ID SSV:61898 Type seebug Reporter Root Modified 2014-03-21T00:00:00
Description
CVE ID:CVE-2014-1496
Mozilla Firefox/Thunderbird/SeaMonkey是Mozilla所发布的WEB浏览器和邮件/新闻组客户端。
Mozilla多个产品在升级过程中把文件展开后没有设置这些文件为只读属性,允许攻击者利用漏洞在升级过程中修改或替换这些文件。
0
Mozilla Firefox 27
Mozilla Firefox ESR 24.3
Mozilla Thunderbird 24.3
Mozilla Seamonkey 2.24
Mozilla Firefox 28,Firefox ESR 24.4,Thunderbird 24.4,Seamonkey 2.25已经修复该漏洞,建议用户下载更新:
http://www.mozilla.org
{"cve": [{"lastseen": "2020-12-09T19:58:21", "description": "Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2014-03-19T10:55:00", "title": "CVE-2014-1496", "type": "cve", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1496"], "modified": "2020-08-05T13:51:00", "cpe": ["cpe:/a:suse:suse_linux_enterprise_software_development_kit:11.0", "cpe:/o:suse:suse_linux_enterprise_desktop:11", "cpe:/o:suse:suse_linux_enterprise_server:11"], "id": "CVE-2014-1496", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1496", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:*:*:*", "cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp3:*:*:*:*:*:*"]}], "mozilla": [{"lastseen": "2016-09-05T13:37:42", "bulletinFamily": "software", "cvelist": ["CVE-2014-1496"], "edition": 1, "description": "Security researcher Ash reported an issue where the\nextracted files for updates to existing files are not read only during the\nupdate process. This allows for the potential replacement or modification of\nthese files during the update process if a malicious application is present on\nthe local system.", "modified": "2014-03-18T00:00:00", "published": "2014-03-18T00:00:00", "id": "MFSA2014-16", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2014-16/", "type": "mozilla", "title": "Files extracted during updates are not always read only", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2020-09-02T11:51:13", "bulletinFamily": "info", "cvelist": ["CVE-2014-1505", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496"], "description": "### *Detect date*:\n03/18/2014\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple critical vulnerabilities have been found in Mozilla products. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, execute arbitrary code, bypass security restrictions or gain privileges. Below is a complete list of vulnerabilities\n\n### *Affected products*:\nMozilla Firefox versions 27.0.1 and earlier \nWaterfox Firefox versions 27.0.1 and earlier \nMozilla Firefox ESR versions 24.3 and earlier \nMozilla Thunderbird versions 24.3 and earlier \nMozilla Seamonkey versions 2.24 and earlier \nCometBird all versions\n\n### *Solution*:\nUpdate to latest version \n[Thunderbird](<https://www.mozilla.org/en-US/thunderbird/>) \n[Seamonkey](<http://www.seamonkey-project.org/releases/>) \n[Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[MFSA](<https://www.mozilla.org/security/announce/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2014-1508](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1508>)6.8High \n[CVE-2014-1497](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1497>)6.8High \n[CVE-2014-1496](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1496>)6.9High \n[CVE-2014-1494](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1494>)9.3Critical \n[CVE-2014-1509](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1509>)7.6Critical \n[CVE-2014-1505](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1505>)6.8High \n[CVE-2014-1493](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1493>)9.3Critical", "edition": 41, "modified": "2020-05-22T00:00:00", "published": "2014-03-18T00:00:00", "id": "KLA10120", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10120", "title": "\r KLA10120Multiple vulnerabilities in Mozilla ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-08-11T14:17:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496"], "description": "This host is installed with Mozilla Thunderbird and is prone to multiple\nvulnerabilities.", "modified": "2020-04-20T00:00:00", "published": "2014-03-27T00:00:00", "id": "OPENVAS:1361412562310804526", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804526", "type": "openvas", "title": "Mozilla Thunderbird Multiple Vulnerabilities-01 Mar14 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_thunderbird_mult_vuln01_mar14_win.nasl 36216 2014-03-27 12:43:44Z mar$\n#\n# Mozilla Thunderbird Multiple Vulnerabilities-01 Mar14 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804526\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1496\", \"CVE-2014-1497\", \"CVE-2014-1505\",\n \"CVE-2014-1508\", \"CVE-2014-1509\", \"CVE-2014-1510\", \"CVE-2014-1511\",\n \"CVE-2014-1512\", \"CVE-2014-1513\", \"CVE-2014-1514\");\n script_bugtraq_id(66412, 66416, 66423, 66418, 66426, 66425,\n 66206, 66207, 66209, 66203, 66240);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-03-27 12:47:53 +0530 (Thu, 27 Mar 2014)\");\n script_name(\"Mozilla Thunderbird Multiple Vulnerabilities-01 Mar14 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Thunderbird and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Local users can gain privileges by modifying the extracted Mar contents\n during an update.\n\n - A boundary error when decoding WAV audio files.\n\n - An error when performing polygon rendering in MathML.\n\n - The session-restore feature does not consider the Content Security Policy of\n a data URL.\n\n - A timing error when processing SVG format images with filters and\n displacements.\n\n - A use-after-free error when handling garbage collection of TypeObjects under\n memory pressure.\n\n - An error within the TypedArrayObject implementation when handling neutered\n ArrayBuffer objects.\n\n - And some unspecified errors exist.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct spoofing attacks,\ndisclose potentially sensitive information, bypass certain security\nrestrictions, and compromise a user's system.\");\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird version before 24.4 on Windows\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird version 24.4 or later.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57500\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-15.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Thunderbird/Win/Ver\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/thunderbird\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:tbVer, test_version:\"24.4\"))\n{\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"24.4\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-11T14:17:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496"], "description": "This host is installed with Mozilla Firefox ESR and is prone to multiple\nvulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2014-03-27T00:00:00", "id": "OPENVAS:1361412562310804524", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804524", "type": "openvas", "title": "Mozilla Firefox ESR Multiple Vulnerabilities-01 Mar14 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_esr_mult_vuln01_mar14_win.nasl 36216 2014-03-27 12:08:38Z mar$\n#\n# Mozilla Firefox ESR Multiple Vulnerabilities-01 Mar14 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804524\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1496\", \"CVE-2014-1497\", \"CVE-2014-1505\",\n \"CVE-2014-1508\", \"CVE-2014-1509\", \"CVE-2014-1510\", \"CVE-2014-1511\",\n \"CVE-2014-1512\", \"CVE-2014-1513\", \"CVE-2014-1514\");\n script_bugtraq_id(66412, 66416, 66423, 66418, 66426, 66425,\n 66206, 66207, 66209, 66203, 66240);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-03-27 12:12:34 +0530 (Thu, 27 Mar 2014)\");\n script_name(\"Mozilla Firefox ESR Multiple Vulnerabilities-01 Mar14 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox ESR and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Local users can gain privileges by modifying the extracted Mar contents\n during an update.\n\n - A boundary error when decoding WAV audio files.\n\n - An error when performing polygon rendering in MathML.\n\n - The session-restore feature does not consider the Content Security Policy of\n a data URL.\n\n - A timing error when processing SVG format images with filters and\n displacements.\n\n - A use-after-free error when handling garbage collection of TypeObjects under\n memory pressure.\n\n - An error within the TypedArrayObject implementation when handling neutered\n ArrayBuffer objects.\n\n - And some unspecified errors exist.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct spoofing attacks,\ndisclose potentially sensitive information, bypass certain security\nrestrictions, and compromise a user's system.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version 24.x before 24.4 on Windows\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 24.4 or later.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57500\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-15.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(ffVer =~ \"^24\\.\" && version_in_range(version:ffVer,\n test_version:\"24.0\", test_version2:\"24.3\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-11T14:16:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496"], "description": "This host is installed with Mozilla Firefox ESR and is prone to multiple\nvulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2014-03-27T00:00:00", "id": "OPENVAS:1361412562310804525", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804525", "type": "openvas", "title": "Mozilla Firefox ESR Multiple Vulnerabilities-01 Mar14 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_esr_mult_vuln01_mar14_macosx.nasl 36216 2014-03-27 12:08:38Z mar$\n#\n# Mozilla Firefox ESR Multiple Vulnerabilities-01 Mar14 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804525\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1496\", \"CVE-2014-1497\", \"CVE-2014-1505\",\n \"CVE-2014-1508\", \"CVE-2014-1509\", \"CVE-2014-1510\", \"CVE-2014-1511\",\n \"CVE-2014-1512\", \"CVE-2014-1513\", \"CVE-2014-1514\");\n script_bugtraq_id(66412, 66416, 66423, 66418, 66426, 66425,\n 66206, 66207, 66209, 66203, 66240);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-03-27 12:34:15 +0530 (Thu, 27 Mar 2014)\");\n script_name(\"Mozilla Firefox ESR Multiple Vulnerabilities-01 Mar14 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox ESR and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Local users can gain privileges by modifying the extracted Mar contents\n during an update.\n\n - A boundary error when decoding WAV audio files.\n\n - An error when performing polygon rendering in MathML.\n\n - The session-restore feature does not consider the Content Security Policy of\n a data URL.\n\n - A timing error when processing SVG format images with filters and\n displacements.\n\n - A use-after-free error when handling garbage collection of TypeObjects under\n memory pressure.\n\n - An error within the TypedArrayObject implementation when handling neutered\n ArrayBuffer objects.\n\n - And some unspecified errors exist.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct spoofing attacks,\ndisclose potentially sensitive information, bypass certain security\nrestrictions, and compromise a user's system.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version 24.x before 24.4 on Mac OS X\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 24.4 or later.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57500\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-15.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox-ESR/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(ffVer =~ \"^24\\.\" && version_in_range(version:ffVer,\n test_version:\"24.0\", test_version2:\"24.3\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-11T14:17:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496"], "description": "This host is installed with Mozilla Thunderbird and is prone to multiple\nvulnerabilities.", "modified": "2020-04-20T00:00:00", "published": "2014-03-27T00:00:00", "id": "OPENVAS:1361412562310804527", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804527", "type": "openvas", "title": "Mozilla Thunderbird Multiple Vulnerabilities-01 Mar14 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_thunderbird_mult_vuln01_mar14_macosx.nasl 36216 2014-03-27 12:43:44Z mar$\n#\n# Mozilla Thunderbird Multiple Vulnerabilities-01 Mar14 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804527\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1496\", \"CVE-2014-1497\", \"CVE-2014-1505\",\n \"CVE-2014-1508\", \"CVE-2014-1509\", \"CVE-2014-1510\", \"CVE-2014-1511\",\n \"CVE-2014-1512\", \"CVE-2014-1513\", \"CVE-2014-1514\");\n script_bugtraq_id(66412, 66416, 66423, 66418, 66426, 66425,\n 66206, 66207, 66209, 66203, 66240);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-03-27 12:56:21 +0530 (Thu, 27 Mar 2014)\");\n script_name(\"Mozilla Thunderbird Multiple Vulnerabilities-01 Mar14 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Thunderbird and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Local users can gain privileges by modifying the extracted Mar contents\n during an update.\n\n - A boundary error when decoding WAV audio files.\n\n - An error when performing polygon rendering in MathML.\n\n - The session-restore feature does not consider the Content Security Policy of\n a data URL.\n\n - A timing error when processing SVG format images with filters and\n displacements.\n\n - A use-after-free error when handling garbage collection of TypeObjects under\n memory pressure.\n\n - An error within the TypedArrayObject implementation when handling neutered\n ArrayBuffer objects.\n\n - And some unspecified errors exist.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct spoofing attacks,\ndisclose potentially sensitive information, bypass certain security\nrestrictions, and compromise a user's system.\");\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird version before 24.4 on Mac OS X\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird version 24.4 or later.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57500\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-15.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Thunderbird/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/thunderbird\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:tbVer, test_version:\"24.4\"))\n{\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"24.4\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-11T14:17:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1498", "CVE-2014-1500", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496", "CVE-2014-1499"], "description": "This host is installed with SeaMonkey and is prone to multiple\nvulnerabilities.", "modified": "2020-04-20T00:00:00", "published": "2014-03-27T00:00:00", "id": "OPENVAS:1361412562310804529", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804529", "type": "openvas", "title": "SeaMonkey Multiple Vulnerabilities-01 Mar14 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sea_monkey_mult_vuln01_mar14_macosx.nasl 36216 2014-03-27 13:01:56Z mar$\n#\n# SeaMonkey Multiple Vulnerabilities-01 Mar14 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:seamonkey\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804529\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1494\", \"CVE-2014-1496\", \"CVE-2014-1497\",\n \"CVE-2014-1498\", \"CVE-2014-1499\", \"CVE-2014-1500\", \"CVE-2014-1502\",\n \"CVE-2014-1504\", \"CVE-2014-1505\", \"CVE-2014-1508\", \"CVE-2014-1509\",\n \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\", \"CVE-2014-1513\",\n \"CVE-2014-1514\");\n script_bugtraq_id(66412, 66419, 66416, 66423, 66421, 66429, 66428, 66422, 66417,\n 66418, 66426, 66425, 66206, 66207, 66209, 66203, 66240);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-03-27 13:08:31 +0530 (Thu, 27 Mar 2014)\");\n script_name(\"SeaMonkey Multiple Vulnerabilities-01 Mar14 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with SeaMonkey and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Local users can gain privileges by modifying the extracted Mar contents\n during an update.\n\n - A boundary error when decoding WAV audio files.\n\n - The crypto.generateCRMFRequest method does not properly validate a certain\n key type.\n\n - An error related to certain WebIDL-implemented APIs.\n\n - An error when performing polygon rendering in MathML.\n\n - The session-restore feature does not consider the Content Security Policy of\n a data URL.\n\n - A timing error when processing SVG format images with filters and\n displacements.\n\n - A use-after-free error when handling garbage collection of TypeObjects under\n memory pressure.\n\n - An error within the TypedArrayObject implementation when handling neutered\n ArrayBuffer objects.\n\n - And some unspecified errors exist.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct spoofing attacks,\ndisclose potentially sensitive information, bypass certain security\nrestrictions, and compromise a user's system.\");\n script_tag(name:\"affected\", value:\"SeaMonkey version before 2.25 on Mac OS X\");\n script_tag(name:\"solution\", value:\"Upgrade to SeaMonkey version 2.25 or later.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57500\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-15.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"SeaMonkey/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/seamonkey\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!smVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:smVer, test_version:\"2.25\"))\n{\n report = report_fixed_ver(installed_version:smVer, fixed_version:\"2.25\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-11T14:16:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1498", "CVE-2014-1500", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496", "CVE-2014-1499"], "description": "This host is installed with Mozilla Firefox and is prone to multiple\nvulnerabilities.", "modified": "2020-04-20T00:00:00", "published": "2014-03-26T00:00:00", "id": "OPENVAS:1361412562310804522", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804522", "type": "openvas", "title": "Mozilla Firefox Multiple Vulnerabilities-01 Mar14 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_mult_vuln01_mar14_win.nasl 36216 2014-03-26 11:54:30Z mar$\n#\n# Mozilla Firefox Multiple Vulnerabilities-01 Mar14 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804522\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1494\", \"CVE-2014-1496\", \"CVE-2014-1497\",\n \"CVE-2014-1498\", \"CVE-2014-1499\", \"CVE-2014-1500\", \"CVE-2014-1502\",\n \"CVE-2014-1504\", \"CVE-2014-1505\", \"CVE-2014-1508\", \"CVE-2014-1509\",\n \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\", \"CVE-2014-1513\",\n \"CVE-2014-1514\");\n script_bugtraq_id(66412, 66419, 66416, 66423, 66421, 66429, 66428, 66422, 66417,\n 66418, 66426, 66425, 66206, 66207, 66209, 66203, 66240);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-03-26 12:29:17 +0530 (Wed, 26 Mar 2014)\");\n script_name(\"Mozilla Firefox Multiple Vulnerabilities-01 Mar14 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Local users can gain privileges by modifying the extracted Mar contents\n during an update.\n\n - A boundary error when decoding WAV audio files.\n\n - The crypto.generateCRMFRequest method does not properly validate a certain\n key type.\n\n - An error related to certain WebIDL-implemented APIs.\n\n - An error when performing polygon rendering in MathML.\n\n - The session-restore feature does not consider the Content Security Policy of\n a data URL.\n\n - A timing error when processing SVG format images with filters and\n displacements.\n\n - A use-after-free error when handling garbage collection of TypeObjects under\n memory pressure.\n\n - An error within the TypedArrayObject implementation when handling neutered\n ArrayBuffer objects.\n\n - And some unspecified errors exist.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct spoofing attacks,\ndisclose potentially sensitive information, bypass certain security\nrestrictions, and compromise a user's system.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 28.0 on Windows\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 28.0 or later.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57500\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-15.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"28.0\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"28.0\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-11T14:17:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1498", "CVE-2014-1500", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496", "CVE-2014-1499"], "description": "This host is installed with SeaMonkey and is prone to multiple\nvulnerabilities.", "modified": "2020-04-20T00:00:00", "published": "2014-03-27T00:00:00", "id": "OPENVAS:1361412562310804528", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804528", "type": "openvas", "title": "SeaMonkey Multiple Vulnerabilities-01 Mar14 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sea_monkey_mult_vuln01_mar14_win.nasl 36216 2014-03-27 13:01:56Z mar$\n#\n# SeaMonkey Multiple Vulnerabilities-01 Mar14 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:seamonkey\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804528\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1494\", \"CVE-2014-1496\", \"CVE-2014-1497\",\n \"CVE-2014-1498\", \"CVE-2014-1499\", \"CVE-2014-1500\", \"CVE-2014-1502\",\n \"CVE-2014-1504\", \"CVE-2014-1505\", \"CVE-2014-1508\", \"CVE-2014-1509\",\n \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\", \"CVE-2014-1513\",\n \"CVE-2014-1514\");\n script_bugtraq_id(66412, 66419, 66416, 66423, 66421, 66429, 66428, 66422, 66417,\n 66418, 66426, 66425, 66206, 66207, 66209, 66203, 66240);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-03-27 13:03:47 +0530 (Thu, 27 Mar 2014)\");\n script_name(\"SeaMonkey Multiple Vulnerabilities-01 Mar14 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with SeaMonkey and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Local users can gain privileges by modifying the extracted Mar contents\n during an update.\n\n - A boundary error when decoding WAV audio files.\n\n - The crypto.generateCRMFRequest method does not properly validate a certain\n key type.\n\n - An error related to certain WebIDL-implemented APIs.\n\n - An error when performing polygon rendering in MathML.\n\n - The session-restore feature does not consider the Content Security Policy of\n a data URL.\n\n - A timing error when processing SVG format images with filters and\n displacements.\n\n - A use-after-free error when handling garbage collection of TypeObjects under\n memory pressure.\n\n - An error within the TypedArrayObject implementation when handling neutered\n ArrayBuffer objects.\n\n - And some unspecified errors exist.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct spoofing attacks,\ndisclose potentially sensitive information, bypass certain security\nrestrictions, and compromise a user's system.\");\n script_tag(name:\"affected\", value:\"SeaMonkey version before 2.25 on Windows\");\n script_tag(name:\"solution\", value:\"Upgrade to SeaMonkey version 2.25 or later.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57500\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-15.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_seamonkey_detect_win.nasl\");\n script_mandatory_keys(\"Seamonkey/Win/Ver\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/seamonkey\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!smVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:smVer, test_version:\"2.25\"))\n{\n report = report_fixed_ver(installed_version:smVer, fixed_version:\"2.25\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-11T14:16:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1498", "CVE-2014-1500", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496", "CVE-2014-1499"], "description": "This host is installed with Mozilla Firefox and is prone to multiple\nvulnerabilities.", "modified": "2020-04-20T00:00:00", "published": "2014-03-27T00:00:00", "id": "OPENVAS:1361412562310804523", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804523", "type": "openvas", "title": "Mozilla Firefox Multiple Vulnerabilities-01 Mar14 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_mult_vuln01_mar14_macosx.nasl 36216 2014-03-26 11:54:30Z mar$\n#\n# Mozilla Firefox Multiple Vulnerabilities-01 Mar14 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804523\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1494\", \"CVE-2014-1496\", \"CVE-2014-1497\",\n \"CVE-2014-1498\", \"CVE-2014-1499\", \"CVE-2014-1500\", \"CVE-2014-1502\",\n \"CVE-2014-1504\", \"CVE-2014-1505\", \"CVE-2014-1508\", \"CVE-2014-1509\",\n \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\", \"CVE-2014-1513\",\n \"CVE-2014-1514\");\n script_bugtraq_id(66412, 66419, 66416, 66423, 66421, 66429, 66428, 66422, 66417,\n 66418, 66426, 66425, 66206, 66207, 66209, 66203, 66240);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-03-27 12:03:41 +0530 (Thu, 27 Mar 2014)\");\n script_name(\"Mozilla Firefox Multiple Vulnerabilities-01 Mar14 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Local users can gain privileges by modifying the extracted Mar contents\n during an update.\n\n - A boundary error when decoding WAV audio files.\n\n - The crypto.generateCRMFRequest method does not properly validate a certain\n key type.\n\n - An error related to certain WebIDL-implemented APIs.\n\n - An error when performing polygon rendering in MathML.\n\n - The session-restore feature does not consider the Content Security Policy of\n a data URL.\n\n - A timing error when processing SVG format images with filters and\n displacements.\n\n - A use-after-free error when handling garbage collection of TypeObjects under\n memory pressure.\n\n - An error within the TypedArrayObject implementation when handling neutered\n ArrayBuffer objects.\n\n - And some unspecified errors exist.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct spoofing attacks,\ndisclose potentially sensitive information, bypass certain security\nrestrictions, and compromise a user's system.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 28.0 on Mac OS X\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 28.0 or later.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57500\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-15.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"28.0\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"28.0\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-11T14:14:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1498", "CVE-2014-1501", "CVE-2014-1500", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496", "CVE-2014-1499"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-10-13T00:00:00", "id": "OPENVAS:1361412562310850803", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850803", "type": "openvas", "title": "SUSE: Security Advisory for MozillaFirefox (SUSE-SU-2014:0418-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850803\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:01 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1494\", \"CVE-2014-1496\", \"CVE-2014-1497\",\n \"CVE-2014-1498\", \"CVE-2014-1499\", \"CVE-2014-1500\", \"CVE-2014-1501\",\n \"CVE-2014-1502\", \"CVE-2014-1504\", \"CVE-2014-1508\", \"CVE-2014-1509\",\n \"CVE-2014-1505\", \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\",\n \"CVE-2014-1513\", \"CVE-2014-1514\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for MozillaFirefox (SUSE-SU-2014:0418-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MozillaFirefox'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Mozilla Firefox was updated to 24.4.0ESR release, fixing\n various security issues and bugs:\n\n *\n\n MFSA 2014-15: Mozilla developers and community\n identified identified and fixed several memory safety bugs\n in the browser engine used in Firefox and other\n Mozilla-based products. Some of these bugs showed evidence\n of memory corruption under certain circumstances, and we\n presume that with enough effort at least some of these\n could be exploited to run arbitrary code.\n\n *\n\n Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij,\n Jesse Ruderman, Dan Gohman, and Christoph Diehl reported\n memory safety problems and crashes that affect Firefox ESR\n 24.3 and Firefox 27. (CVE-2014-1493)\n\n *\n\n Gregor Wagner, Olli Pettay, Gary Kwong, Jesse\n Ruderman, Luke Wagner, Rob Fletcher, and Makoto Kato\n reported memory safety problems and crashes that affect\n Firefox 27. (CVE-2014-1494)\n\n *\n\n MFSA 2014-16 / CVE-2014-1496: Security researcher Ash\n reported an issue where the extracted files for updates to\n existing files are not read only during the update process.\n This allows for the potential replacement or modification\n of these files during the update process if a malicious\n application is present on the local system.\n\n *\n\n MFSA 2014-17 / CVE-2014-1497: Security researcher\n Atte Kettunen from OUSPG reported an out of bounds read\n during the decoding of WAV format audio files for playback.\n This could allow web content access to heap data as well as\n causing a crash.\n\n *\n\n MFSA 2014-18 / CVE-2014-1498: Mozilla developer David\n Keeler reported that the crypto.generateCRFMRequest method\n did not correctly validate the key type of the KeyParams\n argument when generating ec-dual-use requests. This could\n lead to a crash and a denial of service (DOS) attack.\n\n *\n\n MFSA 2014-19 / CVE-2014-1499: Mozilla developer Ehsan\n Akhgari reported a spoofing attack where the permission\n prompt for a WebRTC session can appear to be from a\n different site than its actual originating site if a timed\n navigation occurs during the prompt generation. This allows\n an attacker to potentially gain access to the webcam or\n microphone by masquerading as another site and gaining user\n permission through spoofing.\n\n *\n\n MFSA 2014-20 / CVE-2014-1500: Security researchers\n Tim Philipp Schaefers and Sebastian Neef, the team of\n Internetwache.org, reported a mechanism using JavaScript\n onbeforeunload events with page navigation to prevent users\n from closing a malicious page's tab and causing the browser\n to become unresponsive. This allows for a denial of service ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"MozillaFirefox on SUSE Linux Enterprise Server 11 SP3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0418-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES11.0SP3\") {\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~24.4.0esr~0.8.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-SLED\", rpm:\"MozillaFirefox-branding-SLED~24~0.7.23\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~24.4.0esr~0.8.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nspr\", rpm:\"mozilla-nspr~4.10.4~0.3.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nspr-32bit\", rpm:\"mozilla-nspr-32bit~4.10.4~0.3.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nspr-x86\", rpm:\"mozilla-nspr-x86~4.10.4~0.3.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0824", "CVE-2014-1505", "CVE-2014-1536", "CVE-2014-1577", "CVE-2014-1513", "CVE-2013-5601", "CVE-2013-5612", "CVE-2015-0831", "CVE-2013-5595", "CVE-2014-1530", "CVE-2014-1590", "CVE-2014-1586", "CVE-2014-1583", "CVE-2015-0832", "CVE-2013-5616", "CVE-2013-5607", "CVE-2014-1510", "CVE-2014-1566", "CVE-2013-5598", "CVE-2013-5613", "CVE-2014-1522", "CVE-2014-1587", "CVE-2014-1567", "CVE-2014-1481", "CVE-2014-1539", "CVE-2014-1487", "CVE-2015-0825", "CVE-2014-1594", "CVE-2014-1538", "CVE-2013-5609", "CVE-2015-0821", "CVE-2014-1525", "CVE-2013-5619", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1559", "CVE-2014-1537", "CVE-2014-1582", "CVE-2014-1523", "CVE-2014-1576", "CVE-2014-8631", "CVE-2013-5615", "CVE-2014-1529", "CVE-2015-0828", "CVE-2013-5597", "CVE-2014-1543", "CVE-2014-1486", "CVE-2013-5590", "CVE-2013-5605", "CVE-2013-5610", "CVE-2014-1532", "CVE-2013-6671", "CVE-2014-1548", "CVE-2014-1584", "CVE-2014-1588", "CVE-2015-0826", "CVE-2014-1531", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1542", "CVE-2014-1477", "CVE-2014-1578", "CVE-2013-1741", "CVE-2014-1540", "CVE-2014-1534", "CVE-2014-8642", "CVE-2014-1482", "CVE-2014-8637", "CVE-2014-1479", "CVE-2014-1504", "CVE-2014-8636", "CVE-2014-1580", "CVE-2014-1511", "CVE-2015-0819", "CVE-2014-1520", "CVE-2015-0834", "CVE-2014-1545", "CVE-2013-5592", "CVE-2014-1492", "CVE-2014-1556", "CVE-2013-5606", "CVE-2015-0818", "CVE-2014-1563", "CVE-2014-1524", "CVE-2014-8632", "CVE-2014-1512", "CVE-2014-1581", "CVE-2013-5604", "CVE-2014-1514", "CVE-2014-1592", "CVE-2014-8641", "CVE-2014-1490", "CVE-2015-0835", "CVE-2014-1498", "CVE-2014-1589", "CVE-2014-1565", "CVE-2014-1568", "CVE-2014-1555", "CVE-2014-1564", "CVE-2014-1574", "CVE-2014-1558", "CVE-2014-1551", "CVE-2014-1519", "CVE-2014-1547", "CVE-2014-1480", "CVE-2014-5369", "CVE-2014-1500", "CVE-2014-1497", "CVE-2013-5596", "CVE-2014-1478", "CVE-2014-1485", "CVE-2015-0817", "CVE-2014-1493", "CVE-2014-1544", "CVE-2014-8634", "CVE-2013-2566", "CVE-2015-0823", "CVE-2013-5603", "CVE-2013-6673", "CVE-2014-1562", "CVE-2015-0836", "CVE-2014-1541", "CVE-2014-1488", "CVE-2014-1552", "CVE-2013-5599", "CVE-2014-1553", "CVE-2014-8639", "CVE-2015-0829", "CVE-2014-1549", "CVE-2013-5591", "CVE-2013-5602", "CVE-2015-0822", "CVE-2014-1496", "CVE-2014-1554", "CVE-2015-0830", "CVE-2015-0827", "CVE-2014-8640", "CVE-2014-1557", "CVE-2014-1526", "CVE-2013-5593", "CVE-2014-1550", "CVE-2014-1533", "CVE-2014-1491", "CVE-2013-6672", "CVE-2013-5614", "CVE-2014-1575", "CVE-2014-8635", "CVE-2014-8638", "CVE-2014-1560", "CVE-2014-1585", "CVE-2014-1483", "CVE-2014-1489", "CVE-2014-1591", "CVE-2014-1593", "CVE-2015-0820", "CVE-2013-5600", "CVE-2014-1499", "CVE-2014-1518", "CVE-2014-1561", "CVE-2015-0833", "CVE-2013-5618"], "description": "Gentoo Linux Local Security Checks GLSA 201504-01", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121368", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121368", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201504-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201504-01.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121368\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:42 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201504-01\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201504-01\");\n script_cve_id(\"CVE-2013-1741\", \"CVE-2013-2566\", \"CVE-2013-5590\", \"CVE-2013-5591\", \"CVE-2013-5592\", \"CVE-2013-5593\", \"CVE-2013-5595\", \"CVE-2013-5596\", \"CVE-2013-5597\", \"CVE-2013-5598\", \"CVE-2013-5599\", \"CVE-2013-5600\", \"CVE-2013-5601\", \"CVE-2013-5602\", \"CVE-2013-5603\", \"CVE-2013-5604\", \"CVE-2013-5605\", \"CVE-2013-5606\", \"CVE-2013-5607\", \"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\", \"CVE-2014-1477\", \"CVE-2014-1478\", \"CVE-2014-1479\", \"CVE-2014-1480\", \"CVE-2014-1481\", \"CVE-2014-1482\", \"CVE-2014-1483\", \"CVE-2014-1485\", \"CVE-2014-1486\", \"CVE-2014-1487\", \"CVE-2014-1488\", \"CVE-2014-1489\", \"CVE-2014-1490\", \"CVE-2014-1491\", \"CVE-2014-1492\", \"CVE-2014-1493\", \"CVE-2014-1494\", \"CVE-2014-1496\", \"CVE-2014-1497\", \"CVE-2014-1498\", \"CVE-2014-1499\", \"CVE-2014-1500\", \"CVE-2014-1502\", \"CVE-2014-1504\", \"CVE-2014-1505\", \"CVE-2014-1508\", \"CVE-2014-1509\", \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\", \"CVE-2014-1513\", \"CVE-2014-1514\", \"CVE-2014-1518\", \"CVE-2014-1519\", \"CVE-2014-1520\", \"CVE-2014-1522\", \"CVE-2014-1523\", \"CVE-2014-1524\", \"CVE-2014-1525\", \"CVE-2014-1526\", \"CVE-2014-1529\", \"CVE-2014-1530\", \"CVE-2014-1531\", \"CVE-2014-1532\", \"CVE-2014-1533\", \"CVE-2014-1534\", \"CVE-2014-1536\", \"CVE-2014-1537\", \"CVE-2014-1538\", \"CVE-2014-1539\", \"CVE-2014-1540\", \"CVE-2014-1541\", \"CVE-2014-1542\", \"CVE-2014-1543\", \"CVE-2014-1544\", \"CVE-2014-1545\", \"CVE-2014-1547\", \"CVE-2014-1548\", \"CVE-2014-1549\", \"CVE-2014-1550\", \"CVE-2014-1551\", \"CVE-2014-1552\", \"CVE-2014-1553\", \"CVE-2014-1554\", \"CVE-2014-1555\", \"CVE-2014-1556\", \"CVE-2014-1557\", \"CVE-2014-1558\", \"CVE-2014-1559\", \"CVE-2014-1560\", \"CVE-2014-1561\", \"CVE-2014-1562\", \"CVE-2014-1563\", \"CVE-2014-1564\", \"CVE-2014-1565\", \"CVE-2014-1566\", \"CVE-2014-1567\", \"CVE-2014-1568\", \"CVE-2014-1574\", \"CVE-2014-1575\", \"CVE-2014-1576\", \"CVE-2014-1577\", \"CVE-2014-1578\", \"CVE-2014-1580\", \"CVE-2014-1581\", \"CVE-2014-1582\", \"CVE-2014-1583\", \"CVE-2014-1584\", \"CVE-2014-1585\", \"CVE-2014-1586\", \"CVE-2014-1587\", \"CVE-2014-1588\", \"CVE-2014-1589\", \"CVE-2014-1590\", \"CVE-2014-1591\", \"CVE-2014-1592\", \"CVE-2014-1593\", \"CVE-2014-1594\", \"CVE-2014-5369\", \"CVE-2014-8631\", \"CVE-2014-8632\", \"CVE-2014-8634\", \"CVE-2014-8635\", \"CVE-2014-8636\", \"CVE-2014-8637\", \"CVE-2014-8638\", \"CVE-2014-8639\", \"CVE-2014-8640\", \"CVE-2014-8641\", \"CVE-2014-8642\", \"CVE-2015-0817\", \"CVE-2015-0818\", \"CVE-2015-0819\", \"CVE-2015-0820\", \"CVE-2015-0821\", \"CVE-2015-0822\", \"CVE-2015-0823\", \"CVE-2015-0824\", \"CVE-2015-0825\", \"CVE-2015-0826\", \"CVE-2015-0827\", \"CVE-2015-0828\", \"CVE-2015-0829\", \"CVE-2015-0830\", \"CVE-2015-0831\", \"CVE-2015-0832\", \"CVE-2015-0833\", \"CVE-2015-0834\", \"CVE-2015-0835\", \"CVE-2015-0836\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201504-01\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-client/firefox\", unaffected: make_list(\"ge 31.5.3\"), vulnerable: make_list(\"lt 31.5.3\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-client/firefox-bin\", unaffected: make_list(\"ge 31.5.3\"), vulnerable: make_list(\"lt 31.5.3\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"mail-client/thunderbird\", unaffected: make_list(\"ge 31.5.0\"), vulnerable: make_list(\"lt 31.5.0\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"mail-client/thunderbird-bin\", unaffected: make_list(\"ge 31.5.0\"), vulnerable: make_list(\"lt 31.5.0\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-client/seamonkey\", unaffected: make_list(\"ge 2.33.1\"), vulnerable: make_list(\"lt 2.33.1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-client/seamonkey-bin\", unaffected: make_list(\"ge 2.33.1\"), vulnerable: make_list(\"lt 2.33.1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/nspr\", unaffected: make_list(\"ge 4.10.6\"), vulnerable: make_list(\"lt 4.10.6\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-01T03:41:03", "description": "The installed version of Thunderbird is a version prior to version\n24.4. It is, therefore, potentially affected by the following\nvulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code\n execution. (CVE-2014-1493, CVE-2014-1494)\n\n - An issue exists where extracted files for updates are\n not read-only while updating. An attacker may be able\n to modify these extracted files resulting in privilege\n escalation. (CVE-2014-1496)\n\n - An out-of-bounds read error exists when decoding WAV\n format audio files that could lead to a denial of\n service attack or information disclosure.\n (CVE-2014-1497)\n\n - An out-of-bounds read error exists when polygons are\n rendered in 'MathML' that could lead to information\n disclosure. (CVE-2014-1508)\n\n - A memory corruption issue exists in the Cairo graphics\n library when rendering a PDF file that could lead to\n arbitrary code execution or a denial of service attack.\n (CVE-2014-1509)\n\n - An issue exists in the SVG filters and the\n feDisplacementMap element that could lead to\n information disclosure via timing attacks.\n (CVE-2014-1505)\n\n - An issue exists that could allow malicious websites to\n load chrome-privileged pages when JavaScript\n implemented WebIDL calls the 'window.open()' function,\n which could result in arbitrary code execution.\n (CVE-2014-1510)\n\n - An issue exists that could allow a malicious website to\n bypass the pop-up blocker. (CVE-2014-1511)\n\n - A use-after-free memory issue exists in 'TypeObjects'\n in the JavaScript engine during Garbage Collection\n that could lead to arbitrary code execution.\n (CVE-2014-1512)\n\n - An out-of-bounds write error exists due to\n 'TypedArrayObject' improperly handling 'ArrayBuffer'\n objects that could result in arbitrary code execution.\n (CVE-2014-1513)\n\n - An out-of-bounds write error exists when copying values\n from one array to another that could result in arbitrary\n code execution. (CVE-2014-1514)", "edition": 26, "published": "2014-03-19T00:00:00", "title": "Thunderbird < 24.4 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MACOSX_THUNDERBIRD_24_4.NASL", "href": "https://www.tenable.com/plugins/nessus/73097", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73097);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2014-1493\",\n \"CVE-2014-1494\",\n \"CVE-2014-1496\",\n \"CVE-2014-1497\",\n \"CVE-2014-1505\",\n \"CVE-2014-1508\",\n \"CVE-2014-1509\",\n \"CVE-2014-1510\",\n \"CVE-2014-1511\",\n \"CVE-2014-1512\",\n \"CVE-2014-1513\",\n \"CVE-2014-1514\"\n );\n script_bugtraq_id(\n 66203,\n 66206,\n 66207,\n 66209,\n 66240,\n 66412,\n 66416,\n 66418,\n 66419,\n 66423,\n 66425,\n 66426\n );\n\n script_name(english:\"Thunderbird < 24.4 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a mail client that is potentially\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Thunderbird is a version prior to version\n24.4. It is, therefore, potentially affected by the following\nvulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code\n execution. (CVE-2014-1493, CVE-2014-1494)\n\n - An issue exists where extracted files for updates are\n not read-only while updating. An attacker may be able\n to modify these extracted files resulting in privilege\n escalation. (CVE-2014-1496)\n\n - An out-of-bounds read error exists when decoding WAV\n format audio files that could lead to a denial of\n service attack or information disclosure.\n (CVE-2014-1497)\n\n - An out-of-bounds read error exists when polygons are\n rendered in 'MathML' that could lead to information\n disclosure. (CVE-2014-1508)\n\n - A memory corruption issue exists in the Cairo graphics\n library when rendering a PDF file that could lead to\n arbitrary code execution or a denial of service attack.\n (CVE-2014-1509)\n\n - An issue exists in the SVG filters and the\n feDisplacementMap element that could lead to\n information disclosure via timing attacks.\n (CVE-2014-1505)\n\n - An issue exists that could allow malicious websites to\n load chrome-privileged pages when JavaScript\n implemented WebIDL calls the 'window.open()' function,\n which could result in arbitrary code execution.\n (CVE-2014-1510)\n\n - An issue exists that could allow a malicious website to\n bypass the pop-up blocker. (CVE-2014-1511)\n\n - A use-after-free memory issue exists in 'TypeObjects'\n in the JavaScript engine during Garbage Collection\n that could lead to arbitrary code execution.\n (CVE-2014-1512)\n\n - An out-of-bounds write error exists due to\n 'TypedArrayObject' improperly handling 'ArrayBuffer'\n objects that could result in arbitrary code execution.\n (CVE-2014-1513)\n\n - An out-of-bounds write error exists when copying values\n from one array to another that could result in arbitrary\n code execution. (CVE-2014-1514)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/531617/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-18/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-18/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-19/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-26/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-27/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-28/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-29/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-30/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-31/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-32/\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Thunderbird 24.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox WebIDL Privileged Javascript Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_thunderbird_installed.nasl\");\n script_require_keys(\"MacOSX/Thunderbird/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Thunderbird\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Thunderbird install is in the ESR branch.');\n\nmozilla_check_version(product:'thunderbird', version:version, path:path, esr:FALSE, fix:'24.4', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:52:33", "description": "The installed version of Thunderbird is a version prior to 24.4 and\nis, therefore, potentially affected the following vulnerabilities:\n\n - Memory issues exist that could lead to arbitrary code\n execution. (CVE-2014-1493, CVE-2014-1494)\n\n - An issue exists where extracted files for updates are\n not read-only while updating. An attacker may be able\n to modify these extracted files resulting in privilege\n escalation. (CVE-2014-1496)\n\n - An out-of-bounds read error exists when decoding WAV\n format audio files that could lead to a denial of\n service attack or information disclosure.\n (CVE-2014-1497)\n\n - An out-of-bounds read error exists when polygons are\n rendered in 'MathML' that could lead to information\n disclosure. (CVE-2014-1508)\n\n - A memory corruption issue exists in the Cairo graphics\n library when rendering a PDF file that could lead to\n arbitrary code execution or a denial of service attack.\n (CVE-2014-1509)\n\n - An issue exists in the SVG filters and the\n feDisplacementMap element that could lead to\n information disclosure via timing attacks.\n (CVE-2014-1505)\n\n - An issue exists that could allow malicious websites to\n load chrome-privileged pages when JavaScript\n implemented WebIDL calls the 'window.open()' function,\n which could result in arbitrary code execution.\n (CVE-2014-1510)\n\n - An issue exists that could allow a malicious website to\n bypass the pop-up blocker. (CVE-2014-1511)\n\n - A use-after-free memory issue exists in 'TypeObjects'\n in the JavaScript engine during Garbage Collection\n that could lead to arbitrary code execution.\n (CVE-2014-1512)\n\n - An out-of-bounds write error exists due to\n 'TypedArrayObject' improperly handling 'ArrayBuffer'\n objects that could result in arbitrary code execution.\n (CVE-2014-1513)\n\n - An out-of-bounds write error exists when copying values\n from one array to another that could result in arbitrary\n code execution. (CVE-2014-1514)", "edition": 26, "published": "2014-03-19T00:00:00", "title": "Mozilla Thunderbird < 24.4 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MOZILLA_THUNDERBIRD_24_4.NASL", "href": "https://www.tenable.com/plugins/nessus/73100", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73100);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/16 14:09:15\");\n\n script_cve_id(\n \"CVE-2014-1493\",\n \"CVE-2014-1494\",\n \"CVE-2014-1496\",\n \"CVE-2014-1497\",\n \"CVE-2014-1505\",\n \"CVE-2014-1508\",\n \"CVE-2014-1509\",\n \"CVE-2014-1510\",\n \"CVE-2014-1511\",\n \"CVE-2014-1512\",\n \"CVE-2014-1513\",\n \"CVE-2014-1514\"\n );\n script_bugtraq_id(\n 66203,\n 66206,\n 66207,\n 66209,\n 66240,\n 66412,\n 66416,\n 66418,\n 66419,\n 66423,\n 66425,\n 66426\n );\n\n script_name(english:\"Mozilla Thunderbird < 24.4 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a mail client that is potentially\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Thunderbird is a version prior to 24.4 and\nis, therefore, potentially affected the following vulnerabilities:\n\n - Memory issues exist that could lead to arbitrary code\n execution. (CVE-2014-1493, CVE-2014-1494)\n\n - An issue exists where extracted files for updates are\n not read-only while updating. An attacker may be able\n to modify these extracted files resulting in privilege\n escalation. (CVE-2014-1496)\n\n - An out-of-bounds read error exists when decoding WAV\n format audio files that could lead to a denial of\n service attack or information disclosure.\n (CVE-2014-1497)\n\n - An out-of-bounds read error exists when polygons are\n rendered in 'MathML' that could lead to information\n disclosure. (CVE-2014-1508)\n\n - A memory corruption issue exists in the Cairo graphics\n library when rendering a PDF file that could lead to\n arbitrary code execution or a denial of service attack.\n (CVE-2014-1509)\n\n - An issue exists in the SVG filters and the\n feDisplacementMap element that could lead to\n information disclosure via timing attacks.\n (CVE-2014-1505)\n\n - An issue exists that could allow malicious websites to\n load chrome-privileged pages when JavaScript\n implemented WebIDL calls the 'window.open()' function,\n which could result in arbitrary code execution.\n (CVE-2014-1510)\n\n - An issue exists that could allow a malicious website to\n bypass the pop-up blocker. (CVE-2014-1511)\n\n - A use-after-free memory issue exists in 'TypeObjects'\n in the JavaScript engine during Garbage Collection\n that could lead to arbitrary code execution.\n (CVE-2014-1512)\n\n - An out-of-bounds write error exists due to\n 'TypedArrayObject' improperly handling 'ArrayBuffer'\n objects that could result in arbitrary code execution.\n (CVE-2014-1513)\n\n - An out-of-bounds write error exists when copying values\n from one array to another that could result in arbitrary\n code execution. (CVE-2014-1514)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/531617/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-18/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-19/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-26/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-27/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-28/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-29/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-30/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-31/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-32/\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Thunderbird 24.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox WebIDL Privileged Javascript Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'24.4', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:48:58", "description": "The installed version of Firefox ESR 24.x is a version prior to 24.4.\nIt is, therefore, potentially affected by the following\nvulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code\n execution. (CVE-2014-1493, CVE-2014-1494)\n\n - A flaw exists in the checkHandshake() function due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n corrupt memory, resulting in the execution of arbitrary\n code. (CVE-2014-1495)\n\n - An issue exists where extracted files for updates are\n not read-only while updating. An attacker may be able\n to modify these extracted files resulting in privilege\n escalation. (CVE-2014-1496)\n\n - An out-of-bounds read error exists when decoding WAV\n format audio files that could lead to a denial of\n service attack or information disclosure.\n (CVE-2014-1497)\n\n - An out-of-bounds read error exists when polygons are\n rendered in 'MathML' that could lead to information\n disclosure. (CVE-2014-1508)\n\n - A memory corruption issue exists in the Cairo graphics\n library when rendering a PDF file that could lead to\n arbitrary code execution or a denial of service attack.\n (CVE-2014-1509)\n\n - An issue exists in the SVG filters and the\n feDisplacementMap element that could lead to\n information disclosure via timing attacks.\n (CVE-2014-1505)\n\n - An issue exists that could allow malicious websites to\n load chrome-privileged pages when JavaScript\n implemented WebIDL calls the 'window.open()' function,\n which could result in arbitrary code execution.\n (CVE-2014-1510)\n\n - An issue exists that could allow a malicious website to\n bypass the pop-up blocker. (CVE-2014-1511)\n\n - A use-after-free memory issue exists in 'TypeObjects'\n in the JavaScript engine during Garbage Collection\n that could lead to arbitrary code execution.\n (CVE-2014-1512)\n\n - An out-of-bounds write error exists due to\n 'TypedArrayObject' improperly handling 'ArrayBuffer'\n objects that could result in arbitrary code execution.\n (CVE-2014-1513)\n\n - An out-of-bounds write error exists when copying values\n from one array to another that could result in arbitrary\n code execution. (CVE-2014-1514)", "edition": 26, "published": "2014-03-19T00:00:00", "title": "Firefox ESR 24.x < 24.4 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1495", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MOZILLA_FIREFOX_24_4_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/73098", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73098);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\n \"CVE-2014-1493\",\n \"CVE-2014-1494\",\n \"CVE-2014-1495\",\n \"CVE-2014-1496\",\n \"CVE-2014-1497\",\n \"CVE-2014-1505\",\n \"CVE-2014-1508\",\n \"CVE-2014-1509\",\n \"CVE-2014-1510\",\n \"CVE-2014-1511\",\n \"CVE-2014-1512\",\n \"CVE-2014-1513\",\n \"CVE-2014-1514\"\n );\n script_bugtraq_id(\n 66203,\n 66206,\n 66207,\n 66209,\n 66240,\n 66412,\n 66416,\n 66418,\n 66419,\n 66423,\n 66425,\n 66426\n );\n\n script_name(english:\"Firefox ESR 24.x < 24.4 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is potentially\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox ESR 24.x is a version prior to 24.4.\nIt is, therefore, potentially affected by the following\nvulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code\n execution. (CVE-2014-1493, CVE-2014-1494)\n\n - A flaw exists in the checkHandshake() function due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n corrupt memory, resulting in the execution of arbitrary\n code. (CVE-2014-1495)\n\n - An issue exists where extracted files for updates are\n not read-only while updating. An attacker may be able\n to modify these extracted files resulting in privilege\n escalation. (CVE-2014-1496)\n\n - An out-of-bounds read error exists when decoding WAV\n format audio files that could lead to a denial of\n service attack or information disclosure.\n (CVE-2014-1497)\n\n - An out-of-bounds read error exists when polygons are\n rendered in 'MathML' that could lead to information\n disclosure. (CVE-2014-1508)\n\n - A memory corruption issue exists in the Cairo graphics\n library when rendering a PDF file that could lead to\n arbitrary code execution or a denial of service attack.\n (CVE-2014-1509)\n\n - An issue exists in the SVG filters and the\n feDisplacementMap element that could lead to\n information disclosure via timing attacks.\n (CVE-2014-1505)\n\n - An issue exists that could allow malicious websites to\n load chrome-privileged pages when JavaScript\n implemented WebIDL calls the 'window.open()' function,\n which could result in arbitrary code execution.\n (CVE-2014-1510)\n\n - An issue exists that could allow a malicious website to\n bypass the pop-up blocker. (CVE-2014-1511)\n\n - A use-after-free memory issue exists in 'TypeObjects'\n in the JavaScript engine during Garbage Collection\n that could lead to arbitrary code execution.\n (CVE-2014-1512)\n\n - An out-of-bounds write error exists due to\n 'TypedArrayObject' improperly handling 'ArrayBuffer'\n objects that could result in arbitrary code execution.\n (CVE-2014-1513)\n\n - An out-of-bounds write error exists when copying values\n from one array to another that could result in arbitrary\n code execution. (CVE-2014-1514)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/531617/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-01/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-18/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-19/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-26/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-27/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-28/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-29/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-30/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-31/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-32/\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox ESR 24.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox WebIDL Privileged Javascript Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'24.4', min:'24.0', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:28:10", "description": "The installed version of Firefox ESR 24.x is prior to 24.4 and is,\ntherefore, potentially affected by the following vulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code\n execution. (CVE-2014-1493, CVE-2014-1494)\n\n - A flaw exists in the checkHandshake() function due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n corrupt memory, resulting in the execution of arbitrary\n code. (CVE-2014-1495)\n \n - An issue exists where extracted files for updates are\n not read-only while updating. An attacker may be able\n to modify these extracted files resulting in privilege\n escalation. (CVE-2014-1496)\n\n - An out-of-bounds read error exists when decoding WAV\n format audio files that could lead to a denial of\n service attack or information disclosure.\n (CVE-2014-1497)\n\n - An out-of-bounds read error exists when polygons are\n rendered in 'MathML' that could lead to information\n disclosure. (CVE-2014-1508)\n\n - A memory corruption issue exists in the Cairo graphics\n library when rendering a PDF file that could lead to\n arbitrary code execution or a denial of service attack.\n (CVE-2014-1509)\n\n - An issue exists in the SVG filters and the\n feDisplacementMap element that could lead to\n information disclosure via timing attacks.\n (CVE-2014-1505)\n\n - An issue exists that could allow malicious websites to\n load chrome-privileged pages when JavaScript\n implemented WebIDL calls the 'window.open()' function,\n which could result in arbitrary code execution.\n (CVE-2014-1510)\n\n - An issue exists that could allow a malicious website to\n bypass the pop-up blocker. (CVE-2014-1511)\n\n - A use-after-free memory issue exists in 'TypeObjects'\n in the JavaScript engine during Garbage Collection\n that could lead to arbitrary code execution.\n (CVE-2014-1512)\n\n - An out-of-bounds write error exists due to\n 'TypedArrayObject' improperly handling 'ArrayBuffer'\n objects that could result in arbitrary code execution.\n (CVE-2014-1513)\n\n - An out-of-bounds write error exists when copying values\n from one array to another that could result in arbitrary\n code execution. (CVE-2014-1514)", "edition": 26, "published": "2014-03-19T00:00:00", "title": "Firefox ESR 24.x < 24.4 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1495", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MACOSX_FIREFOX_24_4_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/73095", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73095);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2014-1493\",\n \"CVE-2014-1494\",\n \"CVE-2014-1495\",\n \"CVE-2014-1496\",\n \"CVE-2014-1497\",\n \"CVE-2014-1505\",\n \"CVE-2014-1508\",\n \"CVE-2014-1509\",\n \"CVE-2014-1510\",\n \"CVE-2014-1511\",\n \"CVE-2014-1512\",\n \"CVE-2014-1513\",\n \"CVE-2014-1514\"\n );\n script_bugtraq_id(\n 66203,\n 66206,\n 66207,\n 66209,\n 66240,\n 66412,\n 66416,\n 66418,\n 66419,\n 66423,\n 66425,\n 66426\n );\n\n script_name(english:\"Firefox ESR 24.x < 24.4 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is potentially\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox ESR 24.x is prior to 24.4 and is,\ntherefore, potentially affected by the following vulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code\n execution. (CVE-2014-1493, CVE-2014-1494)\n\n - A flaw exists in the checkHandshake() function due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n corrupt memory, resulting in the execution of arbitrary\n code. (CVE-2014-1495)\n \n - An issue exists where extracted files for updates are\n not read-only while updating. An attacker may be able\n to modify these extracted files resulting in privilege\n escalation. (CVE-2014-1496)\n\n - An out-of-bounds read error exists when decoding WAV\n format audio files that could lead to a denial of\n service attack or information disclosure.\n (CVE-2014-1497)\n\n - An out-of-bounds read error exists when polygons are\n rendered in 'MathML' that could lead to information\n disclosure. (CVE-2014-1508)\n\n - A memory corruption issue exists in the Cairo graphics\n library when rendering a PDF file that could lead to\n arbitrary code execution or a denial of service attack.\n (CVE-2014-1509)\n\n - An issue exists in the SVG filters and the\n feDisplacementMap element that could lead to\n information disclosure via timing attacks.\n (CVE-2014-1505)\n\n - An issue exists that could allow malicious websites to\n load chrome-privileged pages when JavaScript\n implemented WebIDL calls the 'window.open()' function,\n which could result in arbitrary code execution.\n (CVE-2014-1510)\n\n - An issue exists that could allow a malicious website to\n bypass the pop-up blocker. (CVE-2014-1511)\n\n - A use-after-free memory issue exists in 'TypeObjects'\n in the JavaScript engine during Garbage Collection\n that could lead to arbitrary code execution.\n (CVE-2014-1512)\n\n - An out-of-bounds write error exists due to\n 'TypedArrayObject' improperly handling 'ArrayBuffer'\n objects that could result in arbitrary code execution.\n (CVE-2014-1513)\n\n - An out-of-bounds write error exists when copying values\n from one array to another that could result in arbitrary\n code execution. (CVE-2014-1514)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/531617/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-01/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-18/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-19/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-26/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-27/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-28/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-29/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-30/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-31/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-32/\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox ESR 24.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox WebIDL Privileged Javascript Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nis_esr = get_kb_item(kb_base+\"/is_esr\");\nif (isnull(is_esr)) audit(AUDIT_NOT_INST, \"Mozilla Firefox ESR\");\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:TRUE, fix:'24.4', min:'24.0', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:49:02", "description": "The installed version of Firefox is a version prior to 28.0 and is,\ntherefore, potentially affected by the following vulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code\n execution. (CVE-2014-1493, CVE-2014-1494)\n\n - An issue exists where extracted files for updates are\n not read-only while updating. An attacker may be able\n to modify these extracted files resulting in privilege\n escalation. (CVE-2014-1496)\n\n - An out-of-bounds read error exists when decoding WAV\n format audio files that could lead to a denial of\n service attack or information disclosure.\n (CVE-2014-1497)\n\n - An issue exists in the 'crypto.generateCRFMRequest'\n method due to improper validation of the KeyParams\n argument when generating 'ec-dual-use' requests. This\n could lead to a denial of service attack.\n (CVE-2014-1498)\n\n - An issue exists that could allow for spoofing attacks to\n occur during a WebRTC session. Exploitation of this\n issue could allow an attacker to gain access to the\n user's webcam or microphone. (CVE-2014-1499)\n\n - An issue exists with JavaScript 'onbeforeunload' events\n that could lead to denial of service attacks.\n (CVE-2014-1500)\n\n - An issue exists where WebGL context from one website\n can be injected into the WebGL context of another\n website that could result in arbitrary content being\n rendered from the second website. (CVE-2014-1502)\n\n - A cross-site scripting issue exists due to the Content\n Security Policy (CSP) of 'data:' documents not being\n saved for a session restore. Under certain\n circumstances, an attacker may be able to evade the CSP\n of a remote website resulting in a cross-scripting\n attack. (CVE-2014-1504)\n\n - An out-of-bounds read error exists when polygons are\n rendered in 'MathML' that could lead to information\n disclosure. (CVE-2014-1508)\n\n - A memory corruption issue exists in the Cairo graphics\n library when rendering a PDF file that could lead to\n arbitrary code execution or a denial of service attack.\n (CVE-2014-1509)\n\n - An issue exists in the SVG filters and the\n feDisplacementMap element that could lead to\n information disclosure via timing attacks.\n (CVE-2014-1505)\n\n - An issue exists that could allow malicious websites to\n load chrome-privileged pages when JavaScript\n implemented WebIDL calls the 'window.open()' function,\n which could result in arbitrary code execution.\n (CVE-2014-1510)\n\n - An issue exists that could allow a malicious website to\n bypass the pop-up blocker. (CVE-2014-1511)\n\n - A use-after-free memory issue exists in 'TypeObjects'\n in the JavaScript engine during Garbage Collection\n that could lead to arbitrary code execution.\n (CVE-2014-1512)\n\n - An out-of-bounds write error exists due to\n 'TypedArrayObject' improperly handling 'ArrayBuffer'\n objects that could result in arbitrary code execution.\n (CVE-2014-1513)\n\n - An out-of-bounds write error exists when copying values\n from one array to another that could result in arbitrary\n code execution. (CVE-2014-1514)", "edition": 26, "published": "2014-03-19T00:00:00", "title": "Firefox < 28.0 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1498", "CVE-2014-1500", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496", "CVE-2014-1499"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_28.NASL", "href": "https://www.tenable.com/plugins/nessus/73099", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73099);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\n \"CVE-2014-1493\",\n \"CVE-2014-1494\",\n \"CVE-2014-1496\",\n \"CVE-2014-1497\",\n \"CVE-2014-1498\",\n \"CVE-2014-1499\",\n \"CVE-2014-1500\",\n \"CVE-2014-1502\",\n \"CVE-2014-1504\",\n \"CVE-2014-1505\",\n \"CVE-2014-1508\",\n \"CVE-2014-1509\",\n \"CVE-2014-1510\",\n \"CVE-2014-1511\",\n \"CVE-2014-1512\",\n \"CVE-2014-1513\",\n \"CVE-2014-1514\"\n );\n script_bugtraq_id(\n 66203,\n 66206,\n 66207,\n 66209,\n 66240,\n 66412,\n 66416,\n 66417,\n 66418,\n 66419,\n 66421,\n 66422,\n 66423,\n 66425,\n 66426,\n 66428,\n 66429\n );\n\n script_name(english:\"Firefox < 28.0 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is potentially\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox is a version prior to 28.0 and is,\ntherefore, potentially affected by the following vulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code\n execution. (CVE-2014-1493, CVE-2014-1494)\n\n - An issue exists where extracted files for updates are\n not read-only while updating. An attacker may be able\n to modify these extracted files resulting in privilege\n escalation. (CVE-2014-1496)\n\n - An out-of-bounds read error exists when decoding WAV\n format audio files that could lead to a denial of\n service attack or information disclosure.\n (CVE-2014-1497)\n\n - An issue exists in the 'crypto.generateCRFMRequest'\n method due to improper validation of the KeyParams\n argument when generating 'ec-dual-use' requests. This\n could lead to a denial of service attack.\n (CVE-2014-1498)\n\n - An issue exists that could allow for spoofing attacks to\n occur during a WebRTC session. Exploitation of this\n issue could allow an attacker to gain access to the\n user's webcam or microphone. (CVE-2014-1499)\n\n - An issue exists with JavaScript 'onbeforeunload' events\n that could lead to denial of service attacks.\n (CVE-2014-1500)\n\n - An issue exists where WebGL context from one website\n can be injected into the WebGL context of another\n website that could result in arbitrary content being\n rendered from the second website. (CVE-2014-1502)\n\n - A cross-site scripting issue exists due to the Content\n Security Policy (CSP) of 'data:' documents not being\n saved for a session restore. Under certain\n circumstances, an attacker may be able to evade the CSP\n of a remote website resulting in a cross-scripting\n attack. (CVE-2014-1504)\n\n - An out-of-bounds read error exists when polygons are\n rendered in 'MathML' that could lead to information\n disclosure. (CVE-2014-1508)\n\n - A memory corruption issue exists in the Cairo graphics\n library when rendering a PDF file that could lead to\n arbitrary code execution or a denial of service attack.\n (CVE-2014-1509)\n\n - An issue exists in the SVG filters and the\n feDisplacementMap element that could lead to\n information disclosure via timing attacks.\n (CVE-2014-1505)\n\n - An issue exists that could allow malicious websites to\n load chrome-privileged pages when JavaScript\n implemented WebIDL calls the 'window.open()' function,\n which could result in arbitrary code execution.\n (CVE-2014-1510)\n\n - An issue exists that could allow a malicious website to\n bypass the pop-up blocker. (CVE-2014-1511)\n\n - A use-after-free memory issue exists in 'TypeObjects'\n in the JavaScript engine during Garbage Collection\n that could lead to arbitrary code execution.\n (CVE-2014-1512)\n\n - An out-of-bounds write error exists due to\n 'TypedArrayObject' improperly handling 'ArrayBuffer'\n objects that could result in arbitrary code execution.\n (CVE-2014-1513)\n\n - An out-of-bounds write error exists when copying values\n from one array to another that could result in arbitrary\n code execution. (CVE-2014-1514)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/531617/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-18/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-19/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-18/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-19/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-20/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-22/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-23/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-26/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-27/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-28/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-29/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-30/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-31/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-32/\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox 28.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox WebIDL Privileged Javascript Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'28.0', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:28:14", "description": "The installed version of Firefox is a version prior to version 28.0.\nIt is, therefore, potentially affected by multiple vulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code\n execution. (CVE-2014-1493, CVE-2014-1494)\n\n - An issue exists where extracted files for updates are\n not read-only while updating. An attacker may be able\n to modify these extracted files resulting in privilege\n escalation. (CVE-2014-1496)\n\n - An out-of-bounds read error exists when decoding WAV\n format audio files that could lead to a denial of\n service attack or information disclosure.\n (CVE-2014-1497)\n\n - An issue exists in the 'crypto.generateCRFMRequest'\n method due to improper validation of the KeyParams\n argument when generating 'ec-dual-use' requests. This\n could lead to a denial of service attack.\n (CVE-2014-1498)\n\n - An issue exists that could allow for spoofing attacks to\n occur during a WebRTC session. Exploitation of this\n issue could allow an attacker to gain access to the\n user's webcam or microphone. (CVE-2014-1499)\n\n - An issue exists with JavaScript 'onbeforeunload' events\n that could lead to denial of service attacks.\n (CVE-2014-1500)\n\n - An issue exists where WebGL context from one website\n can be injected into the WebGL context of another\n website, which could result in arbitrary content being\n rendered from the second website. (CVE-2014-1502)\n\n - A cross-site scripting issue exists due to the Content\n Security Policy (CSP) of 'data:' documents not being\n saved for a session restore. Under certain\n circumstances, an attacker may be able to evade the CSP\n of a remote website resulting in a cross-scripting\n attack. (CVE-2014-1504)\n\n - An out-of-bounds read error exists when polygons are\n rendered in 'MathML' that could lead to information\n disclosure. (CVE-2014-1508)\n\n - A memory corruption issue exists in the Cairo graphics\n library when rendering a PDF file that could lead to\n arbitrary code execution or a denial of service attack.\n (CVE-2014-1509)\n\n - An issue exists in the SVG filters and the\n feDisplacementMap element that could lead to\n information disclosure via timing attacks.\n (CVE-2014-1505)\n\n - An issue exists that could allow malicious websites to\n load chrome-privileged pages when JavaScript\n implemented WebIDL calls the 'window.open()' function,\n which may result in arbitrary code execution.\n (CVE-2014-1510)\n\n - An issue exists that could allow a malicious website to\n bypass the pop-up blocker. (CVE-2014-1511)\n\n - A use-after-free memory issue exists in 'TypeObjects'\n in the JavaScript engine during Garbage Collection\n that could lead to arbitrary code execution.\n (CVE-2014-1512)\n\n - An out-of-bounds write error exists due to\n 'TypedArrayObject' improperly handling 'ArrayBuffer'\n objects that could result in arbitrary code execution.\n (CVE-2014-1513)\n\n - An out-of-bounds write error exists when copying values\n from one array to another that could result in arbitrary\n code execution. (CVE-2014-1514)", "edition": 26, "published": "2014-03-19T00:00:00", "title": "Firefox < 28.0 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1498", "CVE-2014-1500", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496", "CVE-2014-1499"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MACOSX_FIREFOX_28.NASL", "href": "https://www.tenable.com/plugins/nessus/73096", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73096);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2014-1493\",\n \"CVE-2014-1494\",\n \"CVE-2014-1496\",\n \"CVE-2014-1497\",\n \"CVE-2014-1498\",\n \"CVE-2014-1499\",\n \"CVE-2014-1500\",\n \"CVE-2014-1502\",\n \"CVE-2014-1504\",\n \"CVE-2014-1505\",\n \"CVE-2014-1508\",\n \"CVE-2014-1509\",\n \"CVE-2014-1510\",\n \"CVE-2014-1511\",\n \"CVE-2014-1512\",\n \"CVE-2014-1513\",\n \"CVE-2014-1514\"\n );\n script_bugtraq_id(\n 66203,\n 66206,\n 66207,\n 66209,\n 66240,\n 66412,\n 66416,\n 66417,\n 66418,\n 66419,\n 66421,\n 66422,\n 66423,\n 66425,\n 66426,\n 66428,\n 66429\n );\n\n script_name(english:\"Firefox < 28.0 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is potentially\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox is a version prior to version 28.0.\nIt is, therefore, potentially affected by multiple vulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code\n execution. (CVE-2014-1493, CVE-2014-1494)\n\n - An issue exists where extracted files for updates are\n not read-only while updating. An attacker may be able\n to modify these extracted files resulting in privilege\n escalation. (CVE-2014-1496)\n\n - An out-of-bounds read error exists when decoding WAV\n format audio files that could lead to a denial of\n service attack or information disclosure.\n (CVE-2014-1497)\n\n - An issue exists in the 'crypto.generateCRFMRequest'\n method due to improper validation of the KeyParams\n argument when generating 'ec-dual-use' requests. This\n could lead to a denial of service attack.\n (CVE-2014-1498)\n\n - An issue exists that could allow for spoofing attacks to\n occur during a WebRTC session. Exploitation of this\n issue could allow an attacker to gain access to the\n user's webcam or microphone. (CVE-2014-1499)\n\n - An issue exists with JavaScript 'onbeforeunload' events\n that could lead to denial of service attacks.\n (CVE-2014-1500)\n\n - An issue exists where WebGL context from one website\n can be injected into the WebGL context of another\n website, which could result in arbitrary content being\n rendered from the second website. (CVE-2014-1502)\n\n - A cross-site scripting issue exists due to the Content\n Security Policy (CSP) of 'data:' documents not being\n saved for a session restore. Under certain\n circumstances, an attacker may be able to evade the CSP\n of a remote website resulting in a cross-scripting\n attack. (CVE-2014-1504)\n\n - An out-of-bounds read error exists when polygons are\n rendered in 'MathML' that could lead to information\n disclosure. (CVE-2014-1508)\n\n - A memory corruption issue exists in the Cairo graphics\n library when rendering a PDF file that could lead to\n arbitrary code execution or a denial of service attack.\n (CVE-2014-1509)\n\n - An issue exists in the SVG filters and the\n feDisplacementMap element that could lead to\n information disclosure via timing attacks.\n (CVE-2014-1505)\n\n - An issue exists that could allow malicious websites to\n load chrome-privileged pages when JavaScript\n implemented WebIDL calls the 'window.open()' function,\n which may result in arbitrary code execution.\n (CVE-2014-1510)\n\n - An issue exists that could allow a malicious website to\n bypass the pop-up blocker. (CVE-2014-1511)\n\n - A use-after-free memory issue exists in 'TypeObjects'\n in the JavaScript engine during Garbage Collection\n that could lead to arbitrary code execution.\n (CVE-2014-1512)\n\n - An out-of-bounds write error exists due to\n 'TypedArrayObject' improperly handling 'ArrayBuffer'\n objects that could result in arbitrary code execution.\n (CVE-2014-1513)\n\n - An out-of-bounds write error exists when copying values\n from one array to another that could result in arbitrary\n code execution. (CVE-2014-1514)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/531617/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-18/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-19/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-18/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-19/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-20/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-22/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-23/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-26/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-27/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-28/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-29/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-30/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-31/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-32/\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox 28.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox WebIDL Privileged Javascript Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'28.0', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:32:30", "description": "The installed version of SeaMonkey is a version prior to 2.25 and is,\ntherefore, potentially affected by the following vulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code\n execution. (CVE-2014-1493, CVE-2014-1494)\n\n - An issue exists where extracted files for updates are\n not read-only while updating. An attacker may be able\n to modify these extracted files resulting in privilege\n escalation. (CVE-2014-1496)\n\n - An out-of-bounds read error exists when decoding WAV\n format audio files that could lead to a denial of\n service attack or information disclosure.\n (CVE-2014-1497)\n\n - An issue exists in the 'crypto.generateCRFMRequest'\n method due to improper validation of the KeyParams\n argument when generating 'ec-dual-use' requests. This\n could lead to a denial of service attack.\n (CVE-2014-1498)\n\n - An issue exists that could allow for spoofing attacks to\n occur during a WebRTC session. Exploitation of this\n issue could allow an attacker to gain access to the\n user's webcam or microphone. (CVE-2014-1499)\n\n - An issue exists with JavaScript 'onbeforeunload' events\n that could lead to denial of service attacks.\n (CVE-2014-1500)\n\n - An issue exists where WebGL context from one website\n can be injected into the WebGL context of another\n website that could result in arbitrary content being\n rendered from the second website. (CVE-2014-1502)\n\n - A cross-site scripting issue exists due to the Content\n Security Policy (CSP) of 'data:' documents not being\n saved for a session restore. Under certain\n circumstances, an attacker may be able to evade the CSP\n of a remote website resulting in a cross-scripting\n attack. (CVE-2014-1504)\n\n - An out-of-bounds read error exists when polygons are\n rendered in 'MathML' that could lead to information\n disclosure. (CVE-2014-1508)\n\n - A memory corruption issue exists in the Cairo graphics\n library when rendering a PDF file that could lead to\n arbitrary code execution or a denial of service attack.\n (CVE-2014-1509)\n\n - An issue exists in the SVG filters and the\n feDisplacementMap element that could lead to\n information disclosure via timing attacks.\n (CVE-2014-1505)\n\n - An issue exists that could allow malicious websites to\n load chrome-privileged pages when JavaScript\n implemented WebIDL calls the 'window.open()' function,\n which may result in arbitrary code execution.\n (CVE-2014-1510)\n\n - An issue exists that could allow a malicious website to\n bypass the pop-up blocker. (CVE-2014-1511)\n\n - A use-after-free memory issue exists in 'TypeObjects'\n in the JavaScript engine during Garbage Collection\n that could lead to arbitrary code execution.\n (CVE-2014-1512)\n\n - An out-of-bounds write error exists due to\n 'TypedArrayObject' improperly handling 'ArrayBuffer'\n objects that could result in arbitrary code execution.\n (CVE-2014-1513)\n\n - An out-of-bounds write error exists when copying values\n from one array to another that could result in arbitrary\n code execution. (CVE-2014-1514)", "edition": 26, "published": "2014-03-19T00:00:00", "title": "SeaMonkey < 2.25 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1498", "CVE-2014-1500", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496", "CVE-2014-1499"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:seamonkey"], "id": "SEAMONKEY_2_25.NASL", "href": "https://www.tenable.com/plugins/nessus/73101", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73101);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\n \"CVE-2014-1493\",\n \"CVE-2014-1494\",\n \"CVE-2014-1496\",\n \"CVE-2014-1497\",\n \"CVE-2014-1498\",\n \"CVE-2014-1499\",\n \"CVE-2014-1500\",\n \"CVE-2014-1502\",\n \"CVE-2014-1504\",\n \"CVE-2014-1505\",\n \"CVE-2014-1508\",\n \"CVE-2014-1509\",\n \"CVE-2014-1510\",\n \"CVE-2014-1511\",\n \"CVE-2014-1512\",\n \"CVE-2014-1513\",\n \"CVE-2014-1514\"\n );\n script_bugtraq_id(\n 66203,\n 66206,\n 66207,\n 66209,\n 66240,\n 66412,\n 66416,\n 66417,\n 66418,\n 66419,\n 66421,\n 66422,\n 66423,\n 66425,\n 66426,\n 66428,\n 66429\n );\n\n script_name(english:\"SeaMonkey < 2.25 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of SeaMonkey\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is potentially\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of SeaMonkey is a version prior to 2.25 and is,\ntherefore, potentially affected by the following vulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code\n execution. (CVE-2014-1493, CVE-2014-1494)\n\n - An issue exists where extracted files for updates are\n not read-only while updating. An attacker may be able\n to modify these extracted files resulting in privilege\n escalation. (CVE-2014-1496)\n\n - An out-of-bounds read error exists when decoding WAV\n format audio files that could lead to a denial of\n service attack or information disclosure.\n (CVE-2014-1497)\n\n - An issue exists in the 'crypto.generateCRFMRequest'\n method due to improper validation of the KeyParams\n argument when generating 'ec-dual-use' requests. This\n could lead to a denial of service attack.\n (CVE-2014-1498)\n\n - An issue exists that could allow for spoofing attacks to\n occur during a WebRTC session. Exploitation of this\n issue could allow an attacker to gain access to the\n user's webcam or microphone. (CVE-2014-1499)\n\n - An issue exists with JavaScript 'onbeforeunload' events\n that could lead to denial of service attacks.\n (CVE-2014-1500)\n\n - An issue exists where WebGL context from one website\n can be injected into the WebGL context of another\n website that could result in arbitrary content being\n rendered from the second website. (CVE-2014-1502)\n\n - A cross-site scripting issue exists due to the Content\n Security Policy (CSP) of 'data:' documents not being\n saved for a session restore. Under certain\n circumstances, an attacker may be able to evade the CSP\n of a remote website resulting in a cross-scripting\n attack. (CVE-2014-1504)\n\n - An out-of-bounds read error exists when polygons are\n rendered in 'MathML' that could lead to information\n disclosure. (CVE-2014-1508)\n\n - A memory corruption issue exists in the Cairo graphics\n library when rendering a PDF file that could lead to\n arbitrary code execution or a denial of service attack.\n (CVE-2014-1509)\n\n - An issue exists in the SVG filters and the\n feDisplacementMap element that could lead to\n information disclosure via timing attacks.\n (CVE-2014-1505)\n\n - An issue exists that could allow malicious websites to\n load chrome-privileged pages when JavaScript\n implemented WebIDL calls the 'window.open()' function,\n which may result in arbitrary code execution.\n (CVE-2014-1510)\n\n - An issue exists that could allow a malicious website to\n bypass the pop-up blocker. (CVE-2014-1511)\n\n - A use-after-free memory issue exists in 'TypeObjects'\n in the JavaScript engine during Garbage Collection\n that could lead to arbitrary code execution.\n (CVE-2014-1512)\n\n - An out-of-bounds write error exists due to\n 'TypedArrayObject' improperly handling 'ArrayBuffer'\n objects that could result in arbitrary code execution.\n (CVE-2014-1513)\n\n - An out-of-bounds write error exists when copying values\n from one array to another that could result in arbitrary\n code execution. (CVE-2014-1514)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/531617/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-18/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-19/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-18/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-19/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-20/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-22/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-23/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-26/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-27/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-28/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-29/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-30/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-31/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-32/\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to SeaMonkey 2.25 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox WebIDL Privileged Javascript Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:seamonkey\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"SeaMonkey/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/SeaMonkey/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"SeaMonkey\");\n\nmozilla_check_version(installs:installs, product:'seamonkey', fix:'2.25', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T18:35:17", "description": "Mozilla Firefox was updated to 24.4.0ESR release, fixing various\nsecurity issues and bugs :\n\n - Mozilla developers and community identified identified\n and fixed several memory safety bugs in the browser\n engine used in Firefox and other Mozilla-based products.\n Some of these bugs showed evidence of memory corruption\n under certain circumstances, and we presume that with\n enough effort at least some of these could be exploited\n to run arbitrary code. (MFSA 2014-15)\n\n - Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij,\n Jesse Ruderman, Dan Gohman, and Christoph Diehl reported\n memory safety problems and crashes that affect Firefox\n ESR 24.3 and Firefox 27. (CVE-2014-1493)\n\n - Gregor Wagner, Olli Pettay, Gary Kwong, Jesse Ruderman,\n Luke Wagner, Rob Fletcher, and Makoto Kato reported\n memory safety problems and crashes that affect Firefox\n 27. (CVE-2014-1494)\n\n - Security researcher Ash reported an issue where the\n extracted files for updates to existing files are not\n read only during the update process. This allows for the\n potential replacement or modification of these files\n during the update process if a malicious application is\n present on the local system. (MFSA 2014-16 /\n CVE-2014-1496)\n\n - Security researcher Atte Kettunen from OUSPG reported an\n out of bounds read during the decoding of WAV format\n audio files for playback. This could allow web content\n access to heap data as well as causing a crash. (MFSA\n 2014-17 / CVE-2014-1497)\n\n - Mozilla developer David Keeler reported that the\n crypto.generateCRFMRequest method did not correctly\n validate the key type of the KeyParams argument when\n generating ec-dual-use requests. This could lead to a\n crash and a denial of service (DOS) attack. (MFSA\n 2014-18 / CVE-2014-1498)\n\n - Mozilla developer Ehsan Akhgari reported a spoofing\n attack where the permission prompt for a WebRTC session\n can appear to be from a different site than its actual\n originating site if a timed navigation occurs during the\n prompt generation. This allows an attacker to\n potentially gain access to the webcam or microphone by\n masquerading as another site and gaining user permission\n through spoofing. (MFSA 2014-19 / CVE-2014-1499)\n\n - Security researchers Tim Philipp Schaefers and Sebastian\n Neef, the team of Internetwache.org, reported a\n mechanism using JavaScript onbeforeunload events with\n page navigation to prevent users from closing a\n malicious page's tab and causing the browser to become\n unresponsive. This allows for a denial of service (DOS)\n attack due to resource consumption and blocks the\n ability of users to exit the application. (MFSA 2014-20\n / CVE-2014-1500)\n\n - Security researcher Alex Infuehr reported that on\n Firefox for Android it is possible to open links to\n local files from web content by selecting 'Open Link in\n New Tab' from the context menu using the file: protocol.\n The web content would have to know the precise location\n of a malicious local file in order to exploit this\n issue. This issue does not affect Firefox on non-Android\n systems. (MFSA 2014-21 / CVE-2014-1501)\n\n - Mozilla developer Jeff Gilbert discovered a mechanism\n where a malicious site with WebGL content could inject\n content from its context to that of another site's WebGL\n context, causing the second site to replace textures and\n similar content. This cannot be used to steal data but\n could be used to render arbitrary content in these\n limited circumstances. (MFSA 2014-22 / CVE-2014-1502)\n\n - Security researcher Nicolas Golubovic reported that the\n Content Security Policy (CSP) of data: documents was not\n saved as part of session restore. If an attacker\n convinced a victim to open a document from a data: URL\n injected onto a page, this can lead to a Cross-Site\n Scripting (XSS) attack. The target page may have a\n strict CSP that protects against this XSS attack, but if\n the attacker induces a browser crash with another bug,\n an XSS attack would occur during session restoration,\n bypassing the CSP on the site. (MFSA 2014-23 /\n CVE-2014-1504)\n\n - Security researcher Tyson Smith and Jesse\n Schwartzentruber of the BlackBerry Security Automated\n Analysis Team used the Address Sanitizer tool while\n fuzzing to discover an out-of-bounds read during polygon\n rendering in MathML. This can allow web content to\n potentially read protected memory addresses. In\n combination with previous techniques used for SVG timing\n attacks, this could allow for text values to be read\n across domains, leading to information disclosure. (MFSA\n 2014-26 / CVE-2014-1508)\n\n - Security researcher John Thomson discovered a memory\n corruption in the Cairo graphics library during font\n rendering of a PDF file for display. This memory\n corruption leads to a potentially exploitable crash and\n to a denial of service (DOS). This issues is not able to\n be triggered in a default configuration and would\n require a malicious extension to be installed. (MFSA\n 2014-27 / CVE-2014-1509)\n\n - Mozilla developer Robert O'Callahan reported a mechanism\n for timing attacks involving SVG filters and\n displacements input to feDisplacementMap. This allows\n displacements to potentially be correlated with values\n derived from content. This is similar to the previously\n reported techniques used for SVG timing attacks and\n could allow for text values to be read across domains,\n leading to information disclosure. (MFSA 2014-28 /\n CVE-2014-1505)\n\n - Security researcher Mariusz Mlynski, via TippingPoint's\n Pwn2Own contest, reported that it is possible for\n untrusted web content to load a chrome-privileged page\n by getting JavaScript-implemented WebIDL to call\n window.open(). A second bug allowed the bypassing of the\n popup-blocker without user interaction. Combined these\n two bugs allow an attacker to load a JavaScript URL that\n is executed with the full privileges of the browser,\n which allows arbitrary code execution. (MFSA 2014-29 /\n CVE-2014-1510 / CVE-2014-1511)\n\n - Security research firm VUPEN, via TippingPoint's Pwn2Own\n contest, reported that memory pressure during Garbage\n Collection could lead to memory corruption of\n TypeObjects in the JS engine, resulting in an\n exploitable use-after-free condition. (MFSA 2014-30 /\n CVE-2014-1512)\n\n - Security researcher Jueri Aedla, via TippingPoint's\n Pwn2Own contest, reported that TypedArrayObject does not\n handle the case where ArrayBuffer objects are neutered,\n setting their length to zero while still in use. This\n leads to out-of-bounds reads and writes into the\n JavaScript heap, allowing for arbitrary code execution.\n (MFSA 2014-31 / CVE-2014-1513)\n\n - Security researcher George Hotz, via TippingPoint's\n Pwn2Own contest, discovered an issue where values are\n copied from an array into a second, neutered array. This\n allows for an out-of-bounds write into memory, causing\n an exploitable crash leading to arbitrary code\n execution. (MFSA 2014-32 / CVE-2014-1514)", "edition": 17, "published": "2014-03-22T00:00:00", "title": "SuSE 11.3 Security Update : MozillaFirefox (SAT Patch Number 9049)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1498", "CVE-2014-1501", "CVE-2014-1500", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496", "CVE-2014-1499"], "modified": "2014-03-22T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:MozillaFirefox-branding-SLED", "p-cpe:/a:novell:suse_linux:11:mozilla-nspr-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mozilla-nspr", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox"], "id": "SUSE_11_FIREFOX-201403-140320.NASL", "href": "https://www.tenable.com/plugins/nessus/73147", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73147);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1494\", \"CVE-2014-1496\", \"CVE-2014-1497\", \"CVE-2014-1498\", \"CVE-2014-1499\", \"CVE-2014-1500\", \"CVE-2014-1501\", \"CVE-2014-1502\", \"CVE-2014-1504\", \"CVE-2014-1505\", \"CVE-2014-1508\", \"CVE-2014-1509\", \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\", \"CVE-2014-1513\", \"CVE-2014-1514\");\n\n script_name(english:\"SuSE 11.3 Security Update : MozillaFirefox (SAT Patch Number 9049)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was updated to 24.4.0ESR release, fixing various\nsecurity issues and bugs :\n\n - Mozilla developers and community identified identified\n and fixed several memory safety bugs in the browser\n engine used in Firefox and other Mozilla-based products.\n Some of these bugs showed evidence of memory corruption\n under certain circumstances, and we presume that with\n enough effort at least some of these could be exploited\n to run arbitrary code. (MFSA 2014-15)\n\n - Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij,\n Jesse Ruderman, Dan Gohman, and Christoph Diehl reported\n memory safety problems and crashes that affect Firefox\n ESR 24.3 and Firefox 27. (CVE-2014-1493)\n\n - Gregor Wagner, Olli Pettay, Gary Kwong, Jesse Ruderman,\n Luke Wagner, Rob Fletcher, and Makoto Kato reported\n memory safety problems and crashes that affect Firefox\n 27. (CVE-2014-1494)\n\n - Security researcher Ash reported an issue where the\n extracted files for updates to existing files are not\n read only during the update process. This allows for the\n potential replacement or modification of these files\n during the update process if a malicious application is\n present on the local system. (MFSA 2014-16 /\n CVE-2014-1496)\n\n - Security researcher Atte Kettunen from OUSPG reported an\n out of bounds read during the decoding of WAV format\n audio files for playback. This could allow web content\n access to heap data as well as causing a crash. (MFSA\n 2014-17 / CVE-2014-1497)\n\n - Mozilla developer David Keeler reported that the\n crypto.generateCRFMRequest method did not correctly\n validate the key type of the KeyParams argument when\n generating ec-dual-use requests. This could lead to a\n crash and a denial of service (DOS) attack. (MFSA\n 2014-18 / CVE-2014-1498)\n\n - Mozilla developer Ehsan Akhgari reported a spoofing\n attack where the permission prompt for a WebRTC session\n can appear to be from a different site than its actual\n originating site if a timed navigation occurs during the\n prompt generation. This allows an attacker to\n potentially gain access to the webcam or microphone by\n masquerading as another site and gaining user permission\n through spoofing. (MFSA 2014-19 / CVE-2014-1499)\n\n - Security researchers Tim Philipp Schaefers and Sebastian\n Neef, the team of Internetwache.org, reported a\n mechanism using JavaScript onbeforeunload events with\n page navigation to prevent users from closing a\n malicious page's tab and causing the browser to become\n unresponsive. This allows for a denial of service (DOS)\n attack due to resource consumption and blocks the\n ability of users to exit the application. (MFSA 2014-20\n / CVE-2014-1500)\n\n - Security researcher Alex Infuehr reported that on\n Firefox for Android it is possible to open links to\n local files from web content by selecting 'Open Link in\n New Tab' from the context menu using the file: protocol.\n The web content would have to know the precise location\n of a malicious local file in order to exploit this\n issue. This issue does not affect Firefox on non-Android\n systems. (MFSA 2014-21 / CVE-2014-1501)\n\n - Mozilla developer Jeff Gilbert discovered a mechanism\n where a malicious site with WebGL content could inject\n content from its context to that of another site's WebGL\n context, causing the second site to replace textures and\n similar content. This cannot be used to steal data but\n could be used to render arbitrary content in these\n limited circumstances. (MFSA 2014-22 / CVE-2014-1502)\n\n - Security researcher Nicolas Golubovic reported that the\n Content Security Policy (CSP) of data: documents was not\n saved as part of session restore. If an attacker\n convinced a victim to open a document from a data: URL\n injected onto a page, this can lead to a Cross-Site\n Scripting (XSS) attack. The target page may have a\n strict CSP that protects against this XSS attack, but if\n the attacker induces a browser crash with another bug,\n an XSS attack would occur during session restoration,\n bypassing the CSP on the site. (MFSA 2014-23 /\n CVE-2014-1504)\n\n - Security researcher Tyson Smith and Jesse\n Schwartzentruber of the BlackBerry Security Automated\n Analysis Team used the Address Sanitizer tool while\n fuzzing to discover an out-of-bounds read during polygon\n rendering in MathML. This can allow web content to\n potentially read protected memory addresses. In\n combination with previous techniques used for SVG timing\n attacks, this could allow for text values to be read\n across domains, leading to information disclosure. (MFSA\n 2014-26 / CVE-2014-1508)\n\n - Security researcher John Thomson discovered a memory\n corruption in the Cairo graphics library during font\n rendering of a PDF file for display. This memory\n corruption leads to a potentially exploitable crash and\n to a denial of service (DOS). This issues is not able to\n be triggered in a default configuration and would\n require a malicious extension to be installed. (MFSA\n 2014-27 / CVE-2014-1509)\n\n - Mozilla developer Robert O'Callahan reported a mechanism\n for timing attacks involving SVG filters and\n displacements input to feDisplacementMap. This allows\n displacements to potentially be correlated with values\n derived from content. This is similar to the previously\n reported techniques used for SVG timing attacks and\n could allow for text values to be read across domains,\n leading to information disclosure. (MFSA 2014-28 /\n CVE-2014-1505)\n\n - Security researcher Mariusz Mlynski, via TippingPoint's\n Pwn2Own contest, reported that it is possible for\n untrusted web content to load a chrome-privileged page\n by getting JavaScript-implemented WebIDL to call\n window.open(). A second bug allowed the bypassing of the\n popup-blocker without user interaction. Combined these\n two bugs allow an attacker to load a JavaScript URL that\n is executed with the full privileges of the browser,\n which allows arbitrary code execution. (MFSA 2014-29 /\n CVE-2014-1510 / CVE-2014-1511)\n\n - Security research firm VUPEN, via TippingPoint's Pwn2Own\n contest, reported that memory pressure during Garbage\n Collection could lead to memory corruption of\n TypeObjects in the JS engine, resulting in an\n exploitable use-after-free condition. (MFSA 2014-30 /\n CVE-2014-1512)\n\n - Security researcher Jueri Aedla, via TippingPoint's\n Pwn2Own contest, reported that TypedArrayObject does not\n handle the case where ArrayBuffer objects are neutered,\n setting their length to zero while still in use. This\n leads to out-of-bounds reads and writes into the\n JavaScript heap, allowing for arbitrary code execution.\n (MFSA 2014-31 / CVE-2014-1513)\n\n - Security researcher George Hotz, via TippingPoint's\n Pwn2Own contest, discovered an issue where values are\n copied from an array into a second, neutered array. This\n allows for an out-of-bounds write into memory, causing\n an exploitable crash leading to arbitrary code\n execution. (MFSA 2014-32 / CVE-2014-1514)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-15.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-16.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-17.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-18.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-19.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-20.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-21.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-22.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-23.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-26.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-27.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-28.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-29.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-30.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-31.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-32.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=868603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1493.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1494.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1496.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1497.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1498.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1499.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1500.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1501.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1502.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1504.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1505.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1508.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1509.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1510.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1511.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1512.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1513.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1514.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9049.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox WebIDL Privileged Javascript Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-branding-SLED\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nspr-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-24.4.0esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-branding-SLED-24-0.7.23\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-translations-24.4.0esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"mozilla-nspr-4.10.4-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-24.4.0esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-branding-SLED-24-0.7.23\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-24.4.0esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nspr-4.10.4-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.10.4-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"MozillaFirefox-24.4.0esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"MozillaFirefox-branding-SLED-24-0.7.23\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"MozillaFirefox-translations-24.4.0esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"mozilla-nspr-4.10.4-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"mozilla-nspr-32bit-4.10.4-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.10.4-0.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:44:48", "description": "The Mozilla Project reports :\n\nMFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)\n\nMFSA 2014-16 Files extracted during updates are not always read only\n\nMFSA 2014-17 Out of bounds read during WAV file decoding\n\nMFSA 2014-18 crypto.generateCRMFRequest does not validate type of key\n\nMFSA 2014-19 Spoofing attack on WebRTC permission prompt\n\nMFSA 2014-20 onbeforeunload and JavaScript navigation DOS\n\nMFSA 2014-21 Local file access via Open Link in new tab\n\nMFSA 2014-22 WebGL content injection from one domain to rendering in\nanother\n\nMFSA 2014-23 Content Security Policy for data: documents not preserved\nby session restore\n\nMFSA 2014-24 Android Crash Reporter open to manipulation\n\nMFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable to\nrelative path escape\n\nMFSA 2014-26 Information disclosure through polygon rendering in\nMathML\n\nMFSA 2014-27 Memory corruption in Cairo during PDF font rendering\n\nMFSA 2014-28 SVG filters information disclosure through\nfeDisplacementMap\n\nMFSA 2014-29 Privilege escalation using WebIDL-implemented APIs\n\nMFSA 2014-30 Use-after-free in TypeObject\n\nMFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer\nobjects\n\nMFSA 2014-32 Out-of-bounds write through TypedArrayObject after\nneutering", "edition": 23, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-03-20T00:00:00", "title": "FreeBSD : mozilla -- multiple vulnerabilities (610de647-af8d-11e3-a25b-b4b52fce4ce8)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1511", "CVE-2014-1507", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1498", "CVE-2014-1501", "CVE-2014-1500", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1506", "CVE-2014-1496", "CVE-2014-1499"], "modified": "2014-03-20T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-thunderbird", "p-cpe:/a:freebsd:freebsd:linux-firefox", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:seamonkey", "p-cpe:/a:freebsd:freebsd:linux-seamonkey", "p-cpe:/a:freebsd:freebsd:firefox", "p-cpe:/a:freebsd:freebsd:thunderbird", "p-cpe:/a:freebsd:freebsd:firefox-esr"], "id": "FREEBSD_PKG_610DE647AF8D11E3A25BB4B52FCE4CE8.NASL", "href": "https://www.tenable.com/plugins/nessus/73111", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73111);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1494\", \"CVE-2014-1496\", \"CVE-2014-1497\", \"CVE-2014-1498\", \"CVE-2014-1499\", \"CVE-2014-1500\", \"CVE-2014-1501\", \"CVE-2014-1502\", \"CVE-2014-1504\", \"CVE-2014-1505\", \"CVE-2014-1506\", \"CVE-2014-1507\", \"CVE-2014-1508\", \"CVE-2014-1509\", \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\", \"CVE-2014-1513\", \"CVE-2014-1514\");\n\n script_name(english:\"FreeBSD : mozilla -- multiple vulnerabilities (610de647-af8d-11e3-a25b-b4b52fce4ce8)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The Mozilla Project reports :\n\nMFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)\n\nMFSA 2014-16 Files extracted during updates are not always read only\n\nMFSA 2014-17 Out of bounds read during WAV file decoding\n\nMFSA 2014-18 crypto.generateCRMFRequest does not validate type of key\n\nMFSA 2014-19 Spoofing attack on WebRTC permission prompt\n\nMFSA 2014-20 onbeforeunload and JavaScript navigation DOS\n\nMFSA 2014-21 Local file access via Open Link in new tab\n\nMFSA 2014-22 WebGL content injection from one domain to rendering in\nanother\n\nMFSA 2014-23 Content Security Policy for data: documents not preserved\nby session restore\n\nMFSA 2014-24 Android Crash Reporter open to manipulation\n\nMFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable to\nrelative path escape\n\nMFSA 2014-26 Information disclosure through polygon rendering in\nMathML\n\nMFSA 2014-27 Memory corruption in Cairo during PDF font rendering\n\nMFSA 2014-28 SVG filters information disclosure through\nfeDisplacementMap\n\nMFSA 2014-29 Privilege escalation using WebIDL-implemented APIs\n\nMFSA 2014-30 Use-after-free in TypeObject\n\nMFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer\nobjects\n\nMFSA 2014-32 Out-of-bounds write through TypedArrayObject after\nneutering\"\n );\n # https://www.mozilla.org/security/announce/2014/mfsa2014-15.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/\"\n );\n # https://www.mozilla.org/security/announce/2014/mfsa2014-16.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/\"\n );\n # https://www.mozilla.org/security/announce/2014/mfsa2014-17.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/\"\n );\n # https://www.mozilla.org/security/announce/2014/mfsa2014-18.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-18/\"\n );\n # https://www.mozilla.org/security/announce/2014/mfsa2014-19.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-19/\"\n );\n # https://www.mozilla.org/security/announce/2014/mfsa2014-20.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-20/\"\n );\n # https://www.mozilla.org/security/announce/2014/mfsa2014-21.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-21/\"\n );\n # https://www.mozilla.org/security/announce/2014/mfsa2014-22.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-22/\"\n );\n # https://www.mozilla.org/security/announce/2014/mfsa2014-23.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-23/\"\n );\n # https://www.mozilla.org/security/announce/2014/mfsa2014-24.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-24/\"\n );\n # https://www.mozilla.org/security/announce/2014/mfsa2014-25.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-25/\"\n );\n # https://www.mozilla.org/security/announce/2014/mfsa2014-26.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-26/\"\n );\n # https://www.mozilla.org/security/announce/2014/mfsa2014-27.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-27/\"\n );\n # https://www.mozilla.org/security/announce/2014/mfsa2014-28.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-28/\"\n );\n # https://www.mozilla.org/security/announce/2014/mfsa2014-29.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-29/\"\n );\n # https://www.mozilla.org/security/announce/2014/mfsa2014-30.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-30/\"\n );\n # https://www.mozilla.org/security/announce/2014/mfsa2014-31.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-31/\"\n );\n # https://www.mozilla.org/security/announce/2014/mfsa2014-32.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-32/\"\n );\n # http://www.mozilla.org/security/known-vulnerabilities/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/known-vulnerabilities/\"\n );\n # https://vuxml.freebsd.org/freebsd/610de647-af8d-11e3-a25b-b4b52fce4ce8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?614cdee7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox WebIDL Privileged Javascript Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox<28.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"firefox-esr<24.4.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<28.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey<2.25\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-thunderbird<24.4.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey<2.25\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird<24.4.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T11:04:35", "description": "The remote host is affected by the vulnerability described in GLSA-201504-01\n(Mozilla Products: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Firefox, Thunderbird,\n and SeaMonkey. Please review the CVE identifiers referenced below for\n details.\n \nImpact :\n\n A remote attacker could entice a user to view a specially crafted web\n page or email, possibly resulting in execution of arbitrary code or a\n Denial of Service condition. Furthermore, a remote attacker may be able\n to perform Man-in-the-Middle attacks, obtain sensitive information, spoof\n the address bar, conduct clickjacking attacks, bypass security\n restrictions and protection mechanisms, or have other unspecified\n impact.\n \nWorkaround :\n\n There are no known workarounds at this time.", "edition": 22, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-04-08T00:00:00", "title": "GLSA-201504-01 : Mozilla Products: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0824", "CVE-2014-1505", "CVE-2014-1536", "CVE-2014-1577", "CVE-2014-1513", "CVE-2013-5601", "CVE-2013-5612", "CVE-2015-0831", "CVE-2013-5595", "CVE-2014-1530", "CVE-2014-1590", "CVE-2014-1586", "CVE-2014-1583", "CVE-2015-0832", "CVE-2013-5616", "CVE-2013-5607", "CVE-2014-1510", "CVE-2014-1566", "CVE-2013-5598", "CVE-2013-5613", "CVE-2014-1522", "CVE-2014-1587", "CVE-2014-1567", "CVE-2014-1481", "CVE-2014-1539", "CVE-2014-1487", "CVE-2015-0825", "CVE-2014-1594", "CVE-2014-1538", "CVE-2013-5609", "CVE-2015-0821", "CVE-2014-1525", "CVE-2013-5619", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1559", "CVE-2014-1537", "CVE-2014-1582", "CVE-2014-1523", "CVE-2014-1576", "CVE-2014-8631", "CVE-2013-5615", "CVE-2014-1529", "CVE-2015-0828", "CVE-2013-5597", "CVE-2014-1543", "CVE-2014-1486", "CVE-2013-5590", "CVE-2013-5605", "CVE-2013-5610", "CVE-2014-1532", "CVE-2013-6671", "CVE-2014-1548", "CVE-2014-1584", "CVE-2014-1588", "CVE-2015-0826", "CVE-2014-1531", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1542", "CVE-2014-1477", "CVE-2014-1578", "CVE-2013-1741", "CVE-2014-1540", "CVE-2014-1534", "CVE-2014-8642", "CVE-2014-1482", "CVE-2014-8637", "CVE-2014-1479", "CVE-2014-1504", "CVE-2014-8636", "CVE-2014-1580", "CVE-2014-1511", "CVE-2015-0819", "CVE-2014-1520", "CVE-2015-0834", "CVE-2014-1545", "CVE-2013-5592", "CVE-2014-1492", "CVE-2014-1556", "CVE-2013-5606", "CVE-2015-0818", "CVE-2014-1563", "CVE-2014-1524", "CVE-2014-8632", "CVE-2014-1512", "CVE-2014-1581", "CVE-2013-5604", "CVE-2014-1514", "CVE-2014-1592", "CVE-2014-8641", "CVE-2014-1490", "CVE-2015-0835", "CVE-2014-1498", "CVE-2014-1589", "CVE-2014-1565", "CVE-2014-1568", "CVE-2014-1555", "CVE-2014-1564", "CVE-2014-1574", "CVE-2014-1558", "CVE-2014-1551", "CVE-2014-1519", "CVE-2014-1547", "CVE-2014-1480", "CVE-2014-5369", "CVE-2014-1500", "CVE-2014-1497", "CVE-2013-5596", "CVE-2014-1478", "CVE-2014-1485", "CVE-2015-0817", "CVE-2014-1493", "CVE-2014-1544", "CVE-2014-8634", "CVE-2013-2566", "CVE-2015-0823", "CVE-2013-5603", "CVE-2013-6673", "CVE-2014-1562", "CVE-2015-0836", "CVE-2014-1541", "CVE-2014-1488", "CVE-2014-1552", "CVE-2013-5599", "CVE-2014-1553", "CVE-2014-8639", "CVE-2015-0829", "CVE-2014-1549", "CVE-2013-5591", "CVE-2013-5602", "CVE-2015-0822", "CVE-2014-1496", "CVE-2014-1554", "CVE-2015-0830", "CVE-2015-0827", "CVE-2014-8640", "CVE-2014-1557", "CVE-2014-1526", "CVE-2013-5593", "CVE-2014-1550", "CVE-2014-1533", "CVE-2014-1491", "CVE-2013-6672", "CVE-2013-5614", "CVE-2014-1575", "CVE-2014-8635", "CVE-2014-8638", "CVE-2014-1560", "CVE-2014-1585", "CVE-2014-1483", "CVE-2014-1489", "CVE-2014-1591", "CVE-2014-1593", "CVE-2015-0820", "CVE-2013-5600", "CVE-2014-1499", "CVE-2014-1518", "CVE-2014-1561", "CVE-2015-0833", "CVE-2013-5618"], "modified": "2015-04-08T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:seamonkey-bin", "p-cpe:/a:gentoo:linux:firefox", "p-cpe:/a:gentoo:linux:nspr", "p-cpe:/a:gentoo:linux:thunderbird", "cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:seamonkey", "p-cpe:/a:gentoo:linux:thunderbird-bin", "p-cpe:/a:gentoo:linux:firefox-bin"], "id": "GENTOO_GLSA-201504-01.NASL", "href": "https://www.tenable.com/plugins/nessus/82632", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201504-01.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82632);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-1741\", \"CVE-2013-2566\", \"CVE-2013-5590\", \"CVE-2013-5591\", \"CVE-2013-5592\", \"CVE-2013-5593\", \"CVE-2013-5595\", \"CVE-2013-5596\", \"CVE-2013-5597\", \"CVE-2013-5598\", \"CVE-2013-5599\", \"CVE-2013-5600\", \"CVE-2013-5601\", \"CVE-2013-5602\", \"CVE-2013-5603\", \"CVE-2013-5604\", \"CVE-2013-5605\", \"CVE-2013-5606\", \"CVE-2013-5607\", \"CVE-2013-5609\", \"CVE-2013-5610\", \"CVE-2013-5612\", \"CVE-2013-5613\", \"CVE-2013-5614\", \"CVE-2013-5615\", \"CVE-2013-5616\", \"CVE-2013-5618\", \"CVE-2013-5619\", \"CVE-2013-6671\", \"CVE-2013-6672\", \"CVE-2013-6673\", \"CVE-2014-1477\", \"CVE-2014-1478\", \"CVE-2014-1479\", \"CVE-2014-1480\", \"CVE-2014-1481\", \"CVE-2014-1482\", \"CVE-2014-1483\", \"CVE-2014-1485\", \"CVE-2014-1486\", \"CVE-2014-1487\", \"CVE-2014-1488\", \"CVE-2014-1489\", \"CVE-2014-1490\", \"CVE-2014-1491\", \"CVE-2014-1492\", \"CVE-2014-1493\", \"CVE-2014-1494\", \"CVE-2014-1496\", \"CVE-2014-1497\", \"CVE-2014-1498\", \"CVE-2014-1499\", \"CVE-2014-1500\", \"CVE-2014-1502\", \"CVE-2014-1504\", \"CVE-2014-1505\", \"CVE-2014-1508\", \"CVE-2014-1509\", \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\", \"CVE-2014-1513\", \"CVE-2014-1514\", \"CVE-2014-1518\", \"CVE-2014-1519\", \"CVE-2014-1520\", \"CVE-2014-1522\", \"CVE-2014-1523\", \"CVE-2014-1524\", \"CVE-2014-1525\", \"CVE-2014-1526\", \"CVE-2014-1529\", \"CVE-2014-1530\", \"CVE-2014-1531\", \"CVE-2014-1532\", \"CVE-2014-1533\", \"CVE-2014-1534\", \"CVE-2014-1536\", \"CVE-2014-1537\", \"CVE-2014-1538\", \"CVE-2014-1539\", \"CVE-2014-1540\", \"CVE-2014-1541\", \"CVE-2014-1542\", \"CVE-2014-1543\", \"CVE-2014-1544\", \"CVE-2014-1545\", \"CVE-2014-1547\", \"CVE-2014-1548\", \"CVE-2014-1549\", \"CVE-2014-1550\", \"CVE-2014-1551\", \"CVE-2014-1552\", \"CVE-2014-1553\", \"CVE-2014-1554\", \"CVE-2014-1555\", \"CVE-2014-1556\", \"CVE-2014-1557\", \"CVE-2014-1558\", \"CVE-2014-1559\", \"CVE-2014-1560\", \"CVE-2014-1561\", \"CVE-2014-1562\", \"CVE-2014-1563\", \"CVE-2014-1564\", \"CVE-2014-1565\", \"CVE-2014-1566\", \"CVE-2014-1567\", \"CVE-2014-1568\", \"CVE-2014-1574\", \"CVE-2014-1575\", \"CVE-2014-1576\", \"CVE-2014-1577\", \"CVE-2014-1578\", \"CVE-2014-1580\", \"CVE-2014-1581\", \"CVE-2014-1582\", \"CVE-2014-1583\", \"CVE-2014-1584\", \"CVE-2014-1585\", \"CVE-2014-1586\", \"CVE-2014-1587\", \"CVE-2014-1588\", \"CVE-2014-1589\", \"CVE-2014-1590\", \"CVE-2014-1591\", \"CVE-2014-1592\", \"CVE-2014-1593\", \"CVE-2014-1594\", \"CVE-2014-5369\", \"CVE-2014-8631\", \"CVE-2014-8632\", \"CVE-2014-8634\", \"CVE-2014-8635\", \"CVE-2014-8636\", \"CVE-2014-8637\", \"CVE-2014-8638\", \"CVE-2014-8639\", \"CVE-2014-8640\", \"CVE-2014-8641\", \"CVE-2014-8642\", \"CVE-2015-0817\", \"CVE-2015-0818\", \"CVE-2015-0819\", \"CVE-2015-0820\", \"CVE-2015-0821\", \"CVE-2015-0822\", \"CVE-2015-0823\", \"CVE-2015-0824\", \"CVE-2015-0825\", \"CVE-2015-0826\", \"CVE-2015-0827\", \"CVE-2015-0828\", \"CVE-2015-0829\", \"CVE-2015-0830\", \"CVE-2015-0831\", \"CVE-2015-0832\", \"CVE-2015-0833\", \"CVE-2015-0834\", \"CVE-2015-0835\", \"CVE-2015-0836\");\n script_xref(name:\"GLSA\", value:\"201504-01\");\n\n script_name(english:\"GLSA-201504-01 : Mozilla Products: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201504-01\n(Mozilla Products: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Firefox, Thunderbird,\n and SeaMonkey. Please review the CVE identifiers referenced below for\n details.\n \nImpact :\n\n A remote attacker could entice a user to view a specially crafted web\n page or email, possibly resulting in execution of arbitrary code or a\n Denial of Service condition. Furthermore, a remote attacker may be able\n to perform Man-in-the-Middle attacks, obtain sensitive information, spoof\n the address bar, conduct clickjacking attacks, bypass security\n restrictions and protection mechanisms, or have other unspecified\n impact.\n \nWorkaround :\n\n There are no known workarounds at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201504-01\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All firefox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-31.5.3'\n All firefox-bin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-31.5.3'\n All thunderbird users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-31.5.0'\n All thunderbird-bin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=mail-client/thunderbird-bin-31.5.0'\n All seamonkey users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/seamonkey-2.33.1'\n All seamonkey-bin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-2.33.1'\n All nspr users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/nspr-4.10.6'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox Proxy Prototype Privileged Javascript Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:firefox-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:seamonkey-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:thunderbird-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/nspr\", unaffected:make_list(\"ge 4.10.6\"), vulnerable:make_list(\"lt 4.10.6\"))) flag++;\nif (qpkg_check(package:\"mail-client/thunderbird\", unaffected:make_list(\"ge 31.5.0\"), vulnerable:make_list(\"lt 31.5.0\"))) flag++;\nif (qpkg_check(package:\"mail-client/thunderbird-bin\", unaffected:make_list(\"ge 31.5.0\"), vulnerable:make_list(\"lt 31.5.0\"))) flag++;\nif (qpkg_check(package:\"www-client/firefox\", unaffected:make_list(\"ge 31.5.3\"), vulnerable:make_list(\"lt 31.5.3\"))) flag++;\nif (qpkg_check(package:\"www-client/firefox-bin\", unaffected:make_list(\"ge 31.5.3\"), vulnerable:make_list(\"lt 31.5.3\"))) flag++;\nif (qpkg_check(package:\"www-client/seamonkey\", unaffected:make_list(\"ge 2.33.1\"), vulnerable:make_list(\"lt 2.33.1\"))) flag++;\nif (qpkg_check(package:\"www-client/seamonkey-bin\", unaffected:make_list(\"ge 2.33.1\"), vulnerable:make_list(\"lt 2.33.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla Products\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:57:23", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1498", "CVE-2014-1501", "CVE-2014-1500", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496", "CVE-2014-1499"], "description": "Mozilla Firefox was updated to 24.4.0ESR release, fixing\n various security issues and bugs:\n\n *\n\n MFSA 2014-15: Mozilla developers and community\n identified identified and fixed several memory safety bugs\n in the browser engine used in Firefox and other\n Mozilla-based products. Some of these bugs showed evidence\n of memory corruption under certain circumstances, and we\n presume that with enough effort at least some of these\n could be exploited to run arbitrary code.\n\n *\n\n Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij,\n Jesse Ruderman, Dan Gohman, and Christoph Diehl reported\n memory safety problems and crashes that affect Firefox ESR\n 24.3 and Firefox 27. (CVE-2014-1493)\n\n *\n\n Gregor Wagner, Olli Pettay, Gary Kwong, Jesse\n Ruderman, Luke Wagner, Rob Fletcher, and Makoto Kato\n reported memory safety problems and crashes that affect\n Firefox 27. (CVE-2014-1494)\n\n *\n\n MFSA 2014-16 / CVE-2014-1496: Security researcher Ash\n reported an issue where the extracted files for updates to\n existing files are not read only during the update process.\n This allows for the potential replacement or modification\n of these files during the update process if a malicious\n application is present on the local system.\n\n *\n\n MFSA 2014-17 / CVE-2014-1497: Security researcher\n Atte Kettunen from OUSPG reported an out of bounds read\n during the decoding of WAV format audio files for playback.\n This could allow web content access to heap data as well as\n causing a crash.\n\n *\n\n MFSA 2014-18 / CVE-2014-1498: Mozilla developer David\n Keeler reported that the crypto.generateCRFMRequest method\n did not correctly validate the key type of the KeyParams\n argument when generating ec-dual-use requests. This could\n lead to a crash and a denial of service (DOS) attack.\n\n *\n\n MFSA 2014-19 / CVE-2014-1499: Mozilla developer Ehsan\n Akhgari reported a spoofing attack where the permission\n prompt for a WebRTC session can appear to be from a\n different site than its actual originating site if a timed\n navigation occurs during the prompt generation. This allows\n an attacker to potentially gain access to the webcam or\n microphone by masquerading as another site and gaining user\n permission through spoofing.\n\n *\n\n MFSA 2014-20 / CVE-2014-1500: Security researchers\n Tim Philipp Schaefers and Sebastian Neef, the team of\n Internetwache.org, reported a mechanism using JavaScript\n onbeforeunload events with page navigation to prevent users\n from closing a malicious page's tab and causing the browser\n to become unresponsive. This allows for a denial of service\n (DOS) attack due to resource consumption and blocks the\n ability of users to exit the application.\n\n *\n\n MFSA 2014-21 / CVE-2014-1501: Security researcher\n Alex Infuehr reported that on Firefox for Android it is\n possible to open links to local files from web content by\n selecting "Open Link in New Tab" from the context menu\n using the file: protocol. The web content would have to\n know the precise location of a malicious local file in\n order to exploit this issue. This issue does not affect\n Firefox on non-Android systems.\n\n *\n\n MFSA 2014-22 / CVE-2014-1502: Mozilla developer Jeff\n Gilbert discovered a mechanism where a malicious site with\n WebGL content could inject content from its context to that\n of another site's WebGL context, causing the second site to\n replace textures and similar content. This cannot be used\n to steal data but could be used to render arbitrary content\n in these limited circumstances.\n\n *\n\n MFSA 2014-23 / CVE-2014-1504: Security researcher\n Nicolas Golubovic reported that the Content Security Policy\n (CSP) of data: documents was not saved as part of session\n restore. If an attacker convinced a victim to open a\n document from a data: URL injected onto a page, this can\n lead to a Cross-Site Scripting (XSS) attack. The target\n page may have a strict CSP that protects against this XSS\n attack, but if the attacker induces a browser crash with\n another bug, an XSS attack would occur during session\n restoration, bypassing the CSP on the site.\n\n *\n\n MFSA 2014-26 / CVE-2014-1508: Security researcher\n Tyson Smith and Jesse Schwartzentruber of the BlackBerry\n Security Automated Analysis Team used the Address Sanitizer\n tool while fuzzing to discover an out-of-bounds read during\n polygon rendering in MathML. This can allow web content to\n potentially read protected memory addresses. In combination\n with previous techniques used for SVG timing attacks, this\n could allow for text values to be read across domains,\n leading to information disclosure.\n\n *\n\n MFSA 2014-27 / CVE-2014-1509: Security researcher\n John Thomson discovered a memory corruption in the Cairo\n graphics library during font rendering of a PDF file for\n display. This memory corruption leads to a potentially\n exploitable crash and to a denial of service (DOS). This\n issues is not able to be triggered in a default\n configuration and would require a malicious extension to be\n installed.\n\n *\n\n MFSA 2014-28 / CVE-2014-1505: Mozilla developer\n Robert O'Callahan reported a mechanism for timing attacks\n involving SVG filters and displacements input to\n feDisplacementMap. This allows displacements to potentially\n be correlated with values derived from content. This is\n similar to the previously reported techniques used for SVG\n timing attacks and could allow for text values to be read\n across domains, leading to information disclosure.\n\n *\n\n MFSA 2014-29 / CVE-2014-1510 / CVE-2014-1511:\n Security researcher Mariusz Mlynski, via TippingPoint's\n Pwn2Own contest, reported that it is possible for untrusted\n web content to load a chrome-privileged page by getting\n JavaScript-implemented WebIDL to call window.open(). A\n second bug allowed the bypassing of the popup-blocker\n without user interaction. Combined these two bugs allow an\n attacker to load a JavaScript URL that is executed with the\n full privileges of the browser, which allows arbitrary code\n execution.\n\n *\n\n MFSA 2014-30 / CVE-2014-1512: Security research firm\n VUPEN, via TippingPoint's Pwn2Own contest, reported that\n memory pressure during Garbage Collection could lead to\n memory corruption of TypeObjects in the JS engine,\n resulting in an exploitable use-after-free condition.\n\n *\n\n MFSA 2014-31 / CVE-2014-1513: Security researcher\n Jueri Aedla, via TippingPoint's Pwn2Own contest, reported\n that TypedArrayObject does not handle the case where\n ArrayBuffer objects are neutered, setting their length to\n zero while still in use. This leads to out-of-bounds reads\n and writes into the JavaScript heap, allowing for arbitrary\n code execution.\n\n *\n\n MFSA 2014-32 / CVE-2014-1514: Security researcher\n George Hotz, via TippingPoint's Pwn2Own contest, discovered\n an issue where values are copied from an array into a\n second, neutered array. This allows for an out-of-bounds\n write into memory, causing an exploitable crash leading to\n arbitrary code execution.\n\n", "edition": 1, "modified": "2014-03-21T23:04:18", "published": "2014-03-21T23:04:18", "id": "SUSE-SU-2014:0418-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html", "title": "Security update for MozillaFirefox (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2020-08-11T13:42:56", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1511", "CVE-2014-1507", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1498", "CVE-2014-1501", "CVE-2014-1500", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1506", "CVE-2014-1496", "CVE-2014-1499"], "description": "\nThe Mozilla Project reports:\n\nMFSA 2014-15 Miscellaneous memory safety hazards\n\t (rv:28.0 / rv:24.4)\nMFSA 2014-16 Files extracted during updates are not always\n\t read only\nMFSA 2014-17 Out of bounds read during WAV file decoding\nMFSA 2014-18 crypto.generateCRMFRequest does not validate\n\t type of key\nMFSA 2014-19 Spoofing attack on WebRTC permission prompt\nMFSA 2014-20 onbeforeunload and Javascript navigation DOS\nMFSA 2014-21 Local file access via Open Link in new tab\nMFSA 2014-22 WebGL content injection from one domain to\n\t rendering in another\nMFSA 2014-23 Content Security Policy for data: documents\n\t not preserved by session restore\nMFSA 2014-24 Android Crash Reporter open to manipulation\nMFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable\n\t to relative path escape\nMFSA 2014-26 Information disclosure through polygon\n\t rendering in MathML\nMFSA 2014-27 Memory corruption in Cairo during PDF font\n\t rendering\nMFSA 2014-28 SVG filters information disclosure through\n\t feDisplacementMap\nMFSA 2014-29 Privilege escalation using WebIDL-implemented\n\t APIs\nMFSA 2014-30 Use-after-free in TypeObject\nMFSA 2014-31 Out-of-bounds read/write through neutering\n\t ArrayBuffer objects\nMFSA 2014-32 Out-of-bounds write through TypedArrayObject\n\t after neutering\n\n", "edition": 5, "modified": "2014-03-20T00:00:00", "published": "2014-03-19T00:00:00", "id": "610DE647-AF8D-11E3-A25B-B4B52FCE4CE8", "href": "https://vuxml.freebsd.org/freebsd/610de647-af8d-11e3-a25b-b4b52fce4ce8.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1484", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1516", "CVE-2014-1504", "CVE-2014-1511", "CVE-2014-1507", "CVE-2014-1492", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1498", "CVE-2014-1515", "CVE-2014-1501", "CVE-2014-1500", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1506", "CVE-2014-1496", "CVE-2014-1499"], "description": "Buffer overflows, memory corruptions, information leakage, privilege escalation, protection bypass, unauthorized access, interface spoofing.", "edition": 1, "modified": "2014-03-27T00:00:00", "published": "2014-03-27T00:00:00", "id": "SECURITYVULNS:VULN:13621", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13621", "title": "Mozilla Firefox / Thunderbird / Seamonkey / nss multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:40", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0824", "CVE-2014-1505", "CVE-2014-1536", "CVE-2014-1577", "CVE-2014-1513", "CVE-2013-5601", "CVE-2013-5612", "CVE-2015-0831", "CVE-2013-5595", "CVE-2014-1530", "CVE-2014-1590", "CVE-2014-1586", "CVE-2014-1583", "CVE-2015-0832", "CVE-2013-5616", "CVE-2013-5607", "CVE-2014-1510", "CVE-2014-1566", "CVE-2013-5598", "CVE-2013-5613", "CVE-2014-1522", "CVE-2014-1587", "CVE-2014-1567", "CVE-2014-1481", "CVE-2014-1539", "CVE-2014-1487", "CVE-2015-0825", "CVE-2014-1594", "CVE-2014-1538", "CVE-2013-5609", "CVE-2015-0821", "CVE-2014-1525", "CVE-2013-5619", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1559", "CVE-2014-1537", "CVE-2014-1582", "CVE-2014-1523", "CVE-2014-1576", "CVE-2014-8631", "CVE-2013-5615", "CVE-2014-1529", "CVE-2015-0828", "CVE-2013-5597", "CVE-2014-1543", "CVE-2014-1486", "CVE-2013-5590", "CVE-2013-5605", "CVE-2013-5610", "CVE-2014-1532", "CVE-2013-6671", "CVE-2014-1548", "CVE-2014-1584", "CVE-2014-1588", "CVE-2015-0826", "CVE-2014-1531", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1542", "CVE-2014-1477", "CVE-2014-1578", "CVE-2013-1741", "CVE-2014-1540", "CVE-2014-1534", "CVE-2014-8642", "CVE-2014-1482", "CVE-2014-8637", "CVE-2014-1479", "CVE-2014-1504", "CVE-2014-8636", "CVE-2014-1580", "CVE-2014-1511", "CVE-2015-0819", "CVE-2014-1520", "CVE-2015-0834", "CVE-2014-1545", "CVE-2013-5592", "CVE-2014-1492", "CVE-2014-1556", "CVE-2013-5606", "CVE-2015-0818", "CVE-2014-1563", "CVE-2014-1524", "CVE-2014-8632", "CVE-2014-1512", "CVE-2014-1581", "CVE-2013-5604", "CVE-2014-1514", "CVE-2014-1592", "CVE-2014-8641", "CVE-2014-1490", "CVE-2015-0835", "CVE-2014-1498", "CVE-2014-1589", "CVE-2014-1565", "CVE-2014-1568", "CVE-2014-1555", "CVE-2014-1564", "CVE-2014-1574", "CVE-2014-1558", "CVE-2014-1551", "CVE-2014-1519", "CVE-2014-1547", "CVE-2014-1480", "CVE-2014-5369", "CVE-2014-1500", "CVE-2014-1497", "CVE-2013-5596", "CVE-2014-1478", "CVE-2014-1485", "CVE-2015-0817", "CVE-2014-1493", "CVE-2014-1544", "CVE-2014-8634", "CVE-2013-2566", "CVE-2015-0823", "CVE-2013-5603", "CVE-2013-6673", "CVE-2014-1562", "CVE-2015-0836", "CVE-2014-1541", "CVE-2014-1488", "CVE-2014-1552", "CVE-2013-5599", "CVE-2014-1553", "CVE-2014-8639", "CVE-2015-0829", "CVE-2014-1549", "CVE-2013-5591", "CVE-2013-5602", "CVE-2015-0822", "CVE-2014-1496", "CVE-2014-1554", "CVE-2015-0830", "CVE-2015-0827", "CVE-2014-8640", "CVE-2014-1557", "CVE-2014-1526", "CVE-2013-5593", "CVE-2014-1550", "CVE-2014-1533", "CVE-2014-1491", "CVE-2013-6672", "CVE-2013-5614", "CVE-2014-1575", "CVE-2014-8635", "CVE-2014-8638", "CVE-2014-1560", "CVE-2014-1585", "CVE-2014-1483", "CVE-2014-1489", "CVE-2014-1591", "CVE-2014-1593", "CVE-2015-0820", "CVE-2013-5600", "CVE-2014-1499", "CVE-2014-1518", "CVE-2014-1561", "CVE-2015-0833", "CVE-2013-5618"], "edition": 1, "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-31.5.3\"\n \n\nAll firefox-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-31.5.3\"\n \n\nAll thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-31.5.0\"\n \n\nAll thunderbird-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-31.5.0\"\n \n\nAll seamonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.33.1\"\n \n\nAll seamonkey-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.33.1\"\n \n\nAll nspr users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nspr-4.10.6\"", "modified": "2015-04-08T00:00:00", "published": "2015-04-07T00:00:00", "id": "GLSA-201504-01", "href": "https://security.gentoo.org/glsa/201504-01", "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
