Lucene search
Copyright (c) 2005 E-Soft Inc. http://www.securityspace.comOPENVAS:52421HistorySep 04, 2008 - 12:00 a.m.
FreeBSD Ports: firefox
2008-09-0400:00:00
Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com
plugins.openvas.org
29
0.02 Low
EPSS
Percentile
88.8%
The remote host is missing an update to the system
as announced in the referenced advisory.
#
#VID 730db824-e216-11d8-9b0a-000347a4fa7d
# OpenVAS Vulnerability Test
# $
# Description: Auto generated from vuxml or freebsd advisories
#
# Authors:
# Thomas Reinke <[email protected]>
#
# Copyright:
# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "The following packages are affected:
firefox
linux-mozilla
linux-mozilla-devel
mozilla
mozilla-gtk1
CVE-2004-0764
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7,
allow remote web sites to hijack the user interface via the 'chrome'
flag and XML User Interface Language (XUL) files.";
tag_solution = "Update your system with the appropriate patches or
software upgrades.
http://bugzilla.mozilla.org/show_bug.cgi?id=22183
http://bugzilla.mozilla.org/show_bug.cgi?id=244965
http://bugzilla.mozilla.org/show_bug.cgi?id=252198
http://www.nd.edu/~jsmith30/xul/test/spoof.html
http://secunia.com/advisories/12188
http://www.vuxml.org/freebsd/730db824-e216-11d8-9b0a-000347a4fa7d.html";
tag_summary = "The remote host is missing an update to the system
as announced in the referenced advisory.";
if(description)
{
script_id(52421);
script_version("$Revision: 4112 $");
script_tag(name:"last_modification", value:"$Date: 2016-09-19 15:17:59 +0200 (Mon, 19 Sep 2016) $");
script_tag(name:"creation_date", value:"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)");
script_cve_id("CVE-2004-0764");
script_bugtraq_id(10832);
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_name("FreeBSD Ports: firefox");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com");
script_family("FreeBSD Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/freebsdrel", "login/SSH/success");
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-bsd.inc");
txt = "";
vuln = 0;
bver = portver(pkg:"firefox");
if(!isnull(bver) && revcomp(a:bver, b:"0.9.1_1")<=0) {
txt += 'Package firefox version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"linux-mozilla");
if(!isnull(bver) && revcomp(a:bver, b:"1.7.1")<=0) {
txt += 'Package linux-mozilla version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"linux-mozilla-devel");
if(!isnull(bver) && revcomp(a:bver, b:"1.7.1")<=0) {
txt += 'Package linux-mozilla-devel version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"mozilla");
if(!isnull(bver) && revcomp(a:bver, b:"1.7.1,2")<=0) {
txt += 'Package mozilla version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
if(!isnull(bver) && revcomp(a:bver, b:"1.8.a,2")>=0 && revcomp(a:bver, b:"1.8.a2,2")<=0) {
txt += 'Package mozilla version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
bver = portver(pkg:"mozilla-gtk1");
if(!isnull(bver) && revcomp(a:bver, b:"1.7.1_1")<=0) {
txt += 'Package mozilla-gtk1 version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
if(vuln) {
security_message(data:string(txt));
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
Related
cert
cert
Mozilla status elements can be disabled via JavaScript
2004-12-17 00:00:00
nvd
nvd
CVE-2004-0764
2004-08-18 04:00:00
nessus
nessus
FreeBSD : Mozilla / Firefox user interface spoofing vulnerability (730db824-e216-11d8-9b0a-000347a4fa7d)
2005-07-13 00:00:00
Firefox < 1.0 Multiple Spoofing Vulnerabilities
2004-08-02 00:00:00
RHEL 2.1 / 3 : mozilla (RHSA-2004:421)
2004-08-05 00:00:00
freebsd
freebsd
Mozilla / Firefox user interface spoofing vulnerability
2004-07-19 00:00:00
cve
cve
CVE-2004-0764
2004-08-18 04:00:00
cvelist
cvelist
CVE-2004-0764
2004-08-03 04:00:00
openvas
openvas
FreeBSD Ports: firefox
2008-09-04 00:00:00
Mozilla/Firefox user interface spoofing
2005-11-03 00:00:00
Mozilla/Firefox user interface spoofing
2005-11-03 00:00:00
redhat
redhat
(RHSA-2004:421) mozilla security update
2004-08-04 00:00:00
suse
suse
remote DoS condition in apache2
2004-09-06 13:51:41
remote file disclosure in samba
2004-10-05 14:57:32
remote code execution in cups
2004-09-15 14:45:26
slackware
slackware
[slackware-security] Mozilla
2004-08-10 21:17:12