Lucene search
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2012-709.NASLHistoryJun 13, 2014 - 12:00 a.m.
openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:1345-1)
2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
24
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.713 High
EPSS
Percentile
98.1%
The Mozilla suite received following security updates (bnc#783533) :
Mozilla Firefox was updated to 16.0.1. Mozilla SeaMonkey was updated to 2.13.1. Mozilla Thunderbird was updated to 16.0.1. Mozilla XULRunner was updated to 16.0.1.
-
MFSA 2012-88/CVE-2012-4191 (bmo#798045) Miscellaneous memory safety hazards
-
MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619) defaultValue security checks not applied
-
MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 Miscellaneous memory safety hazards
-
MFSA 2012-75/CVE-2012-3984 (bmo#575294) select element persistance allows for attacks
-
MFSA 2012-76/CVE-2012-3985 (bmo#655649) Continued access to initial origin after setting document.domain
-
MFSA 2012-77/CVE-2012-3986 (bmo#775868) Some DOMWindowUtils methods bypass security checks
-
MFSA 2012-79/CVE-2012-3988 (bmo#725770) DOS and crash with full screen and history navigation
-
MFSA 2012-80/CVE-2012-3989 (bmo#783867) Crash with invalid cast when using instanceof operator
-
MFSA 2012-81/CVE-2012-3991 (bmo#783260) GetProperty function can bypass security checks
-
MFSA 2012-82/CVE-2012-3994 (bmo#765527) top object and location property accessible by plugins
-
MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370) Chrome Object Wrapper (COW) does not disallow access to privileged functions or properties
-
MFSA 2012-84/CVE-2012-3992 (bmo#775009) Spoofing and script injection through location.hash
-
MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/ CVE-2012-4181/CVE-2012-4182/CVE-2012-4183 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer
-
MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/ CVE-2012-4188 Heap memory corruption issues found using Address Sanitizer
-
MFSA 2012-87/CVE-2012-3990 (bmo#787704)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2012-709.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(74779);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2012-3982", "CVE-2012-3983", "CVE-2012-3984", "CVE-2012-3985", "CVE-2012-3986", "CVE-2012-3988", "CVE-2012-3989", "CVE-2012-3990", "CVE-2012-3991", "CVE-2012-3992", "CVE-2012-3993", "CVE-2012-3994", "CVE-2012-3995", "CVE-2012-4179", "CVE-2012-4180", "CVE-2012-4181", "CVE-2012-4182", "CVE-2012-4183", "CVE-2012-4184", "CVE-2012-4185", "CVE-2012-4186", "CVE-2012-4187", "CVE-2012-4188", "CVE-2012-4191", "CVE-2012-4192", "CVE-2012-4193");
script_name(english:"openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:1345-1)");
script_summary(english:"Check for the openSUSE-2012-709 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"The Mozilla suite received following security updates (bnc#783533) :
Mozilla Firefox was updated to 16.0.1. Mozilla SeaMonkey was
updated to 2.13.1. Mozilla Thunderbird was updated to
16.0.1. Mozilla XULRunner was updated to 16.0.1.
- MFSA 2012-88/CVE-2012-4191 (bmo#798045) Miscellaneous
memory safety hazards
- MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952,
bmo#720619) defaultValue security checks not applied
- MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 Miscellaneous
memory safety hazards
- MFSA 2012-75/CVE-2012-3984 (bmo#575294) select element
persistance allows for attacks
- MFSA 2012-76/CVE-2012-3985 (bmo#655649) Continued access
to initial origin after setting document.domain
- MFSA 2012-77/CVE-2012-3986 (bmo#775868) Some
DOMWindowUtils methods bypass security checks
- MFSA 2012-79/CVE-2012-3988 (bmo#725770) DOS and crash
with full screen and history navigation
- MFSA 2012-80/CVE-2012-3989 (bmo#783867) Crash with
invalid cast when using instanceof operator
- MFSA 2012-81/CVE-2012-3991 (bmo#783260) GetProperty
function can bypass security checks
- MFSA 2012-82/CVE-2012-3994 (bmo#765527) top object and
location property accessible by plugins
- MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101,
bmo#780370) Chrome Object Wrapper (COW) does not
disallow access to privileged functions or properties
- MFSA 2012-84/CVE-2012-3992 (bmo#775009) Spoofing and
script injection through location.hash
- MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
Use-after-free, buffer overflow, and out of bounds read
issues found using Address Sanitizer
- MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
CVE-2012-4188 Heap memory corruption issues found using
Address Sanitizer
- MFSA 2012-87/CVE-2012-3990 (bmo#787704)"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=783533"
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2012-10/msg00054.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected MozillaFirefox packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-kde4-integration");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-kde4-integration-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-kde4-integration-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-irc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-other");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-venkman");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-buildsymbols");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/10");
script_set_attribute(attribute:"patch_publication_date", value:"2012/10/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.1|SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1 / 12.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-16.0.1-2.46.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-branding-upstream-16.0.1-2.46.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-buildsymbols-16.0.1-2.46.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-debuginfo-16.0.1-2.46.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-debugsource-16.0.1-2.46.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-devel-16.0.1-2.46.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-translations-common-16.0.1-2.46.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-translations-other-16.0.1-2.46.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-16.0.1-33.35.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-buildsymbols-16.0.1-33.35.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-debuginfo-16.0.1-33.35.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-debugsource-16.0.1-33.35.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-devel-16.0.1-33.35.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-devel-debuginfo-16.0.1-33.35.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-translations-common-16.0.1-33.35.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-translations-other-16.0.1-33.35.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"enigmail-1.4.5.+16.0.1-33.35.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"enigmail-debuginfo-1.4.5.+16.0.1-33.35.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"mozilla-js-16.0.1-2.41.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"mozilla-js-debuginfo-16.0.1-2.41.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"mozilla-kde4-integration-0.6.4-6.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"mozilla-kde4-integration-debuginfo-0.6.4-6.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"mozilla-kde4-integration-debugsource-0.6.4-6.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-2.13.1-2.37.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-debuginfo-2.13.1-2.37.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-debugsource-2.13.1-2.37.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-dom-inspector-2.13.1-2.37.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-irc-2.13.1-2.37.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-translations-common-2.13.1-2.37.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-translations-other-2.13.1-2.37.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-venkman-2.13.1-2.37.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-16.0.1-2.41.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-buildsymbols-16.0.1-2.41.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-debuginfo-16.0.1-2.41.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-debugsource-16.0.1-2.41.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-devel-16.0.1-2.41.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-devel-debuginfo-16.0.1-2.41.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-js-32bit-16.0.1-2.41.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-js-debuginfo-32bit-16.0.1-2.41.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"xulrunner-32bit-16.0.1-2.41.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"xulrunner-debuginfo-32bit-16.0.1-2.41.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-16.0.1-2.17.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-branding-upstream-16.0.1-2.17.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-buildsymbols-16.0.1-2.17.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-debuginfo-16.0.1-2.17.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-debugsource-16.0.1-2.17.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-devel-16.0.1-2.17.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-translations-common-16.0.1-2.17.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"MozillaFirefox-translations-other-16.0.1-2.17.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-16.0.1-49.15.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-buildsymbols-16.0.1-49.15.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-debuginfo-16.0.1-49.15.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-debugsource-16.0.1-49.15.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-devel-16.0.1-49.15.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-devel-debuginfo-16.0.1-49.15.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-translations-common-16.0.1-49.15.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-translations-other-16.0.1-49.15.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"enigmail-1.4.5.+16.0.1-49.15.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"enigmail-debuginfo-1.4.5.+16.0.1-49.15.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"mozilla-js-16.0.1-2.14.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"mozilla-js-debuginfo-16.0.1-2.14.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"mozilla-kde4-integration-0.6.4-10.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"mozilla-kde4-integration-debuginfo-0.6.4-10.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"mozilla-kde4-integration-debugsource-0.6.4-10.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-2.13.1-2.18.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-debuginfo-2.13.1-2.18.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-debugsource-2.13.1-2.18.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-dom-inspector-2.13.1-2.18.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-irc-2.13.1-2.18.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-translations-common-2.13.1-2.18.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-translations-other-2.13.1-2.18.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"seamonkey-venkman-2.13.1-2.18.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-16.0.1-2.14.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-buildsymbols-16.0.1-2.14.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-debuginfo-16.0.1-2.14.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-debugsource-16.0.1-2.14.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-devel-16.0.1-2.14.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"xulrunner-devel-debuginfo-16.0.1-2.14.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-js-32bit-16.0.1-2.14.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"mozilla-js-debuginfo-32bit-16.0.1-2.14.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xulrunner-32bit-16.0.1-2.14.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xulrunner-debuginfo-32bit-16.0.1-2.14.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | mozillafirefox-translations-other | p-cpe:/a:novell:opensuse:mozillafirefox-translations-other |
| novell | opensuse | mozillathunderbird | p-cpe:/a:novell:opensuse:mozillathunderbird |
| novell | opensuse | mozillathunderbird-buildsymbols | p-cpe:/a:novell:opensuse:mozillathunderbird-buildsymbols |
| novell | opensuse | mozillathunderbird-debuginfo | p-cpe:/a:novell:opensuse:mozillathunderbird-debuginfo |
| novell | opensuse | mozillathunderbird-debugsource | p-cpe:/a:novell:opensuse:mozillathunderbird-debugsource |
| novell | opensuse | mozillathunderbird-devel | p-cpe:/a:novell:opensuse:mozillathunderbird-devel |
| novell | opensuse | mozillathunderbird-devel-debuginfo | p-cpe:/a:novell:opensuse:mozillathunderbird-devel-debuginfo |
| novell | opensuse | mozillathunderbird-translations-common | p-cpe:/a:novell:opensuse:mozillathunderbird-translations-common |
| novell | opensuse | mozillathunderbird-translations-other | p-cpe:/a:novell:opensuse:mozillathunderbird-translations-other |
| novell | opensuse | enigmail | p-cpe:/a:novell:opensuse:enigmail |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3983
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3984
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3985
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3989
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4191
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193
bugzilla.novell.com/show_bug.cgi?id=783533
lists.opensuse.org/opensuse-updates/2012-10/msg00054.html
Related
openvas
openvas
Ubuntu: Security Advisory (USN-1611-1)
2012-10-16 00:00:00
SuSE Update for MozillaFirefox openSUSE-SU-2012:1345-1 (MozillaFirefox)
2012-12-13 00:00:00
Ubuntu Update for thunderbird USN-1611-1
2012-10-16 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2012-10-12 00:00:00
Firefox vulnerabilities
2012-10-09 00:00:00
Firefox vulnerabilities
2012-10-11 00:00:00
nessus
nessus
SeaMonkey 2.x < 2.13 Multiple Vulnerabilities
2012-10-16 00:00:00
Mozilla Thunderbird 10.0.x < 10.0.8 Multiple Vulnerabilities (Mac OS X)
2012-10-17 00:00:00
Firefox 10.0.x < 10.0.8 Multiple Vulnerabilities
2012-10-17 00:00:00
suse
suse
MozillaFirefox: update to Firefox 16.0.1 (important)
2012-10-15 15:08:30
Security update for Mozilla Firefox (important)
2012-10-16 22:08:48
veracode
veracode
Use-After-Free
2019-05-02 04:43:32
Arbitrary Code Execution
2019-05-02 04:43:34
Cross-site Scripting (XSS)
2019-05-02 04:43:34
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-10-09 00:00:00
redhat
redhat
(RHSA-2012:1351) Critical: thunderbird security update
2012-10-09 00:00:00
(RHSA-2012:1350) Critical: firefox security and bug fix update
2012-10-09 00:00:00
centos
centos
firefox, xulrunner security update
2012-10-10 13:52:09
thunderbird security update
2012-10-10 13:53:37
oraclelinux
oraclelinux
thunderbird security update
2012-10-10 00:00:00
firefox security and bug fix update
2012-10-10 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-10-29 00:00:00
debian
debian
[SECURITY] [DSA 2569-1] icedove security update
2012-10-29 20:57:34
[SECURITY] [DSA 2565-1] iceweasel security update
2012-10-23 19:45:56
[SECURITY] [DSA 2572-1] iceape security update
2012-11-04 18:59:26
osv
osv
iceweasel - several
2012-10-23 00:00:00
icedove - several
2012-10-29 00:00:00
iceape - several
2012-11-04 00:00:00
mozilla
mozilla
ubuntucve
ubuntucve
cvelist
cvelist
cve
cve
nvd
nvd
prion
prion
Design/Logic Flaw
2012-10-12 10:44:00
Code injection
2012-10-10 17:55:00
Cross site scripting
2012-10-10 17:55:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.713 High
EPSS
Percentile
98.1%
Related for OPENSUSE-2012-709.NASL