Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.MOZILLA_FIREFOX_108.NASL
HistoryDec 21, 2007 - 12:00 a.m.

Firefox < 1.0.8 Multiple Vulnerabilities

2007-12-2100:00:00
This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
www.tenable.com
24

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.975

Percentile

100.0%

JSON

The installed version of Firefox contains various security issues, some of which may lead to execution of arbitrary code on the affected host subject to the user’s privileges.

#
# (C) Tenable Network Security, Inc.
#

if (NASL_LEVEL < 3004) exit(1);


include("compat.inc");

if (description)
{
  script_id(29744);
  script_version("1.14");

  script_cve_id("CVE-2005-4134", "CVE-2006-0292", "CVE-2006-0296", "CVE-2006-0748", "CVE-2006-0749",
                "CVE-2006-1727", "CVE-2006-1728", "CVE-2006-1729", "CVE-2006-1730", "CVE-2006-1731",
                "CVE-2006-1732", "CVE-2006-1733", "CVE-2006-1734", "CVE-2006-1735", "CVE-2006-1736",
                "CVE-2006-1737", "CVE-2006-1738", "CVE-2006-1739", "CVE-2006-1740", "CVE-2006-1741",
                "CVE-2006-1742", "CVE-2006-1790");
  script_bugtraq_id(15773, 16476, 17516);

  script_name(english:"Firefox < 1.0.8 Multiple Vulnerabilities");
  script_summary(english:"Checks Firefox version number");

 script_set_attribute(attribute:"synopsis", value:
"A web browser on the remote host is prone to multiple flaws." );
 script_set_attribute(attribute:"description", value:
"The installed version of Firefox contains various security issues,
some of which may lead to execution of arbitrary code on the affected
host subject to the user's privileges." );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-01/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-03/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-05/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-09/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-10/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-11/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-12/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-13/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-14/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-15/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-16/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-17/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-18/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-19/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-22/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-23/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-24/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-25/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-27/" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to Firefox 1.0.8 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"metasploit_name", value:'Firefox location.QueryInterface() Code Execution');
 script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
 script_cwe_id(20, 79, 119, 189, 264, 399);

 script_set_attribute(attribute:"plugin_publication_date", value: "2007/12/21");
 script_set_attribute(attribute:"vuln_publication_date", value: "2005/12/07");
 script_cvs_date("Date: 2018/07/16 14:09:14");
 script_set_attribute(attribute:"patch_publication_date", value: "2006/04/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");
  script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("Mozilla/Firefox/Version");
  exit(0);
}

include("mozilla_version.inc");
port = get_kb_item_or_exit("SMB/transport"); 

installs = get_kb_list("SMB/Mozilla/Firefox/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");

mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'1.0.8', severity:SECURITY_HOLE);

References

Related

gentoo 3
ubuntu 3
nessus 42
openvas 16
osv 3
debian 8
centos 7
suse 3
redhat 5
freebsd 1
securityvulns 3
mozilla 12
cert 6
debiancve 14
cve 15
ubuntucve 12
cvelist 12
exploitdb 1
nvd 14
kaspersky 1
prion 14
checkpoint_advisories 4
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2006-04-23 00:00:00
Mozilla Suite: Multiple vulnerabilities
2006-04-28 00:00:00
Mozilla Thunderbird: Multiple vulnerabilities
2006-05-08 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2006-04-20 00:00:00
Mozilla vulnerabilities
2006-04-28 00:00:00
Thunderbird vulnerabilities
2006-05-03 00:00:00
nessus
nessus
GLSA-200604-12 : Mozilla Firefox: Multiple vulnerabilities
2006-04-26 00:00:00
Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:075)
2006-04-26 00:00:00
Ubuntu 4.10 / 5.04 / 5.10 : mozilla vulnerabilities (USN-275-1)
2006-04-28 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200604-12 (mozilla-firefox)
2008-09-24 00:00:00
Debian Security Advisory DSA 1044-1 (mozilla-firefox)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200604-12 (mozilla-firefox)
2008-09-24 00:00:00
osv
osv
mozilla-firefox - several
2006-04-26 00:00:00
mozilla-thunderbird - several vulnerabilities
2006-05-04 00:00:00
mozilla - several
2006-04-27 00:00:00
debian
debian
[SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilities
2006-04-26 16:02:42
[SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilities
2006-04-26 16:02:42
[SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilities
2006-04-26 16:58:22
centos
centos
galeon, mozilla security update
2006-04-18 23:53:59
thunderbird security update
2006-04-21 17:41:34
firefox security update
2006-04-14 18:00:35
suse
suse
remote code execution in MozillaFirefox,mozilla
2006-04-20 13:13:08
remote code execution in MozillaThunderbird
2006-04-25 13:15:04
remote code execution in phpMyAdmin
2006-01-26 13:53:52
redhat
redhat
(RHSA-2006:0328) firefox security update
2006-04-14 00:00:00
(RHSA-2006:0329) mozilla security update
2006-04-18 00:00:00
(RHSA-2006:0330) thunderbird security update
2006-04-21 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2006-04-13 00:00:00
securityvulns
securityvulns
US-CERT Technical Cyber Security Alert TA06-107A -- Mozilla Products Contain Multiple Vulnerabilities
2006-04-18 00:00:00
[Full-disclosure] ZDI-06-010: Mozilla Firefox CSS Letter-Spacing Heap Overflow Vulnerability
2006-04-15 00:00:00
[Full-disclosure] ZDI-06-011: Mozilla Firefox Table Rebuilding Code Execution Vulnerability
2006-04-26 00:00:00
mozilla
mozilla
Crashes with evidence of memory corruption (rv:1.8) — Mozilla
2006-04-13 00:00:00
Long document title causes startup denial of service — Mozilla
2006-02-01 00:00:00
JavaScript garbage-collection hazard audit — Mozilla
2006-04-13 00:00:00
cert
cert
Mozilla crypto.generateCRMFRequest() vulnerability
2006-04-17 00:00:00
Mozilla products JavaScript engine fail to properly handle garbage-collection
2006-04-17 00:00:00
Mozilla products border-rendering code vulnerability using CSS
2006-04-17 00:00:00
debiancve
debiancve
CVE-2005-4134
2005-12-09 15:03:00
CVE-2006-1727
2006-04-14 10:02:00
CVE-2006-1728
2006-04-14 10:02:00
cve
cve
CVE-2005-4134
2005-12-09 15:03:00
CVE-2006-1731
2006-04-14 10:02:00
CVE-2006-1727
2006-04-14 10:02:00
ubuntucve
ubuntucve
CVE-2005-4134
2005-12-09 00:00:00
CVE-2006-1736
2006-04-14 00:00:00
CVE-2006-1728
2006-04-14 00:00:00
cvelist
cvelist
CVE-2005-4134
2005-12-09 15:00:00
CVE-2006-1727
2006-04-14 10:00:00
CVE-2006-1728
2006-04-14 10:00:00
exploitdb
exploitdb
Mozilla Firefox 0.x/1.x - Large History File Buffer Overflow
2005-12-08 00:00:00
nvd
nvd
CVE-2005-4134
2005-12-09 15:03:00
CVE-2006-1727
2006-04-14 10:02:00
CVE-2006-1742
2006-04-14 10:02:00
kaspersky
kaspersky
KLA10231 DoS vulnerability in browser
2005-12-09 00:00:00
prion
prion
Memory corruption
2006-04-14 10:02:00
Code injection
2006-04-14 10:02:00
Design/Logic Flaw
2006-04-14 10:02:00
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox Javascript XBL Compilation Code Execution - Ver2 (CVE-2006-1733)
2014-02-03 00:00:00
Mozilla Firefox mozgrid Modification Denial of Service - Ver2 (CVE-2006-1738)
2015-03-26 00:00:00
Mozilla Firefox CSS Border Width Memory Corruption - Ver2 (CVE-2006-1739)
2014-01-07 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.975

Percentile

100.0%

JSON
Related for MOZILLA_FIREFOX_108.NASL
gentoo3ubuntu3nessus42openvas16osv3debian8centos7suse3redhat5freebsd1securityvulns3mozilla12cert6debiancve14cve15ubuntucve12cvelist12exploitdb1nvd14kaspersky1prion14checkpoint_advisories4