Lucene search
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20111108_FIREFOX_ON_SL4_X.NASLHistoryAug 01, 2012 - 12:00 a.m.
Scientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64
2012-08-0100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
0.011
Percentile
84.3%
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.
A flaw was found in the way Firefox handled certain add-ons. A web page containing malicious content could cause an add-on to grant itself full browser privileges, which could lead to arbitrary code execution with the privileges of the user running Firefox.
(CVE-2011-3647)
A cross-site scripting (XSS) flaw was found in the way Firefox handled certain multibyte character sets. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2011-3648)
A flaw was found in the way Firefox handled large JavaScript scripts.
A web page containing malicious JavaScript could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3650)
For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.24. You can find a link to the Mozilla advisories in the References section of this erratum.
All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.24, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(61170);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2011-3647", "CVE-2011-3648", "CVE-2011-3650");
script_name(english:"Scientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Scientific Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Mozilla Firefox is an open source web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox.
A flaw was found in the way Firefox handled certain add-ons. A web
page containing malicious content could cause an add-on to grant
itself full browser privileges, which could lead to arbitrary code
execution with the privileges of the user running Firefox.
(CVE-2011-3647)
A cross-site scripting (XSS) flaw was found in the way Firefox handled
certain multibyte character sets. A web page containing malicious
content could cause Firefox to run JavaScript code with the
permissions of a different website. (CVE-2011-3648)
A flaw was found in the way Firefox handled large JavaScript scripts.
A web page containing malicious JavaScript could cause Firefox to
crash or, potentially, execute arbitrary code with the privileges of
the user running Firefox. (CVE-2011-3650)
For technical details regarding these flaws, refer to the Mozilla
security advisories for Firefox 3.6.24. You can find a link to the
Mozilla advisories in the References section of this erratum.
All Firefox users should upgrade to these updated packages, which
contain Firefox version 3.6.24, which corrects these issues. After
installing the update, Firefox must be restarted for the changes to
take effect."
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind1111&L=scientific-linux-errata&T=0&P=1084
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?41adb7f3"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"patch_publication_date", value:"2011/11/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL4", reference:"firefox-3.6.24-3.el4")) flag++;
if (rpm_check(release:"SL4", reference:"firefox-debuginfo-3.6.24-3.el4")) flag++;
if (rpm_check(release:"SL5", reference:"firefox-3.6.24-3.el5_7")) flag++;
if (rpm_check(release:"SL5", reference:"firefox-debuginfo-3.6.24-3.el5_7")) flag++;
if (rpm_check(release:"SL5", reference:"xulrunner-1.9.2.24-2.el5_7")) flag++;
if (rpm_check(release:"SL5", reference:"xulrunner-debuginfo-1.9.2.24-2.el5_7")) flag++;
if (rpm_check(release:"SL5", reference:"xulrunner-devel-1.9.2.24-2.el5_7")) flag++;
if (rpm_check(release:"SL6", reference:"firefox-3.6.24-3.el6_1")) flag++;
if (rpm_check(release:"SL6", reference:"firefox-debuginfo-3.6.24-3.el6_1")) flag++;
if (rpm_check(release:"SL6", reference:"xulrunner-1.9.2.24-2.el6_1.1")) flag++;
if (rpm_check(release:"SL6", reference:"xulrunner-debuginfo-1.9.2.24-2.el6_1.1")) flag++;
if (rpm_check(release:"SL6", reference:"xulrunner-devel-1.9.2.24-2.el6_1.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fermilab | scientific_linux | x-cpe:/o:fermilab:scientific_linux |
Related
nessus
nessus
Firefox 3.6.x < 3.6.24 Multiple Vulnerabilities
2011-11-09 00:00:00
Oracle Linux 4 / 5 / 6 : firefox (ELSA-2011-1437)
2013-07-12 00:00:00
Mozilla Firefox < 3.6.24 Multiple Vulnerabilities
2016-06-24 00:00:00
openvas
openvas
RedHat Update for firefox RHSA-2011:1437-01
2011-11-11 00:00:00
Debian: Security Advisory (DSA-2342-1)
2012-02-11 00:00:00
CentOS Update for firefox CESA-2011:1437 centos4 i386
2011-11-11 00:00:00
redhat
redhat
(RHSA-2011:1437) Critical: firefox security update
2011-11-08 00:00:00
(RHSA-2011:1439) Critical: thunderbird security update
2011-11-08 00:00:00
(RHSA-2011:1440) Moderate: seamonkey security update
2011-11-08 00:00:00
oraclelinux
oraclelinux
firefox security update
2011-11-09 00:00:00
thunderbird security update
2011-11-09 00:00:00
seamonkey security update
2011-11-09 00:00:00
osv
osv
iceape - several
2011-11-09 00:00:00
icedove - several
2011-11-11 00:00:00
iceweasel - several
2011-11-09 00:00:00
suse
suse
MozillaFirefox (critical)
2011-11-15 15:08:31
Security update for MozillaFirefox (critical)
2011-11-18 22:08:45
MozillaFirefox secuirty update (critical)
2011-11-15 15:08:39
centos
centos
firefox, xulrunner security update
2011-11-09 20:48:22
thunderbird security update
2011-11-09 20:49:13
seamonkey security update
2011-11-09 20:48:43
debian
debian
[SECURITY] [DSA 2341-1] iceweasel security update
2011-11-09 16:45:01
[BSA-056] Security update for Iceweasel
2011-11-11 14:05:42
[SECURITY] [DSA 2342-1] iceape security update
2011-11-09 17:11:40
ubuntu
ubuntu
Firefox and Xulrunner vulnerabilities
2011-11-10 00:00:00
Thunderbird vulnerabilities
2011-12-22 00:00:00
Thunderbird vulnerabilities
2011-11-28 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2011-11-25 00:00:00
Mozilla Foundation Security Advisory 2011-49
2011-11-25 00:00:00
Mozilla Foundation Security Advisory 2011-47
2011-11-25 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2011-11-08 00:00:00
nvd
nvd
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:06:25
Cross-Site Scripting (XSS)
2020-04-10 01:04:12
Privilege Escalation
2020-04-10 01:06:23
cvelist
cvelist
ubuntucve
ubuntucve
mozilla
mozilla
Memory corruption while profiling using Firebug — Mozilla
2011-11-08 00:00:00
Potential XSS against sites using Shift-JIS — Mozilla
2011-11-08 00:00:00
prion
prion
Memory corruption
2011-11-09 11:55:00
Cross site scripting
2011-11-09 11:55:00
Design/Logic Flaw
2011-11-09 11:55:00
cve
cve
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
0.011
Percentile
84.3%
Related for SL_20111108_FIREFOX_ON_SL4_X.NASL