Lucene search
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2014-119.NASLHistoryJun 13, 2014 - 12:00 a.m.
openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2014:0212-1)
2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.076 Low
EPSS
Percentile
94.2%
Mozilla Firefox was updated to version 27. Mozilla SeaMonkey was updated to 2.24, fixing similar issues as Firefox 27. Mozilla Thunderbird was updated to 24.3.0, fixing similar issues as Firefox 27.
The Firefox 27 release brings TLS 1.2 support as a major security feature.
It also fixes following security issues :
-
MFSA 2014-01/CVE-2014-1477/CVE-2014-1478 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
-
MFSA 2014-02/CVE-2014-1479 (bmo#911864) Clone protected content with XBL scopes
-
MFSA 2014-03/CVE-2014-1480 (bmo#916726) UI selection timeout missing on download prompts
-
MFSA 2014-04/CVE-2014-1482 (bmo#943803) Incorrect use of discarded images by RasterImage
-
MFSA 2014-05/CVE-2014-1483 (bmo#950427) Information disclosure with *FromPoint on iframes
-
MFSA 2014-06/CVE-2014-1484 (bmo#953993) Profile path leaks to Android system log
-
MFSA 2014-07/CVE-2014-1485 (bmo#910139) XSLT stylesheets treated as styles in Content Security Policy
-
MFSA 2014-08/CVE-2014-1486 (bmo#942164) Use-after-free with imgRequestProxy and image proccessing
-
MFSA 2014-09/CVE-2014-1487 (bmo#947592) Cross-origin information leak through web workers
-
MFSA 2014-10/CVE-2014-1489 (bmo#959531) Firefox default start page UI content invokable by script
-
MFSA 2014-11/CVE-2014-1488 (bmo#950604) Crash when using web workers with asm.js
-
MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 (bmo#934545, bmo#930874, bmo#930857) NSS ticket handling issues
-
MFSA 2014-13/CVE-2014-1481(bmo#936056) Inconsistent JavaScript handling of access to Window objects
Mozilla NSS was updated to 3.15.4 :
-
required for Firefox 27
-
regular CA root store update (1.96)
-
Reordered the cipher suites offered in SSL/TLS client hello messages to match modern best practices.
-
Improved SSL/TLS false start. In addition to enabling the SSL_ENABLE_FALSE_START option, an application must now register a callback using the SSL_SetCanFalseStartCallback function.
-
When false start is enabled, libssl will sometimes return unencrypted, unauthenticated data from PR_Recv (CVE-2013-1740, bmo#919877)
-
MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 NSS ticket handling issues New functionality
-
Implemented OCSP querying using the HTTP GET method, which is the new default, and will fall back to the HTTP POST method.
-
Implemented OCSP server functionality for testing purposes (httpserv utility).
-
Support SHA-1 signatures with TLS 1.2 client authentication.
-
Added the --empty-password command-line option to certutil, to be used with -N: use an empty password when creating a new database.
-
Added the -w command-line option to pp: don’t wrap long output lines.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2014-119.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(75253);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2013-1740", "CVE-2014-1477", "CVE-2014-1478", "CVE-2014-1479", "CVE-2014-1480", "CVE-2014-1481", "CVE-2014-1482", "CVE-2014-1483", "CVE-2014-1484", "CVE-2014-1485", "CVE-2014-1486", "CVE-2014-1487", "CVE-2014-1488", "CVE-2014-1489", "CVE-2014-1490", "CVE-2014-1491");
script_bugtraq_id(64944, 65316, 65317, 65320, 65321, 65322, 65323, 65324, 65326, 65328, 65329, 65330, 65331, 65332, 65334, 65335);
script_name(english:"openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2014:0212-1)");
script_summary(english:"Check for the openSUSE-2014-119 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Mozilla Firefox was updated to version 27. Mozilla SeaMonkey was
updated to 2.24, fixing similar issues as Firefox 27. Mozilla
Thunderbird was updated to 24.3.0, fixing similar issues as Firefox
27.
The Firefox 27 release brings TLS 1.2 support as a major security
feature.
It also fixes following security issues :
- MFSA 2014-01/CVE-2014-1477/CVE-2014-1478 Miscellaneous
memory safety hazards (rv:27.0 / rv:24.3)
- MFSA 2014-02/CVE-2014-1479 (bmo#911864) Clone protected
content with XBL scopes
- MFSA 2014-03/CVE-2014-1480 (bmo#916726) UI selection
timeout missing on download prompts
- MFSA 2014-04/CVE-2014-1482 (bmo#943803) Incorrect use of
discarded images by RasterImage
- MFSA 2014-05/CVE-2014-1483 (bmo#950427) Information
disclosure with *FromPoint on iframes
- MFSA 2014-06/CVE-2014-1484 (bmo#953993) Profile path
leaks to Android system log
- MFSA 2014-07/CVE-2014-1485 (bmo#910139) XSLT stylesheets
treated as styles in Content Security Policy
- MFSA 2014-08/CVE-2014-1486 (bmo#942164) Use-after-free
with imgRequestProxy and image proccessing
- MFSA 2014-09/CVE-2014-1487 (bmo#947592) Cross-origin
information leak through web workers
- MFSA 2014-10/CVE-2014-1489 (bmo#959531) Firefox default
start page UI content invokable by script
- MFSA 2014-11/CVE-2014-1488 (bmo#950604) Crash when using
web workers with asm.js
- MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 (bmo#934545,
bmo#930874, bmo#930857) NSS ticket handling issues
- MFSA 2014-13/CVE-2014-1481(bmo#936056) Inconsistent
JavaScript handling of access to Window objects
Mozilla NSS was updated to 3.15.4 :
- required for Firefox 27
- regular CA root store update (1.96)
- Reordered the cipher suites offered in SSL/TLS client
hello messages to match modern best practices.
- Improved SSL/TLS false start. In addition to enabling
the SSL_ENABLE_FALSE_START option, an application must
now register a callback using the
SSL_SetCanFalseStartCallback function.
- When false start is enabled, libssl will sometimes
return unencrypted, unauthenticated data from PR_Recv
(CVE-2013-1740, bmo#919877)
- MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 NSS ticket
handling issues New functionality
- Implemented OCSP querying using the HTTP GET method,
which is the new default, and will fall back to the HTTP
POST method.
- Implemented OCSP server functionality for testing
purposes (httpserv utility).
- Support SHA-1 signatures with TLS 1.2 client
authentication.
- Added the --empty-password command-line option to
certutil, to be used with -N: use an empty password when
creating a new database.
- Added the -w command-line option to pp: don't wrap long
output lines."
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2014-02/msg00027.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected firefox / seamonkey / thunderbird packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-irc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-other");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-venkman");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
script_set_attribute(attribute:"patch_publication_date", value:"2014/02/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.3|SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3 / 13.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-27.0-1.47.2") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-branding-upstream-27.0-1.47.2") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-buildsymbols-27.0-1.47.2") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-debuginfo-27.0-1.47.2") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-debugsource-27.0-1.47.2") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-devel-27.0-1.47.2") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-translations-common-27.0-1.47.2") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-translations-other-27.0-1.47.2") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-24.3.0-61.39.2") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-buildsymbols-24.3.0-61.39.2") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-debuginfo-24.3.0-61.39.2") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-debugsource-24.3.0-61.39.2") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-devel-24.3.0-61.39.2") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-translations-common-24.3.0-61.39.2") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-translations-other-24.3.0-61.39.2") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"enigmail-1.6.0+24.3.0-61.39.2") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"enigmail-debuginfo-1.6.0+24.3.0-61.39.2") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libfreebl3-3.15.4-1.28.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libfreebl3-debuginfo-3.15.4-1.28.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libsoftokn3-3.15.4-1.28.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libsoftokn3-debuginfo-3.15.4-1.28.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-3.15.4-1.28.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-certs-3.15.4-1.28.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-certs-debuginfo-3.15.4-1.28.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-debuginfo-3.15.4-1.28.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-debugsource-3.15.4-1.28.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-devel-3.15.4-1.28.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-sysinit-3.15.4-1.28.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-sysinit-debuginfo-3.15.4-1.28.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-tools-3.15.4-1.28.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-tools-debuginfo-3.15.4-1.28.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-2.24-1.33.2") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-debuginfo-2.24-1.33.2") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-debugsource-2.24-1.33.2") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-dom-inspector-2.24-1.33.2") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-irc-2.24-1.33.2") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-translations-common-2.24-1.33.2") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-translations-other-2.24-1.33.2") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-venkman-2.24-1.33.2") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libfreebl3-32bit-3.15.4-1.28.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.15.4-1.28.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libsoftokn3-32bit-3.15.4-1.28.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.15.4-1.28.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-32bit-3.15.4-1.28.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.15.4-1.28.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.15.4-1.28.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.15.4-1.28.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.15.4-1.28.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.15.4-1.28.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-27.0-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-branding-upstream-27.0-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-buildsymbols-27.0-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-debuginfo-27.0-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-debugsource-27.0-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-devel-27.0-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-translations-common-27.0-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-translations-other-27.0-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-24.3.0-70.11.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-buildsymbols-24.3.0-70.11.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-debuginfo-24.3.0-70.11.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-debugsource-24.3.0-70.11.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-devel-24.3.0-70.11.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-translations-common-24.3.0-70.11.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-translations-other-24.3.0-70.11.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"enigmail-1.6.0+24.3.0-70.11.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"enigmail-debuginfo-1.6.0+24.3.0-70.11.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libfreebl3-3.15.4-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libfreebl3-debuginfo-3.15.4-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libsoftokn3-3.15.4-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libsoftokn3-debuginfo-3.15.4-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-3.15.4-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-certs-3.15.4-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-certs-debuginfo-3.15.4-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-debuginfo-3.15.4-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-debugsource-3.15.4-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-devel-3.15.4-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-sysinit-3.15.4-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-sysinit-debuginfo-3.15.4-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-tools-3.15.4-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-tools-debuginfo-3.15.4-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-2.24-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-debuginfo-2.24-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-debugsource-2.24-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-dom-inspector-2.24-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-irc-2.24-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-translations-common-2.24-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-translations-other-2.24-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-venkman-2.24-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libfreebl3-32bit-3.15.4-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.15.4-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsoftokn3-32bit-3.15.4-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.15.4-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-32bit-3.15.4-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.15.4-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.15.4-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.15.4-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.15.4-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.15.4-12.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-upstream / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | mozillafirefox | p-cpe:/a:novell:opensuse:mozillafirefox |
| novell | opensuse | mozillafirefox-branding-upstream | p-cpe:/a:novell:opensuse:mozillafirefox-branding-upstream |
| novell | opensuse | mozillafirefox-buildsymbols | p-cpe:/a:novell:opensuse:mozillafirefox-buildsymbols |
| novell | opensuse | mozillafirefox-debuginfo | p-cpe:/a:novell:opensuse:mozillafirefox-debuginfo |
| novell | opensuse | mozillafirefox-debugsource | p-cpe:/a:novell:opensuse:mozillafirefox-debugsource |
| novell | opensuse | mozillafirefox-devel | p-cpe:/a:novell:opensuse:mozillafirefox-devel |
| novell | opensuse | mozillafirefox-translations-common | p-cpe:/a:novell:opensuse:mozillafirefox-translations-common |
| novell | opensuse | mozillafirefox-translations-other | p-cpe:/a:novell:opensuse:mozillafirefox-translations-other |
| novell | opensuse | mozillathunderbird | p-cpe:/a:novell:opensuse:mozillathunderbird |
| novell | opensuse | mozillathunderbird-buildsymbols | p-cpe:/a:novell:opensuse:mozillathunderbird-buildsymbols |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1740
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1477
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1478
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1479
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1480
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1481
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1482
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1483
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1484
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1485
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1486
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1487
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1488
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1489
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1490
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1491
lists.opensuse.org/opensuse-updates/2014-02/msg00027.html
Related
nessus
nessus
Ubuntu 12.04 LTS / 12.10 / 13.10 : firefox vulnerabilities (USN-2102-1)
2014-02-11 00:00:00
Firefox < 27.0 Multiple Vulnerabilities
2014-02-05 00:00:00
SeaMonkey < 2.24 Multiple Vulnerabilities
2014-02-05 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2014-02-10 00:00:00
Firefox regression
2014-02-19 00:00:00
Thunderbird vulnerabilities
2014-02-19 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2014-02-04 00:00:00
openvas
openvas
openSUSE: Security Advisory for Mozilla (openSUSE-SU-2014:0212-1)
2014-02-11 00:00:00
SuSE Update for Mozilla openSUSE-SU-2014:0212-1 (Mozilla)
2014-02-11 00:00:00
Mozilla Firefox Multiple Vulnerabilities-01 (Feb 2014) - Mac OS X
2014-02-11 00:00:00
suse
suse
Security update for Mozilla Firefox (important)
2014-02-19 21:04:13
Security update for MozillaFirefox (important)
2014-02-18 13:25:23
Mozilla Firefox 27 release (important)
2014-02-08 09:04:14
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2014-02-10 00:00:00
[USN-2088-1] NSS vulnerability
2014-01-29 00:00:00
debian
debian
[SECURITY] [DSA 2858-1] iceweasel security update
2014-02-10 15:41:41
mageia
mageia
Updated Firefox & Thunderbird packages fix multiple security vulnerabilities
2014-02-07 00:02:09
Updated seamonkey packages fix multiple vulnerabilities
2014-02-11 00:18:15
Updated nss packages fix security vulnerability
2014-01-21 20:23:58
veracode
veracode
Authentication Bypass
2019-05-02 05:00:58
Denial Of Service (DoS)
2019-05-02 05:00:59
Same-Origin Policy Bypass
2019-05-02 05:00:59
centos
centos
firefox security update
2014-02-05 09:15:53
thunderbird security update
2014-02-05 09:18:22
nss security update
2014-09-30 11:21:57
oraclelinux
oraclelinux
firefox security update
2014-02-04 00:00:00
thunderbird security update
2014-02-04 00:00:00
nss and nspr security, bug fix, and enhancement update
2014-09-17 00:00:00
redhat
redhat
(RHSA-2014:0133) Important: thunderbird security update
2014-02-04 00:00:00
(RHSA-2014:0132) Critical: firefox security update
2014-02-04 00:00:00
mozilla
mozilla
NSS ticket handling issues — Mozilla
2014-02-04 00:00:00
Miscellaneous memory safety hazards (rv:27.0 / rv:24.3) — Mozilla
2014-02-04 00:00:00
Firefox default start page UI content invokable by script — Mozilla
2014-02-04 00:00:00
f5
f5
K16716 : Multiple Mozilla NSS vulnerabilities
2015-09-17 00:00:00
SOL16716 - Multiple Mozilla NSS vulnerabilities
2015-06-05 00:00:00
cve
cve
prion
prion
Code injection
2014-02-06 05:44:00
Design/Logic Flaw
2014-02-06 05:44:00
Memory corruption
2014-02-06 05:44:00
cvelist
cvelist
slackware
slackware
mozilla-nss
2014-01-28 14:58:39
debiancve
debiancve
CVE-2013-1740
2014-01-18 22:55:03
CVE-2014-1490
2014-02-06 05:44:25
nvd
nvd
ubuntucve
ubuntucve
seebug
seebug
Mozilla Network Security Services释放后重利用内存破坏漏洞(CVE-2014-1490)
2014-02-12 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.076 Low
EPSS
Percentile
94.2%
Related for OPENSUSE-2014-119.NASL