Lucene search
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_11_4_MOZILLAFIREFOX-111110.NASLHistoryJun 13, 2014 - 12:00 a.m.
openSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:1243-1)
2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
143
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.637
Percentile
97.9%
MozillaFirefox was updated to version 8 (bnc#728520) to fix the following security issues :
dbg114-MozillaFirefox-5399 MozillaFirefox-5399 new_updateinfo MFSA 2011-47/CVE-2011-3648 (bmo#690225) Potential XSS against sites using Shift-JIS dbg114-MozillaFirefox-5399 MozillaFirefox-5399 new_updateinfo MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 Miscellaneous memory safety hazards dbg114-MozillaFirefox-5399 MozillaFirefox-5399 new_updateinfo MFSA 2011-49/CVE-2011-3650 (bmo#674776) Memory corruption while profiling using Firebug dbg114-MozillaFirefox-5399 MozillaFirefox-5399 new_updateinfo MFSA 2011-52/CVE-2011-3655 (bmo#672182) Code execution via NoWaiverWrapper
- rebased patches
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update MozillaFirefox-5399.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(75949);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2011-3648", "CVE-2011-3650", "CVE-2011-3651", "CVE-2011-3652", "CVE-2011-3654", "CVE-2011-3655");
script_name(english:"openSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:1243-1)");
script_summary(english:"Check for the MozillaFirefox-5399 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"MozillaFirefox was updated to version 8 (bnc#728520) to fix the
following security issues :
dbg114-MozillaFirefox-5399 MozillaFirefox-5399 new_updateinfo MFSA
2011-47/CVE-2011-3648 (bmo#690225) Potential XSS against sites using
Shift-JIS dbg114-MozillaFirefox-5399 MozillaFirefox-5399
new_updateinfo MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654
Miscellaneous memory safety hazards dbg114-MozillaFirefox-5399
MozillaFirefox-5399 new_updateinfo MFSA 2011-49/CVE-2011-3650
(bmo#674776) Memory corruption while profiling using Firebug
dbg114-MozillaFirefox-5399 MozillaFirefox-5399 new_updateinfo MFSA
2011-52/CVE-2011-3655 (bmo#672182) Code execution via NoWaiverWrapper
- rebased patches"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=728520"
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2011-11/msg00015.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected MozillaFirefox packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-openSUSE");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js192");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js192-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4");
script_set_attribute(attribute:"patch_publication_date", value:"2011/11/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE11.4", reference:"MozillaFirefox-8.0-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"MozillaFirefox-branding-openSUSE-5.0-2.5.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"MozillaFirefox-branding-upstream-8.0-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"MozillaFirefox-buildsymbols-8.0-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"MozillaFirefox-debuginfo-8.0-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"MozillaFirefox-debugsource-8.0-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"MozillaFirefox-devel-8.0-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"MozillaFirefox-translations-common-8.0-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"MozillaFirefox-translations-other-8.0-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"MozillaThunderbird-3.1.16-0.19.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"MozillaThunderbird-buildsymbols-3.1.16-0.19.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"MozillaThunderbird-debuginfo-3.1.16-0.19.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"MozillaThunderbird-debugsource-3.1.16-0.19.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"MozillaThunderbird-devel-3.1.16-0.19.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"MozillaThunderbird-devel-debuginfo-3.1.16-0.19.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"MozillaThunderbird-translations-common-3.1.16-0.19.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"MozillaThunderbird-translations-other-3.1.16-0.19.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"enigmail-1.1.2+3.1.16-0.19.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"enigmail-debuginfo-1.1.2+3.1.16-0.19.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"mozilla-js192-1.9.2.24-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"mozilla-js192-debuginfo-1.9.2.24-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-1.9.2.24-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-buildsymbols-1.9.2.24-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-debuginfo-1.9.2.24-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-debugsource-1.9.2.24-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-devel-1.9.2.24-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-devel-debuginfo-1.9.2.24-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-gnome-1.9.2.24-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-gnome-debuginfo-1.9.2.24-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-translations-common-1.9.2.24-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"mozilla-xulrunner192-translations-other-1.9.2.24-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-js192-32bit-1.9.2.24-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-js192-debuginfo-32bit-1.9.2.24-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-xulrunner192-32bit-1.9.2.24-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-xulrunner192-debuginfo-32bit-1.9.2.24-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-xulrunner192-gnome-32bit-1.9.2.24-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-xulrunner192-gnome-debuginfo-32bit-1.9.2.24-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-xulrunner192-translations-common-32bit-1.9.2.24-0.2.2") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"mozilla-xulrunner192-translations-other-32bit-1.9.2.24-0.2.2") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-openSUSE / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | mozillafirefox | p-cpe:/a:novell:opensuse:mozillafirefox |
| novell | opensuse | mozillafirefox-branding-opensuse | p-cpe:/a:novell:opensuse:mozillafirefox-branding-opensuse |
| novell | opensuse | mozillafirefox-branding-upstream | p-cpe:/a:novell:opensuse:mozillafirefox-branding-upstream |
| novell | opensuse | mozillafirefox-buildsymbols | p-cpe:/a:novell:opensuse:mozillafirefox-buildsymbols |
| novell | opensuse | mozillafirefox-debuginfo | p-cpe:/a:novell:opensuse:mozillafirefox-debuginfo |
| novell | opensuse | mozillafirefox-debugsource | p-cpe:/a:novell:opensuse:mozillafirefox-debugsource |
| novell | opensuse | mozillafirefox-devel | p-cpe:/a:novell:opensuse:mozillafirefox-devel |
| novell | opensuse | mozillafirefox-translations-common | p-cpe:/a:novell:opensuse:mozillafirefox-translations-common |
| novell | opensuse | mozillafirefox-translations-other | p-cpe:/a:novell:opensuse:mozillafirefox-translations-other |
| novell | opensuse | mozillathunderbird | p-cpe:/a:novell:opensuse:mozillathunderbird |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3651
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3652
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3654
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3655
bugzilla.novell.com/show_bug.cgi?id=728520
lists.opensuse.org/opensuse-updates/2011-11/msg00015.html
Related
openvas
openvas
Ubuntu: Security Advisory (USN-1277-1)
2011-11-25 00:00:00
Ubuntu Update for mozvoikko USN-1277-2
2011-11-25 00:00:00
Ubuntu Update for firefox USN-1277-1
2011-11-25 00:00:00
suse
suse
MozillaFirefox secuirty update (critical)
2011-11-15 15:08:39
MozillaFirefox (critical)
2011-11-15 15:08:31
Security update for MozillaFirefox (critical)
2011-11-18 22:08:45
nessus
nessus
Ubuntu 11.04 / 11.10 : mozvoikko, ubufox update (USN-1277-2)
2011-11-26 00:00:00
openSUSE Security Update : seamonkey (openSUSE-2011-34)
2014-06-13 00:00:00
Ubuntu 11.10 : thunderbird vulnerabilities (USN-1282-1)
2011-11-29 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2011-11-28 00:00:00
Mozvoikko and ubufox update
2011-11-23 00:00:00
Firefox vulnerabilities
2011-11-23 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2011-11-25 00:00:00
Mozilla Foundation Security Advisory 2011-48
2011-11-25 00:00:00
Mozilla Foundation Security Advisory 2011-49
2011-11-25 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2011-11-08 00:00:00
mozilla
mozilla
Miscellaneous memory safety hazards (rv:8.0) — Mozilla
2011-11-08 00:00:00
Memory corruption while profiling using Firebug — Mozilla
2011-11-08 00:00:00
Potential XSS against sites using Shift-JIS — Mozilla
2011-11-08 00:00:00
redhat
redhat
(RHSA-2011:1437) Critical: firefox security update
2011-11-08 00:00:00
(RHSA-2011:1439) Critical: thunderbird security update
2011-11-08 00:00:00
(RHSA-2011:1440) Moderate: seamonkey security update
2011-11-08 00:00:00
oraclelinux
oraclelinux
firefox security update
2011-11-09 00:00:00
thunderbird security update
2011-11-09 00:00:00
seamonkey security update
2011-11-09 00:00:00
osv
osv
iceape - several
2011-11-09 00:00:00
iceweasel - several
2011-11-09 00:00:00
icedove - several
2011-11-11 00:00:00
centos
centos
firefox, xulrunner security update
2011-11-09 20:48:22
thunderbird security update
2011-11-09 20:49:13
seamonkey security update
2011-11-09 20:48:43
debian
debian
[SECURITY] [DSA 2341-1] iceweasel security update
2011-11-09 16:45:01
[BSA-056] Security update for Iceweasel
2011-11-11 14:05:42
[SECURITY] [DSA 2342-1] iceape security update
2011-11-09 17:11:40
prion
prion
Memory corruption
2011-11-09 11:55:00
Memory corruption
2011-11-09 11:55:00
Cross site scripting
2011-11-09 11:55:00
cve
cve
nvd
nvd
cvelist
cvelist
ubuntucve
ubuntucve
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:06:25
Cross-Site Scripting (XSS)
2020-04-10 01:04:12
seebug
seebug
Mozilla Firefox/Thunderbird NoWaiverWrapper权限提升漏洞(CVE-2011-3655)
2011-11-10 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
kitploit
kitploit
Radamsa - A General-Purpose Fuzzer
2024-03-25 11:30:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.637
Percentile
97.9%
Related for SUSE_11_4_MOZILLAFIREFOX-111110.NASL