CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.7%
The remote Windows host is using Firefox, an alternative web browser.
The installed version of Firefox contains various security issues, some of which can be exploited to execute arbitrary code on the affected host subject to the user’s privileges.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description) {
script_id(20842);
script_version("1.24");
script_cve_id("CVE-2005-4134", "CVE-2006-0292", "CVE-2006-0293", "CVE-2006-0294", "CVE-2006-0295",
"CVE-2006-0296", "CVE-2006-0297", "CVE-2006-0298", "CVE-2006-0299");
script_bugtraq_id(15773, 16476, 16741);
script_name(english:"Firefox < 1.5.0.1 Multiple Vulnerabilities");
script_summary(english:"Checks for Firefox < 1.5.0.1");
script_set_attribute(attribute:"synopsis", value:
"A web browser on the remote host is prone to multiple flaws." );
script_set_attribute(attribute:"description", value:
"The remote Windows host is using Firefox, an alternative web browser.
The installed version of Firefox contains various security issues, some
of which can be exploited to execute arbitrary code on the affected host
subject to the user's privileges." );
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-01/" );
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-02/" );
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-03/" );
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-04/" );
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-05/" );
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-06/" );
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-07/" );
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-08/" );
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/425590/30/0/threaded" );
script_set_attribute(attribute:"solution", value:
"Upgrade to Firefox 1.5.0.1 or later." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Firefox location.QueryInterface() Code Execution');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_cwe_id(20);
script_set_attribute(attribute:"plugin_publication_date", value: "2006/02/04");
script_set_attribute(attribute:"patch_publication_date", value: "2006/02/02");
script_set_attribute(attribute:"vuln_publication_date", value: "2005/12/07");
script_cvs_date("Date: 2018/11/15 20:50:27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
script_dependencies("mozilla_org_installed.nasl");
script_require_keys("Mozilla/Firefox/Version");
exit(0);
}
include("mozilla_version.inc");
port = get_kb_item_or_exit("SMB/transport");
installs = get_kb_list("SMB/Mozilla/Firefox/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");
mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'1.5.0.1', severity:SECURITY_HOLE);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0293
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0294
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0295
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0297
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0298
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0299
www.mozilla.org/en-US/security/advisories/mfsa2006-01/
www.mozilla.org/en-US/security/advisories/mfsa2006-02/
www.mozilla.org/en-US/security/advisories/mfsa2006-03/
www.mozilla.org/en-US/security/advisories/mfsa2006-04/
www.mozilla.org/en-US/security/advisories/mfsa2006-05/
www.mozilla.org/en-US/security/advisories/mfsa2006-06/
www.mozilla.org/en-US/security/advisories/mfsa2006-07/
www.mozilla.org/en-US/security/advisories/mfsa2006-08/
www.securityfocus.com/archive/1/425590/30/0/threaded