Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MACOSX_FIREFOX_30.NASL
HistoryJun 11, 2014 - 12:00 a.m.

Firefox < 30.0 Multiple Vulnerabilities (Mac OS X)

2014-06-1100:00:00
This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.089

Percentile

94.6%

JSON

The version of Firefox installed on the remote Mac OS X host is a version prior to version 30.0. It is, therefore, affected by multiple vulnerabilities :

  • Memory issues exist that could lead to arbitrary code execution. Note that these issues only affect Firefox 29. (CVE-2014-1533, CVE-2014-1534)

  • An out-of-bounds read issue exists in ‘PropertyProvider::FindJustificationRange’.
    (CVE-2014-1536)

  • Use-after-free memory issues exist in ‘mozilla::dom::workers::WorkerPrivateParent’, ‘nsTextEditRules::CreateMozBR’, and the SMIL Animation Controller that could lead to code execution.
    (CVE-2014-1537, CVE-2014-1538, CVE-2014-1541)

  • An issue exists when the cursor is used on an embedded Flash object which can make the cursor invisible and lead to clickjacking attacks. (CVE-2014-1539)

  • A use-after-free memory issue exists in the event listener manager. Note that this issue only affects Firefox 29. (CVE-2014-1540)

  • A buffer overflow issue exists in the Speex resampler for Web Audio that could lead to code execution.
    (CVE-2014-1542)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(74437);
  script_version("1.5");
  script_cvs_date("Date: 2019/11/26");

  script_cve_id(
    "CVE-2014-1533",
    "CVE-2014-1534",
    "CVE-2014-1536",
    "CVE-2014-1537",
    "CVE-2014-1538",
    "CVE-2014-1539",
    "CVE-2014-1540",
    "CVE-2014-1541",
    "CVE-2014-1542"
  );
  script_bugtraq_id(
    67964,
    67965,
    67966,
    67967,
    67968,
    67971,
    67976,
    67978,
    67979
  );

  script_name(english:"Firefox < 30.0 Multiple Vulnerabilities (Mac OS X)");
  script_summary(english:"Checks version of Firefox.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Mac OS X host contains a web browser that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Firefox installed on the remote Mac OS X host is a
version prior to version 30.0. It is, therefore, affected by multiple
vulnerabilities :

  - Memory issues exist that could lead to arbitrary code
    execution. Note that these issues only affect Firefox
    29. (CVE-2014-1533, CVE-2014-1534)

  - An out-of-bounds read issue exists in
    'PropertyProvider::FindJustificationRange'.
    (CVE-2014-1536)

  - Use-after-free memory issues exist in
    'mozilla::dom::workers::WorkerPrivateParent',
    'nsTextEditRules::CreateMozBR', and the SMIL Animation
    Controller that could lead to code execution.
    (CVE-2014-1537, CVE-2014-1538, CVE-2014-1541)

  - An issue exists when the cursor is used on an embedded
    Flash object which can make the cursor invisible and
    lead to clickjacking attacks. (CVE-2014-1539)

  - A use-after-free memory issue exists in the event
    listener manager. Note that this issue only affects
    Firefox 29. (CVE-2014-1540)

  - A buffer overflow issue exists in the Speex resampler
    for Web Audio that could lead to code execution.
    (CVE-2014-1542)");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-48.html");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-49.html");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-50.html");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-51.html");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-52.html");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-53.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Firefox 30.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-1541");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_firefox_installed.nasl");
  script_require_keys("MacOSX/Firefox/Installed");

  exit(0);
}

include("mozilla_version.inc");

kb_base = "MacOSX/Firefox";
get_kb_item_or_exit(kb_base+"/Installed");

version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);

if (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');

mozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'30.0', severity:SECURITY_HOLE, xss:FALSE);
VendorProductVersionCPE
mozillafirefoxcpe:/a:mozilla:firefox

References

Related

nessus 27
openvas 39
ubuntu 2
securityvulns 2
suse 6
freebsd 1
mozilla 6
centos 2
oraclelinux 2
veracode 3
redhat 2
mageia 2
osv 2
debian 2
cvelist 9
cve 9
prion 9
nvd 9
ubuntucve 9
ibm 2
gentoo 1
nessus
nessus
Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2243-1)
2014-06-12 00:00:00
Mozilla Thunderbird < 24.6 Multiple Vulnerabilities
2014-06-11 00:00:00
Mozilla Firefox < 30.0 Multiple Vulnerabilities
2014-06-10 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2243-1)
2014-06-17 00:00:00
Mozilla Firefox Multiple Vulnerabilities-01 (Jul 2014) - Mac OS X
2014-07-01 00:00:00
Mozilla Firefox Multiple Vulnerabilities-01 (Jul 2014) - Windows
2014-07-01 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2014-06-11 00:00:00
Thunderbird vulnerabilities
2014-06-19 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2014-06-13 00:00:00
ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities
2015-02-02 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2014-06-23 20:09:15
Security update for MozillaFirefox (important)
2014-06-21 01:04:47
Security update for MozillaFirefox (important)
2014-06-25 00:04:17
freebsd
freebsd
mozilla -- multiple vulnerabilities
2014-06-10 00:00:00
mozilla
mozilla
Use-after-free and out of bounds issues found using Address Sanitizer — Mozilla
2014-06-10 00:00:00
Miscellaneous memory safety hazards (rv:30.0 / rv:24.6) — Mozilla
2014-06-10 00:00:00
Buffer overflow in Web Audio Speex resampler — Mozilla
2014-06-10 00:00:00
centos
centos
thunderbird security update
2014-06-11 10:54:29
firefox security update
2014-06-11 10:49:01
oraclelinux
oraclelinux
thunderbird security update
2014-06-10 00:00:00
firefox security update
2014-06-10 00:00:00
veracode
veracode
Use-After-Free
2019-05-02 04:58:34
Arbitrary Code Execution
2019-05-02 04:58:34
Remote Code Execution (RCE)
2019-01-15 08:53:46
redhat
redhat
(RHSA-2014:0741) Critical: firefox security update
2014-06-10 00:00:00
(RHSA-2014:0742) Important: thunderbird security update
2014-06-10 00:00:00
mageia
mageia
Updated firefox & thunderbird packages fix multiple security vulnerabilities
2014-06-11 21:13:59
Updated iceape package fixes security vulnerabilities
2014-10-23 17:27:57
osv
osv
iceweasel - security update
2014-06-11 00:00:00
icedove - security update
2014-06-16 00:00:00
debian
debian
[SECURITY] [DSA 2955-1] iceweasel security update
2014-06-11 14:33:41
[SECURITY] [DSA 2960-1] icedove security update
2014-06-16 17:13:24
cvelist
cvelist
CVE-2014-1542
2014-06-11 10:00:00
CVE-2014-1539
2014-06-11 10:00:00
CVE-2014-1534
2014-06-11 10:00:00
cve
cve
CVE-2014-1542
2014-06-11 10:57:18
CVE-2014-1539
2014-06-11 10:57:17
CVE-2014-1534
2014-06-11 10:57:17
prion
prion
Buffer overflow
2014-06-11 10:57:00
Code injection
2014-06-11 10:57:00
Design/Logic Flaw
2014-06-11 10:57:00
nvd
nvd
CVE-2014-1542
2014-06-11 10:57:18
CVE-2014-1539
2014-06-11 10:57:17
CVE-2014-1534
2014-06-11 10:57:17
ubuntucve
ubuntucve
CVE-2014-1539
2014-06-11 00:00:00
CVE-2014-1542
2014-06-11 00:00:00
CVE-2014-1540
2014-06-11 00:00:00
ibm
ibm
Security Bulletin: IBM Storwize V7000 Unified security vulnerabilities related to Mozilla Firefox (CVE-2014-1518, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532, CVE-2014-1533, CVE-2014-1538, CVE-2014-1541)
2018-06-18 00:08:28
Security Bulletin: Mozilla firefox vulnerability issues on IBM SONAS (CVE-2014-1518, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532, CVE-2014-1533, CVE-2014-1538, CVE-2014-1541)
2018-06-18 00:08:33
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.089

Percentile

94.6%

JSON
Related for MACOSX_FIREFOX_30.NASL
nessus27openvas39ubuntu2securityvulns2suse6freebsd1mozilla6centos2oraclelinux2veracode3redhat2mageia2osv2debian2cvelist9cve9prion9nvd9ubuntucve9ibm2gentoo1