Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_MOZILLAFIREFOX-2088.NASL
HistoryDec 13, 2007 - 12:00 a.m.

SuSE 10 Security Update : Security update for (ZYPP Patch Number 2088)

2007-12-1300:00:00
This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
24

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.967

Percentile

99.7%

JSON

This security update brings Mozilla Firefox to version 1.5.0.7.

More details can be found on:
http://www.mozilla.org/projects/security/known-vulnerabiliti es.html

It includes fixes to the following security problems :

  • Crashes with evidence of memory corruption MFSA 2006-63 / CVE-2006-4570: JavaScript execution in mail via XBL MFSA 2006-62 / CVE-2006-4569: Popup-blocker cross-site scripting (XSS) MFSA 2006-61 / CVE-2006-4568: Frame spoofing using document.open() MFSA 2006-60 / CVE-2006-4340/CERT VU#845620: RSA Signature Forgery MFSA 2006-59 / CVE-2006-4253: Concurrency-related vulnerability MFSA 2006-58 / CVE-2006-4567: Auto-Update compromise through DNS and SSL spoofing MFSA 2006-57 / CVE-2006-4565 / CVE-2006-4566: JavaScript Regular Expression Heap Corruption. (MFSA 2006-64 / CVE-2006-4571)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(29355);
  script_version("1.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2006-4253", "CVE-2006-4340", "CVE-2006-4565", "CVE-2006-4566", "CVE-2006-4567", "CVE-2006-4568", "CVE-2006-4569", "CVE-2006-4570", "CVE-2006-4571");
  script_xref(name:"CERT", value:"845620");

  script_name(english:"SuSE 10 Security Update : Security update for (ZYPP Patch Number 2088)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 10 host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This security update brings Mozilla Firefox to version 1.5.0.7.

More details can be found on:
http://www.mozilla.org/projects/security/known-vulnerabiliti es.html

It includes fixes to the following security problems :

  - Crashes with evidence of memory corruption MFSA 2006-63
    / CVE-2006-4570: JavaScript execution in mail via XBL
    MFSA 2006-62 / CVE-2006-4569: Popup-blocker cross-site
    scripting (XSS) MFSA 2006-61 / CVE-2006-4568: Frame
    spoofing using document.open() MFSA 2006-60 /
    CVE-2006-4340/CERT VU#845620: RSA Signature Forgery MFSA
    2006-59 / CVE-2006-4253: Concurrency-related
    vulnerability MFSA 2006-58 / CVE-2006-4567: Auto-Update
    compromise through DNS and SSL spoofing MFSA 2006-57 /
    CVE-2006-4565 / CVE-2006-4566: JavaScript Regular
    Expression Heap Corruption. (MFSA 2006-64 /
    CVE-2006-4571)"
  );
  # http://www.mozilla.org/security/announce/2006/mfsa2006-58.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-58/"
  );
  # http://www.mozilla.org/security/announce/2006/mfsa2006-59.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-59/"
  );
  # http://www.mozilla.org/security/announce/2006/mfsa2006-61.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-61/"
  );
  # http://www.mozilla.org/security/announce/2006/mfsa2006-62.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-62/"
  );
  # http://www.mozilla.org/security/announce/2006/mfsa2006-63.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-63/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2006-4253.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2006-4340.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2006-4565.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2006-4566.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2006-4567.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2006-4568.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2006-4569.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2006-4570.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2006-4571.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 2088.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_cwe_id(20, 79, 119, 264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2006/09/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");


flag = 0;
if (rpm_check(release:"SLED10", sp:0, reference:"MozillaFirefox-1.5.0.7-1.2")) flag++;
if (rpm_check(release:"SLED10", sp:0, reference:"MozillaFirefox-translations-1.5.0.7-1.2")) flag++;
if (rpm_check(release:"SLES10", sp:0, reference:"MozillaFirefox-1.5.0.7-1.2")) flag++;
if (rpm_check(release:"SLES10", sp:0, reference:"MozillaFirefox-translations-1.5.0.7-1.2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else exit(0, "The host is not affected.");
VendorProductVersionCPE
susesuse_linuxcpe:/o:suse:suse_linux

References

Related

nessus 40
freebsd 1
openvas 20
centos 4
oraclelinux 3
gentoo 4
redhat 3
suse 2
ubuntu 4
osv 4
debian 3
cert 2
mozilla 8
nvd 14
cve 14
debiancve 11
veracode 9
cvelist 12
ubuntucve 11
securityvulns 1
checkpoint_advisories 1
prion 2
nessus
nessus
FreeBSD : mozilla -- multiple vulnerabilities (e6296105-449b-11db-ba89-000c6ec775d9)
2006-09-15 00:00:00
Firefox < 1.5.0.7 Multiple Vulnerabilities
2006-09-16 00:00:00
openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2090)
2007-10-17 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2006-09-14 00:00:00
openvas
openvas
FreeBSD Ports: firefox
2008-09-04 00:00:00
FreeBSD Ports: firefox
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200609-19 (Firefox)
2008-09-24 00:00:00
centos
centos
firefox security update
2006-09-15 14:57:18
seamonkey security update
2006-09-17 23:20:54
devhelp, seamonkey security update
2006-09-15 14:57:11
oraclelinux
oraclelinux
Critical firefox security update
2006-12-07 00:00:00
Critical thunderbird security update
2006-12-07 00:00:00
Critical seamonkey security update
2006-12-07 00:00:00
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2006-09-28 00:00:00
Mozilla Thunderbird: Multiple vulnerabilities
2006-10-04 00:00:00
Seamonkey: Multiple vulnerabilities
2006-10-16 00:00:00
redhat
redhat
(RHSA-2006:0675) firefox security update
2006-09-15 00:00:00
(RHSA-2006:0676) seamonkey security update
2006-09-15 00:00:00
(RHSA-2006:0677) thunderbird security update
2006-09-15 00:00:00
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey
2006-09-22 13:02:47
RSA signature evasion in openssl,mozilla-nss
2006-09-22 15:25:59
ubuntu
ubuntu
Thunderbird vulnerabilities
2006-09-25 00:00:00
firefox vulnerabilities
2006-09-23 00:00:00
Thunderbird vulnerabilities
2006-09-22 00:00:00
osv
osv
mozilla-thunderbird
2006-10-05 00:00:00
mozilla
2006-10-06 00:00:00
mozilla-firefox
2006-11-14 00:00:00
debian
debian
[SECURITY] [DSA 1192-1] New Mozilla packages fix several vulnerabilities
2006-10-06 12:11:15
[SECURITY] [DSA 1191-1] New Mozilla Thunderbird packages fix several vulnerabilities
2006-10-05 10:14:30
[SECURITY] [DSA 1210-1] New Mozilla Firefox packages fix several vulnerabilities
2006-11-14 08:02:35
cert
cert
OpenSSL SSLv2 client code fails to properly check for NULL
2006-09-28 00:00:00
OpenSSL SSL_get_shared_ciphers() vulnerable to buffer overflow
2006-09-28 00:00:00
mozilla
mozilla
JavaScript Regular Expression Heap Corruption — Mozilla
2006-09-14 00:00:00
JavaScript execution in mail via XBL — Mozilla
2006-09-14 00:00:00
Crashes with evidence of memory corruption (rv:1.8.0.7) — Mozilla
2006-09-14 00:00:00
nvd
nvd
CVE-2006-4570
2006-09-15 19:07:00
CVE-2006-4567
2006-09-15 18:07:00
CVE-2006-4571
2006-09-15 19:07:00
cve
cve
CVE-2006-4570
2006-09-15 19:07:00
CVE-2006-4567
2006-09-15 18:07:00
CVE-2006-4571
2006-09-15 19:07:00
debiancve
debiancve
CVE-2006-4570
2006-09-15 19:07:00
CVE-2006-4567
2006-09-15 18:07:00
CVE-2006-4571
2006-09-15 19:07:00
veracode
veracode
Restriction Bypass
2020-04-10 00:13:13
Remote Code Execution (RCE)
2020-04-10 00:13:14
Spoofable SSL Certificate
2020-04-10 00:13:11
cvelist
cvelist
CVE-2006-4570
2006-09-15 19:00:00
CVE-2006-4567
2006-09-15 18:00:00
CVE-2006-4571
2006-09-15 19:00:00
ubuntucve
ubuntucve
CVE-2006-4570
2006-09-15 00:00:00
CVE-2006-4571
2006-09-15 00:00:00
CVE-2006-4253
2006-08-21 00:00:00
securityvulns
securityvulns
Microsoft ClickOnce MITM Vulnerabilities
2010-07-19 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Products Regular Expressions Heap Corruption (CVE-2006-4566)
2009-10-15 00:00:00
prion
prion
Code injection
2018-11-07 20:29:00
Code injection
2007-06-06 21:30:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.967

Percentile

99.7%

JSON
Related for SUSE_MOZILLAFIREFOX-2088.NASL
nessus40freebsd1openvas20centos4oraclelinux3gentoo4redhat3suse2ubuntu4osv4debian3cert2mozilla8nvd14cve14debiancve11veracode9cvelist12ubuntucve11securityvulns1checkpoint_advisories1prion2