB) read in QCMS, Mozilla\u00c3\u00a2\u00c2\u0080\u00c2\u0099s\n color management library. With a carefully crafted color\n profile portions of a user's memory could be incorporated\n into a transformed image and possibly deciphered.\n\n\n MFSA 2012-51 / CVE-2012-1961: Bugzilla developer Fr\u00c3\u0083\u00c2\u00a9d\u00c3\u0083\u00c2\u00a9ric\n Buclin reported that the "X-Frame-Options header is ignored\n when the value is duplicated, for example X-Frame-Options:\n SAMEORIGIN, SAMEORIGIN. This duplication occurs for unknown\n reasons on some websites and when it occurs results in\n Mozilla browsers not being protected against possible\n clickjacking attacks on those pages.\n\n\n MFSA 2012-52 / CVE-2012-1962: Security researcher Bill\n Keese reported a memory corruption. This is caused by\n JSDependentString::undepend changing a dependent string\n into a fixed string when there are additional dependent\n strings relying on the same base. When the undepend occurs\n during conversion, the base data is freed, leaving other\n dependent strings with dangling pointers. This can lead to\n a potentially exploitable crash.\n\n\n MFSA 2012-53 / CVE-2012-1963: Security researcher\n Karthikeyan Bhargavan of Prosecco at INRIA reported Content\n Security Policy (CSP) 1.0 implementation errors. CSP\n violation reports generated by Firefox and sent to the\n "report-uri" location include sensitive data within the\n "blocked-uri" parameter. These include fragment components\n and query strings even if the "blocked-uri" parameter has a\n different origin than the protected resource. This can be\n used to retrieve a user's OAuth 2.0 access tokens and\n OpenID credentials by malicious sites.\n\n MFSA 2012-54 / CVE-2012-1964: Security Researcher Matt\n McCutchen reported that a clickjacking attack using the\n certificate warning page. A man-in-the-middle (MITM)\n attacker can use an iframe to display its own certificate\n error warning page (about:certerror) with the "Add\n Exception" button of a real warning page from a malicious\n site. This can mislead users to adding a certificate\n exception for a different site than the perceived one. This\n can lead to compromised communications with the user\n perceived site through the MITM attack once the certificate\n exception has been added.\n\n\n\n MFSA 2012-55 / CVE-2012-1965: Security researchers Mario\n Gomes and Soroush Dalili reported that since Mozilla allows\n the pseudo-protocol feed: to prefix any valid URL, it is\n possible to construct feed:javascript: URLs that will\n execute scripts in some contexts. On some sites it may be\n possible to use this to evade output filtering that would\n otherwise strip javascript: URLs and thus contribute to\n cross-site scripting (XSS) problems on these sites.\n\n MFSA 2012-56 / CVE-2012-1967: Mozilla security researcher\n moz_bug_r_a4 reported a arbitrary code execution attack\n using a javascript: URL. The Gecko engine features a\n JavaScript sandbox utility that allows the browser or\n add-ons to safely execute script in the context of a web\n page. In certain cases, javascript: URLs are executed in\n such a sandbox with insufficient context that can allow\n those scripts to escape from the sandbox and run with\n elevated privilege. This can lead to arbitrary code\n execution.\n\n", "modified": "2012-07-30T17:08:56", "published": "2012-07-30T17:08:56", "id": "OPENSUSE-SU-2012:0924-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00017.html", "type": "suse", "title": "xulrunner to 14.0.1 (critical)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:36:41", "bulletinFamily": "unix", "description": "MozillaFirefox has been updated to the 10.0.6ESR security\n release fixing various bugs and several security issues,\n some critical.\n\n The following security issues have been fixed:\n\n *\n\n MFSA 2012-42: Mozilla developers identified and fixed\n several memory safety bugs in the browser engine used in\n Firefox and other Mozilla-based products. Some of these\n bugs showed evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n *\n\n CVE-2012-1948: Benoit Jacob, Jesse Ruderman,\n Christian Holler, and Bill McCloskey reported memory safety\n problems and crashes that affect Firefox ESR 10 and Firefox\n 13.\n\n *\n\n MFSA 2012-43 / CVE-2012-1950: Security researcher\n Mario Gomes andresearch firm Code Audit Labs reported a\n mechanism to short-circuit page loads through drag and drop\n to the addressbar by canceling the page load. This causes\n the address of the previously site entered to be displayed\n in the addressbar instead of the currently loaded page.\n This could lead to potential phishing attacks on users.\n\n *\n\n MFSA 2012-44 Google security researcher Abhishek Arya\n used the Address Sanitizer tool to uncover four issues: two\n use-after-free problems, one out of bounds read bug, and a\n bad cast. The first use-afte.r-free problem is caused when\n an array of nsSMILTimeValueSpec objects is destroyed but\n attempts are made to call into objects in this array later.\n The second use-after-free problem is in\n nsDocument::AdoptNode when it adopts into an empty document\n and then adopts into another document, emptying the first\n one. The heap buffer overflow is in ElementAnimations when\n data is read off of end of an array and then pointers are\n dereferenced. The bad cast happens when\n nsTableFrame::InsertFrames is called with frames in\n aFrameList that are a mix of row group frames and column\n group frames. AppendFrames is not able to handle this mix.\n\n All four of these issues are potentially exploitable.\n\n o CVE-2012-1951: Heap-use-after-free in\n nsSMILTimeValueSpec::IsEventBased o CVE-2012-1954:\n Heap-use-after-free in nsDocument::AdoptNode o\n CVE-2012-1953: Out of bounds read in\n ElementAnimations::EnsureStyleRuleFor o CVE-2012-1952: Bad\n cast in nsTableFrame::InsertFrames\n *\n\n MFSA 2012-45 / CVE-2012-1955: Security researcher\n Mariusz Mlynski reported an issue with spoofing of the\n location property. In this issue, calls to history.forward\n and history.back are used to navigate to a site while\n displaying the previous site in the addressbar but changing\n the baseURI to the newer site. This can be used for\n phishing by allowing the user input form or other data on\n the newer, attacking, site while appearing to be on the\n older, displayed site.\n\n *\n\n MFSA 2012-46 / CVE-2012-1966: Mozilla security\n researcher moz_bug_r_a4 reported a cross-site scripting\n (XSS) attack through the context menu using a data: URL. In\n this issue, context menu functionality ("View Image", "Show\n only this frame", and "View background image") are\n disallowed in a javascript: URL but allowed in a data: URL,\n allowing for XSS. This can lead to arbitrary code execution.\n\n *\n\n MFSA 2012-47 / CVE-2012-1957: Security researcher\n Mario Heiderich reported that javascript could be executed\n in the HTML feed-view using tag within the RSS . This\n problem is due to tags not being filtered out during\n parsing and can lead to a potential cross-site scripting\n (XSS) attack. The flaw existed in a parser utility class\n and could affect other parts of the browser or add-ons\n which rely on that class to sanitize untrusted input.\n\n *\n\n MFSA 2012-48 / CVE-2012-1958: Security researcher\n Arthur Gerkis used the Address Sanitizer tool to find a\n use-after-free in nsGlobalWindow::PageHidden when\n mFocusedContent is released and oldFocusedContent is used\n afterwards. This use-after-free could possibly allow for\n remote code execution.\n\n *\n\n MFSA 2012-49 / CVE-2012-1959: Mozilla developer Bobby\n Holley found that same-compartment security wrappers (SCSW)\n can be bypassed by passing them to another compartment.\n Cross-compartment wrappers often do not go through SCSW,\n but have a filtering policy built into them. When an object\n is wrapped cross-compartment, the SCSW is stripped off and,\n when the object is read read back, it is not known that\n SCSW was previously present, resulting in a bypassing of\n SCSW. This could result in untrusted content having access\n to the XBL that implements browser functionality.\n\n *\n\n MFSA 2012-50 / CVE-2012-1960: Google developer Tony\n Payne reported an out of bounds (OOB) read in QCMS,\n Mozilla's color management library. With a carefully\n crafted color profile portions of a user's memory could be\n incorporated into a transformed image and possibly\n deciphered.\n\n *\n\n MFSA 2012-51 / CVE-2012-1961: Bugzilla developer\n Frederic Buclin reported that the "X-Frame-Options header\n is ignored when the value is duplicated, for example\n X-Frame-Options: SAMEORIGIN, SAMEORIGIN. This duplication\n occurs for unknown reasons on some websites and when it\n occurs results in Mozilla browsers not being protected\n against possible clickjacking attacks on those pages.\n\n *\n\n MFSA 2012-52 / CVE-2012-1962: Security researcher\n Bill Keese reported a memory corruption. This is caused by\n JSDependentString::undepend changing a dependent string\n into a fixed string when there are additional dependent\n strings relying on the same base. When the undepend occurs\n during conversion, the base data is freed, leaving other\n dependent strings with dangling pointers. This can lead to\n a potentially exploitable crash.\n\n *\n\n MFSA 2012-53 / CVE-2012-1963: Security researcher\n Karthikeyan Bhargavan of Prosecco at INRIA reported Content\n Security Policy (CSP) 1.0 implementation errors. CSP\n violation reports generated by Firefox and sent to the\n "report-uri" location include sensitive data within the\n "blocked-uri" parameter. These include fragment components\n and query strings even if the "blocked-uri" parameter has a\n different origin than the protected resource. This can be\n used to retrieve a user's OAuth 2.0 access tokens and\n OpenID credentials by malicious sites.\n\n *\n\n MFSA 2012-54 / CVE-2012-1964: Security Researcher\n Matt McCutchen reported that a clickjacking attack using\n the certificate warning page. A man-in-the-middle (MITM)\n attacker can use an iframe to display its own certificate\n error warning page (about:certerror) with the "Add\n Exception" button of a real warning page from a malicious\n site. This can mislead users to adding a certificate\n exception for a different site than the perceived one. This\n can lead to compromised communications with the user\n perceived site through the MITM attack once the certificate\n exception has been added.\n\n *\n\n MFSA 2012-55 / CVE-2012-1965: Security researchers\n Mario Gomes and Soroush Dalili reported that since Mozilla\n allows the pseudo-protocol feed: to prefix any valid URL,\n it is possible to construct feed:javascript: URLs that will\n execute scripts in some contexts. On some sites it may be\n possible to use this to evade output filtering that would\n otherwise strip javascript: URLs and thus contribute to\n cross-site scripting (XSS) problems on these sites.\n\n *\n\n MFSA 2012-56 / CVE-2012-1967: Mozilla security\n researcher moz_bug_r_a4 reported a arbitrary code execution\n attack using a javascript: URL. The Gecko engine features a\n JavaScript sandbox utility that allows the browser or\n add-ons to safely execute script in the context of a web\n page. In certain cases, javascript: URLs are executed in\n such a sandbox with insufficient context that can allow\n those scripts to escape from the sandbox and run with\n elevated privilege. This can lead to arbitrary code\n execution.\n", "modified": "2012-07-21T03:08:21", "published": "2012-07-21T03:08:21", "id": "SUSE-SU-2012:0896-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html", "type": "suse", "title": "Security update for Mozilla Firefox (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:18:27", "bulletinFamily": "unix", "description": "Seamonkey was updated to version 2.11 (bnc#771583)\n\n * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous\n memory safety hazards\n * MFSA\n 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1\n 952 Gecko memory corruption\n * MFSA 2012-45/CVE-2012-1955 (bmo#757376) Spoofing issue\n with location\n * MFSA 2012-47/CVE-2012-1957 (bmo#750096) Improper\n filtering of javascript in HTML feed-view\n * MFSA 2012-48/CVE-2012-1958 (bmo#750820) use-after-free\n in nsGlobalWindow::PageHidden\n * MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559)\n Same-compartment Security Wrappers can be bypassed\n * MFSA 2012-50/CVE-2012-1960 (bmo#761014) Out of bounds\n read in QCMS\n * MFSA 2012-51/CVE-2012-1961 (bmo#761655) X-Frame-Options\n header ignored when duplicated\n * MFSA 2012-52/CVE-2012-1962 (bmo#764296)\n JSDependentString::undepend string conversion results\n in memory corruption\n * MFSA 2012-53/CVE-2012-1963 (bmo#767778) Content\n Security Policy 1.0 implementation errors cause data\n leakage\n * MFSA 2012-56/CVE-2012-1967 (bmo#758344) Code execution\n through javascript: URLs\n * relicensed to MPL-2.0\n - updated/removed patches\n - requires NSS 3.13.5\n\n - update to Seamonkey 2.10.1\n\n", "modified": "2012-08-01T18:08:34", "published": "2012-08-01T18:08:34", "id": "OPENSUSE-SU-2012:0935-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00000.html", "type": "suse", "title": "seamonkey: Update to Seamonkey 2.11 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:05:54", "bulletinFamily": "unix", "description": "Mozilla Thunderbird was updated to version 14.0 (bnc#771583)\n * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous\n memory safety hazards\n * MFSA\n 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1\n 952 Gecko memory corruption\n * MFSA 2012-45/CVE-2012-1955 (bmo#757376) Spoofing issue\n with location\n * MFSA 2012-47/CVE-2012-1957 (bmo#750096) Improper\n filtering of javascript in HTML feed-view\n * MFSA 2012-48/CVE-2012-1958 (bmo#750820) use-after-free\n in nsGlobalWindow::PageHidden\n * MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559)\n Same-compartment Security Wrappers can be bypassed\n * MFSA 2012-50/CVE-2012-1960 (bmo#761014) Out of bounds\n read in QCMS\n * MFSA 2012-51/CVE-2012-1961 (bmo#761655) X-Frame-Options\n header ignored when duplicated\n * MFSA 2012-52/CVE-2012-1962 (bmo#764296)\n JSDependentString::undepend string conversion results\n in memory corruption\n * MFSA 2012-53/CVE-2012-1963 (bmo#767778) Content\n Security Policy 1.0 implementation errors cause data\n leakage\n * MFSA 2012-56/CVE-2012-1967 (bmo#758344) Code execution\n through javascript: URLs\n * relicensed to MPL-2.0\n - update Enigmail to 1.4.3\n\n - no crashreport on %arm, fixing build\n\n", "modified": "2012-07-27T13:08:18", "published": "2012-07-27T13:08:18", "id": "OPENSUSE-SU-2012:0917-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html", "title": "MozillaThunderbird: update to Thunderbird 14.0 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:46:31", "bulletinFamily": "unix", "description": "[10.0.6-1.0.1.el6_3]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n- Replace clean.gif in tarball\n[10.0.6-1]\n- Update to 10.0.6 ESR", "modified": "2012-07-17T00:00:00", "published": "2012-07-17T00:00:00", "id": "ELSA-2012-1089", "href": "http://linux.oracle.com/errata/ELSA-2012-1089.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:37:54", "bulletinFamily": "unix", "description": "firefox\n[10.0.6-1.0.1.el6_3]\n- Replace firefox-redhat-default-prefs.js with firefox-oracle-default-prefs.js\n[10.0.6-1]\n- Update to 10.0.6 ESR\n[10.0.5-3]\n- Enabled WebM\n[10.0.5-2]\n- Added fix for mozbz#703633, rhbz#818341\nxulrunner\n[10.0.6-1.0.1.el6_3]\n- Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js\n[10.0.6-1]\n- Update to 10.0.6 ESR\n[10.0.5-3]\n- Added fix for rhbz#808136 (mozbz#762301)\n[10.0.5-2]\n- Enabled WebM (rhbz#798880)", "modified": "2012-07-17T00:00:00", "published": "2012-07-17T00:00:00", "id": "ELSA-2012-1088", "href": "http://linux.oracle.com/errata/ELSA-2012-1088.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:38", "bulletinFamily": "unix", "description": "Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1948, CVE-2012-1949)\n\nMario Gomes discovered that the address bar may be incorrectly updated. Drag-and-drop events in the address bar may cause the address of the previous site to be displayed while a new page is loaded. An attacker could exploit this to conduct phishing attacks. (CVE-2012-1950)\n\nAbhishek Arya discovered four memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954)\n\nMariusz Mlynski discovered that the address bar may be incorrectly updated. Calls to history.forward and history.back could be used to navigate to a site while the address bar still displayed the previous site. A remote attacker could exploit this to conduct phishing attacks. (CVE-2012-1955)\n\nMario Heiderich discovered that HTML <embed> tags were not filtered out of the HTML <description> of RSS feeds. A remote attacker could exploit this to conduct cross-site scripting (XSS) attacks via javascript execution in the HTML feed view. (CVE-2012-1957)\n\nArthur Gerkis discovered a use-after-free vulnerability. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1958)\n\nBobby Holley discovered that same-compartment security wrappers (SCSW) could be bypassed to allow XBL access. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2012-1959)\n\nTony Payne discovered an out-of-bounds memory read in Mozilla\u2019s color management library (QCMS). If the user were tricked into opening a specially crafted color profile, an attacker could possibly exploit this to cause a denial of service via application crash. (CVE-2012-1960)\n\nFr\u00e9d\u00e9ric Buclin discovered that the X-Frame-Options header was ignored when its value was specified multiple times. An attacker could exploit this to conduct clickjacking attacks. (CVE-2012-1961)\n\nBill Keese discovered a memory corruption vulnerability. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1962)\n\nKarthikeyan Bhargavan discovered an information leakage vulnerability in the Content Security Policy (CSP) 1.0 implementation. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to access a user\u2019s OAuth 2.0 access tokens and OpenID credentials. (CVE-2012-1963)\n\nMatt McCutchen discovered a clickjacking vulnerability in the certificate warning page. A remote attacker could trick a user into accepting a malicious certificate via a crafted certificate warning page. (CVE-2012-1964)\n\nMario Gomes and Soroush Dalili discovered that javascript was not filtered out of feed URLs. If the user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2012-1965)\n\nA vulnerability was discovered in the context menu of data: URLs. If the user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2012-1966)\n\nIt was discovered that the execution of javascript: URLs was not properly handled in some cases. A remote attacker could exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2012-1967)", "modified": "2012-07-17T00:00:00", "published": "2012-07-17T00:00:00", "id": "USN-1509-1", "href": "https://usn.ubuntu.com/1509-1/", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:10:06", "bulletinFamily": "unix", "description": "USN-1509-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the lastest Firefox.\n\nOriginal advisory details:\n\nBenoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1948, CVE-2012-1949)\n\nMario Gomes discovered that the address bar may be incorrectly updated. Drag-and-drop events in the address bar may cause the address of the previous site to be displayed while a new page is loaded. An attacker could exploit this to conduct phishing attacks. (CVE-2012-1950)\n\nAbhishek Arya discovered four memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954)\n\nMariusz Mlynski discovered that the address bar may be incorrectly updated. Calls to history.forward and history.back could be used to navigate to a site while the address bar still displayed the previous site. A remote attacker could exploit this to conduct phishing attacks. (CVE-2012-1955)\n\nMario Heiderich discovered that HTML <embed> tags were not filtered out of the HTML <description> of RSS feeds. A remote attacker could exploit this to conduct cross-site scripting (XSS) attacks via javascript execution in the HTML feed view. (CVE-2012-1957)\n\nArthur Gerkis discovered a use-after-free vulnerability. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1958)\n\nBobby Holley discovered that same-compartment security wrappers (SCSW) could be bypassed to allow XBL access. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2012-1959)\n\nTony Payne discovered an out-of-bounds memory read in Mozilla\u2019s color management library (QCMS). If the user were tricked into opening a specially crafted color profile, an attacker could possibly exploit this to cause a denial of service via application crash. (CVE-2012-1960)\n\nFr\u00e9d\u00e9ric Buclin discovered that the X-Frame-Options header was ignored when its value was specified multiple times. An attacker could exploit this to conduct clickjacking attacks. (CVE-2012-1961)\n\nBill Keese discovered a memory corruption vulnerability. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1962)\n\nKarthikeyan Bhargavan discovered an information leakage vulnerability in the Content Security Policy (CSP) 1.0 implementation. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to access a user\u2019s OAuth 2.0 access tokens and OpenID credentials. (CVE-2012-1963)\n\nMatt McCutchen discovered a clickjacking vulnerability in the certificate warning page. A remote attacker could trick a user into accepting a malicious certificate via a crafted certificate warning page. (CVE-2012-1964)\n\nMario Gomes and Soroush Dalili discovered that javascript was not filtered out of feed URLs. If the user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2012-1965)\n\nA vulnerability was discovered in the context menu of data: URLs. If the user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2012-1966)\n\nIt was discovered that the execution of javascript: URLs was not properly handled in some cases. A remote attacker could exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2012-1967)", "modified": "2012-07-18T00:00:00", "published": "2012-07-18T00:00:00", "id": "USN-1509-2", "href": "https://usn.ubuntu.com/1509-2/", "title": "ubufox update", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:04", "bulletinFamily": "unix", "description": "Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-1948, CVE-2012-1949)\n\nAbhishek Arya discovered four memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954)\n\nMariusz Mlynski discovered that the address bar may be incorrectly updated. Calls to history.forward and history.back could be used to navigate to a site while the address bar still displayed the previous site. A remote attacker could exploit this to conduct phishing attacks. (CVE-2012-1955)\n\nMario Heiderich discovered that HTML <embed> tags were not filtered out of the HTML <description> of RSS feeds. A remote attacker could exploit this to conduct cross-site scripting (XSS) attacks via javascript execution in the HTML feed view. (CVE-2012-1957)\n\nArthur Gerkis discovered a use-after-free vulnerability. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-1958)\n\nBobby Holley discovered that same-compartment security wrappers (SCSW) could be bypassed to allow XBL access. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to execute code with the privileges of the user invoking Thunderbird. (CVE-2012-1959)\n\nTony Payne discovered an out-of-bounds memory read in Mozilla\u2019s color management library (QCMS). If the user were tricked into opening a specially crafted color profile, an attacker could possibly exploit this to cause a denial of service via application crash. (CVE-2012-1960)\n\nFr\u00e9d\u00e9ric Buclin discovered that the X-Frame-Options header was ignored when its value was specified multiple times. An attacker could exploit this to conduct clickjacking attacks. (CVE-2012-1961)\n\nBill Keese discovered a memory corruption vulnerability. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-1962)\n\nKarthikeyan Bhargavan discovered an information leakage vulnerability in the Content Security Policy (CSP) 1.0 implementation. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to access a user\u2019s OAuth 2.0 access tokens and OpenID credentials. (CVE-2012-1963)\n\nIt was discovered that the execution of javascript: URLs was not properly handled in some cases. A remote attacker could exploit this to execute code with the privileges of the user invoking Thunderbird. (CVE-2012-1967)", "modified": "2012-07-17T00:00:00", "published": "2012-07-17T00:00:00", "id": "USN-1510-1", "href": "https://usn.ubuntu.com/1510-1/", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:05", "bulletinFamily": "unix", "description": "\nThe Mozilla Project reports:\n\nMFSA 2012-42 Miscellaneous memory safety hazards (rv:14.0/\n\t rv:10.0.6)\nMFSA 2012-43 Incorrect URL displayed in addressbar through drag and\n\t drop\nMFSA 2012-44 Gecko memory corruption\nMFSA 2012-45 Spoofing issue with location\nMFSA 2012-46 XSS through data: URLs\nMFSA 2012-47 Improper filtering of javascript in HTML feed-view\nMFSA 2012-48 use-after-free in nsGlobalWindow::PageHidden\nMFSA 2012-49 Same-compartment Security Wrappers can be bypassed\nMFSA 2012-50 Out of bounds read in QCMS\nMFSA 2012-51 X-Frame-Options header ignored when duplicated\nMFSA 2012-52 JSDependentString::undepend string conversion results\n\t in memory corruption\nMFSA 2012-53 Content Security Policy 1.0 implementation errors\n\t cause data leakage\nMFSA 2012-54 Clickjacking of certificate warning page\nMFSA 2012-55 feed: URLs with an innerURI inherit security context\n\t of page\nMFSA 2012-56 Code execution through javascript: URLs\n\n", "modified": "2012-07-17T00:00:00", "published": "2012-07-17T00:00:00", "id": "DBF338D0-DCE5-11E1-B655-14DAE9EBCF89", "href": "https://vuxml.freebsd.org/freebsd/dbf338d0-dce5-11e1-b655-14dae9ebcf89.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:48", "bulletinFamily": "software", "description": "Multiple memory corruptions, code execution, data spoofing, crossite scripting, information leakage.", "modified": "2012-08-13T00:00:00", "published": "2012-08-13T00:00:00", "id": "SECURITYVULNS:VULN:12483", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12483", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2017-12-29T12:17:35", "bulletinFamily": "NVD", "description": "The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site.", "modified": "2017-12-28T21:29:16", "published": "2012-07-18T06:26:48", "id": "CVE-2012-1953", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1953", "title": "CVE-2012-1953", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-29T12:17:35", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code by interacting with objects used for SMIL Timing.", "modified": "2017-12-28T21:29:16", "published": "2012-07-18T06:26:48", "id": "CVE-2012-1951", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1951", "title": "CVE-2012-1951", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-29T12:17:36", "bulletinFamily": "NVD", "description": "Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL.", "modified": "2017-12-28T21:29:18", "published": "2012-07-18T06:26:49", "id": "CVE-2012-1967", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1967", "title": "CVE-2012-1967", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-29T12:17:35", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vectors related to focused content.", "modified": "2017-12-28T21:29:17", "published": "2012-07-18T06:26:48", "id": "CVE-2012-1958", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1958", "title": "CVE-2012-1958", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-29T12:17:36", "bulletinFamily": "NVD", "description": "The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation.", "modified": "2017-12-28T21:29:17", "published": "2012-07-18T06:26:49", "id": "CVE-2012-1963", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1963", "title": "CVE-2012-1963", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-12-29T12:17:35", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents.", "modified": "2017-12-28T21:29:16", "published": "2012-07-18T06:26:48", "id": "CVE-2012-1954", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1954", "title": "CVE-2012-1954", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-29T12:17:36", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies.", "modified": "2017-12-28T21:29:17", "published": "2012-07-18T06:26:49", "id": "CVE-2012-1962", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1962", "title": "CVE-2012-1962", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-29T12:17:35", "bulletinFamily": "NVD", "description": "Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content.", "modified": "2017-12-28T21:29:17", "published": "2012-07-18T06:26:48", "id": "CVE-2012-1959", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1959", "title": "CVE-2012-1959", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-12-29T12:17:36", "bulletinFamily": "NVD", "description": "The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted clickjacking of the about:certerror page, which allows man-in-the-middle attackers to trick users into adding an unintended exception via an IFRAME element.", "modified": "2017-12-28T21:29:17", "published": "2012-07-18T06:26:49", "id": "CVE-2012-1964", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1964", "title": "CVE-2012-1964", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-12-29T12:17:35", "bulletinFamily": "NVD", "description": "An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed.", "modified": "2017-12-28T21:29:16", "published": "2012-07-18T06:26:48", "id": "CVE-2012-1957", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1957", "title": "CVE-2012-1957", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "mozilla": [{"lastseen": "2016-09-05T13:37:42", "bulletinFamily": "software", "description": "Google security researcher Abhishek Arya used the Address\nSanitizer tool to uncover four issues: two use-after-free problems, one out of\nbounds read bug, and a bad cast. The first use-after-free problem is caused\nwhen an array of nsSMILTimeValueSpec objects is destroyed but attempts are made\nto call into objects in this array later. The second use-after-free problem is\nin nsDocument::AdoptNode when it adopts into an empty document and then adopts\ninto another document, emptying the first one. The heap buffer overflow is in\nElementAnimations when data is read off of end of an array and then pointers are\ndereferenced. The bad cast happens when nsTableFrame::InsertFrames is called\nwith frames in aFrameList that are a mix of row group frames and column group\nframes. AppendFrames is not able to handle this mix.\nAll four of these issues are potentially exploitable.", "modified": "2012-07-17T00:00:00", "published": "2012-07-17T00:00:00", "id": "MFSA2012-44", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2012-44/", "type": "mozilla", "title": "Gecko memory corruption", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}