GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) - Nessus

Critical Plugin ID: 63402

This page contains detailed information about the GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) Nessus plugin including available exploits and PoCs found on GitHub, in Metasploit or Exploit-DB for verifying of this vulnerability.

Table Of Contents

hide

Plugin Overview
Vulnerability Information

Synopsis
Description
Solution

Public Exploits
Risk Information
Plugin Source
How to Run
References
Version

Plugin Overview

ID: 63402
Name: GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
Filename: gentoo_GLSA-201301-01.nasl
Vulnerability Published: 2007-05-02
This Plugin Published: 2013-01-08
Last Modification Time: 2021-01-06
Plugin Version: 1.31
Plugin Type: local
Plugin Family: Gentoo Local Security Checks
Dependencies: ssh_get_info.nasl
Required KB Items [?]: Host/Gentoo/qpkg-list, Host/Gentoo/release, Host/local_checks_enabled

Vulnerability Information

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact :

A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround :

There is no known workaround at this time.

Solution

All Mozilla Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/firefox-10.0.11' All users of the Mozilla Firefox binary package should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-10.0.11' All Mozilla Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-10.0.11' All users of the Mozilla Thunderbird binary package should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-bin-10.0.11' All Mozilla SeaMonkey users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/seamonkey-2.14-r1' All users of the Mozilla SeaMonkey binary package should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-2.14' All NSS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-libs/nss-3.14' The “www-client/mozilla-firefox” package has been merged into the “www-client/firefox” package. To upgrade, please unmerge “www-client/mozilla-firefox” and then emerge the latest “www-client/firefox” package: # emerge --sync # emerge --unmerge 'www-client/mozilla-firefox' # emerge --ask --oneshot --verbose '>=www-client/firefox-10.0.11' The “www-client/mozilla-firefox-bin” package has been merged into the “www-client/firefox-bin” package. To upgrade, please unmerge “www-client/mozilla-firefox-bin” and then emerge the latest “www-client/firefox-bin” package: # emerge --sync # emerge --unmerge 'www-client/mozilla-firefox-bin' # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-10.0.11' The “mail-client/mozilla-thunderbird” package has been merged into the “mail-client/thunderbird” package. To upgrade, please unmerge “mail-client/mozilla-thunderbird” and then emerge the latest “mail-client/thunderbird” package: # emerge --sync # emerge --unmerge 'mail-client/mozilla-thunderbird' # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-10.0.11' The “mail-client/mozilla-thunderbird-bin” package has been merged into the “mail-client/thunderbird-bin” package. To upgrade, please unmerge “mail-client/mozilla-thunderbird-bin” and then emerge the latest “mail-client/thunderbird-bin” package: # emerge --sync # emerge --unmerge 'mail-client/mozilla-thunderbird-bin' # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-bin-10.0.11' Gentoo discontinued support for GNU IceCat. We recommend that users unmerge GNU IceCat: # emerge --unmerge 'www-client/icecat' Gentoo discontinued support for XULRunner. We recommend that users unmerge XULRunner: # emerge --unmerge 'net-libs/xulrunner' Gentoo discontinued support for the XULRunner binary package. We recommend that users unmerge XULRunner: # emerge --unmerge 'net-libs/xulrunner-bin'

Public Exploits

Target Network Port(s): N/A
Target Asset(s): N/A
Exploit Available: True (Metasploit Framework, Exploit-DB, GitHub, ExploitHub, Immunity Canvas, Core Impact)
Exploit Ease: Exploits are available

Here's the list of publicly known exploits and PoCs for verifying the GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) vulnerability:

Metasploit: exploit/multi/browser/firefox_proto_crmfrequest
[Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution]
Metasploit: exploit/multi/browser/firefox_escape_retval
[Firefox 3.5 escape() Return Value Memory Corruption]
Metasploit: exploit/multi/browser/firefox_proto_crmfrequest
[Firefox 5.0 - 15.0.1 exposedProps XCS Code Execution]
Metasploit: exploit/windows/browser/mozilla_attribchildremoved
[Firefox 8/9 AttributeChildRemoved() Use-After-Free]
Metasploit: exploit/windows/browser/mozilla_interleaved_write
[Mozilla Firefox Interleaved document.write/appendChild Memory Corruption]
Metasploit: exploit/osx/browser/mozilla_mchannel
[Mozilla Firefox 3.6.16 mChannel Use-After-Free]
Metasploit: exploit/windows/browser/mozilla_mchannel
[Mozilla Firefox 3.6.16 mChannel Use-After-Free Vulnerability]
Metasploit: exploit/windows/browser/mozilla_nssvgvalue
[Firefox nsSVGValue Out-of-Bounds Access Vulnerability]
Metasploit: exploit/windows/browser/mozilla_nstreerange
[Mozilla Firefox "nsTreeRange" Dangling Pointer Vulnerability]
Metasploit: exploit/windows/browser/mozilla_reduceright
[Mozilla Firefox Array.reduceRight() Integer Overflow]
Exploit-DB: exploits/linux/dos/10184.txt
[EDB-10184: KDE KDELibs 4.3.3 - Remote Array Overrun]
Exploit-DB: exploits/bsd/dos/10185.txt
[EDB-10185: SeaMonkey 1.1.8 - Remote Array Overrun]
Exploit-DB: exploits/bsd/dos/10186.txt
[EDB-10186: K-Meleon 1.5.3 - Remote Array Overrun]
Exploit-DB: exploits/bsd/dos/10187.txt
[EDB-10187: Opera 10.01 - Remote Array Overrun]
Exploit-DB: exploits/multiple/dos/14422.c
[EDB-14422: libpng 1.4.2 - Denial of Service]
Exploit-DB: exploits/windows/dos/14949.py
[EDB-14949: Mozilla Firefox 3.6.3 - XSLT Sort Remote Code Execution]
Exploit-DB: exploits/windows/dos/15027.py
[EDB-15027: Mozilla Firefox 3.6.4 - 'Plugin' EnsureCachedAttrParamArrays Remote Code Execution]
Exploit-DB: exploits/windows/dos/15104.py
[EDB-15104: Mozilla Firefox CSS - font-face Remote Code Execution]
Exploit-DB: exploits/multiple/dos/15342.html
[EDB-15342: Mozilla Firefox - Simplified Memory Corruption (PoC)]
Exploit-DB: exploits/multiple/local/10544.html
[EDB-10544: Mozilla Firefox - Location Bar Spoofing]
Exploit-DB: exploits/multiple/local/30474.rb
[EDB-30474: Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit)]
Exploit-DB: exploits/windows/remote/9663.py
[EDB-9663: Mozilla Firefox 2.0.0.16 - UTF-8 URL Remote Buffer Overflow]
Exploit-DB: exploits/windows/remote/10380.pl
[EDB-10380: Sunbird 0.9 - Array Overrun Code Execution]
Exploit-DB: exploits/multiple/remote/10579.py
[EDB-10579: TLS - Renegotiation]
Exploit-DB: exploits/multiple/remote/16299.rb
[EDB-16299: Mozilla Firefox 3.5 - 'escape()' Return Value Memory Corruption (Metasploit)]
Exploit-DB: exploits/windows/remote/16509.rb
[EDB-16509: Mozilla Firefox - Interleaving 'document.write' / 'appendChild' (Metasploit)]
Exploit-DB: exploits/windows/remote/17520.rb
[EDB-17520: Mozilla Firefox - 'nsTreeRange' Dangling Pointer (Metasploit) (1)]
Exploit-DB: exploits/windows/remote/17612.rb
[EDB-17612: Mozilla Firefox 3.6.16 - OBJECT mChannel Remote Code Execution (DEP Bypass) (Metasploit)]
Exploit-DB: exploits/windows/remote/17650.rb
[EDB-17650: Mozilla Firefox 3.6.16 (Windows) - mChannel Use-After-Free (Metasploit) (1)]
Exploit-DB: exploits/windows/remote/17974.html
[EDB-17974: Mozilla Firefox - 'Array.reduceRight()' Integer Overflow (1)]
Exploit-DB: exploits/windows/remote/17976.rb
[EDB-17976: Mozilla Firefox - 'Array.reduceRight()' Integer Overflow (Metasploit) (2)]
Exploit-DB: exploits/osx/remote/18377.rb
[EDB-18377: Mozilla Firefox 3.6.16 (OSX) - mChannel Use-After-Free (Metasploit) (2)]
Exploit-DB: exploits/windows/remote/18531.html
[EDB-18531: Mozilla Firefox 4.0.1 - 'Array.reduceRight()' Remote Overflow]
Exploit-DB: exploits/windows/remote/18847.rb
[EDB-18847: Mozilla Firefox 7 / 8 < 8.0.1 - nsSVGValue Out-of-Bounds Access (Metasploit)]
Exploit-DB: exploits/windows/remote/18870.rb
[EDB-18870: Mozilla Firefox 8/9 - 'AttributeChildRemoved()' Use-After-Free (Metasploit)]
GitHub: https://github.com/PwnCast/CVE-2009-2700
[CVE-2009-2408: PoC for exploiting CVE-2009-2700 : src/network/ssl/qsslcertificate.cpp in Nokia ...]
GitHub: https://github.com/rakwaht/FirefoxExploits
[CVE-2009-3373]
GitHub: https://github.com/GiJ03/ReconScan
[CVE-2009-3555]
GitHub: https://github.com/RedHatProductSecurity/CVE-HOWTO
[CVE-2009-3555]
GitHub: https://github.com/RoliSoft/ReconScan
[CVE-2009-3555]
GitHub: https://github.com/ekiojp/hanase
[CVE-2009-3555]
GitHub: https://github.com/galeone/letsencrypt-lighttpd
[CVE-2009-3555]
GitHub: https://github.com/issdp/test
[CVE-2009-3555]
GitHub: https://github.com/johnwchadwick/cve-2009-3555-test-server
[CVE-2009-3555: A TLS server using a vendored fork of the Go TLS stack that has renegotation ...]
GitHub: https://github.com/matoweb/Enumeration-Script
[CVE-2009-3555]
GitHub: https://github.com/withdk/pulse-secure-vpn-mitm-research
[CVE-2009-3555]
GitHub: https://github.com/mergebase/usn2json
[CVE-2010-1585]
GitHub: https://github.com/mergebase/usn2json
[CVE-2010-3776]
GitHub: https://github.com/mergebase/usn2json
[CVE-2010-3778]
GitHub: https://github.com/mergebase/usn2json
[CVE-2011-0051]
GitHub: https://github.com/mergebase/usn2json
[CVE-2011-0053]
GitHub: https://github.com/mergebase/usn2json
[CVE-2011-0054]
GitHub: https://github.com/mergebase/usn2json
[CVE-2011-0055]
GitHub: https://github.com/mergebase/usn2json
[CVE-2011-0056]
GitHub: https://github.com/mergebase/usn2json
[CVE-2011-0057]
GitHub: https://github.com/mergebase/usn2json
[CVE-2011-0058]
GitHub: https://github.com/mergebase/usn2json
[CVE-2011-0059]
GitHub: https://github.com/mergebase/usn2json
[CVE-2011-0062]
GitHub: https://github.com/Cryin/Paper
[CVE-2011-0065]
GitHub: https://github.com/mergebase/usn2json
[CVE-2011-0065]
GitHub: https://github.com/mergebase/usn2json
[CVE-2011-0066]
GitHub: https://github.com/mergebase/usn2json
[CVE-2011-0067]
GitHub: https://github.com/mergebase/usn2json
[CVE-2011-0069]
GitHub: https://github.com/mergebase/usn2json
[CVE-2011-0070]
GitHub: https://github.com/mergebase/usn2json
[CVE-2011-0071]
GitHub: https://github.com/mergebase/usn2json
[CVE-2011-0072]
GitHub: https://github.com/mergebase/usn2json
[CVE-2011-0073]
GitHub: https://github.com/mergebase/usn2json
[CVE-2011-0074]
GitHub: https://github.com/mergebase/usn2json
[CVE-2011-0075]
GitHub: https://github.com/mergebase/usn2json
[CVE-2011-0077]
GitHub: https://github.com/mergebase/usn2json
[CVE-2011-0078]
GitHub: https://github.com/mergebase/usn2json
[CVE-2011-0080]
GitHub: https://github.com/mergebase/usn2json
[CVE-2011-1202]
GitHub: https://github.com/jan0/isslfix
[CVE-2011-3026]
GitHub: https://github.com/Artem-Salnikov/devops-netology
[CVE-2011-3389]
GitHub: https://github.com/Astrogeorgeonethree/Starred
[CVE-2011-3389]
GitHub: https://github.com/Vladislav-Pugachev/netology-DevOps-dz_-14
[CVE-2011-3389]
GitHub: https://github.com/WiktorMysz/devops-netology
[CVE-2011-3389]
GitHub: https://github.com/alexandrburyakov/Rep2
[CVE-2011-3389]
GitHub: https://github.com/bysart/devops-netology
[CVE-2011-3389]
GitHub: https://github.com/daniel1302/litecoin
[CVE-2011-3389]
GitHub: https://github.com/ilya-starchikov/devops-netology
[CVE-2011-3389]
GitHub: https://github.com/mpgn/BEAST-PoC
[CVE-2011-3389: :muscle: Proof Of Concept of the BEAST attack against SSL/TLS CVE-2011-3389 :muscle: ...]
GitHub: https://github.com/pashicop/3.9_1
[CVE-2011-3389]
GitHub: https://github.com/yellownine/netology-DevOps
[CVE-2011-3389]
GitHub: https://github.com/rakwaht/FirefoxExploits
[CVE-2011-3659]
GitHub: https://github.com/ZihanYe/web-browser-vulnerabilities
[CVE-2012-0469]
GitHub: https://github.com/lukeber4/usn-search
[CVE-2012-3991]
GitHub: https://github.com/BushraAloraini/Android-Vulnerabilities
[CVE-2012-4190]
GitHub: https://github.com/offensive-security/exploitdb-bin-sploits/blob/master/bin-sploits/14949.zip
[EDB-14949]
GitHub: https://github.com/offensive-security/exploitdb-bin-sploits/blob/master/bin-sploits/15027.zip
[EDB-15027]
GitHub: https://github.com/offensive-security/exploitdb-bin-sploits/blob/master/bin-sploits/15104.zip
[EDB-15104]
GitHub: https://github.com/offensive-security/exploitdb-bin-sploits/blob/master/bin-sploits/17974.zip
[EDB-17974]
GitHub: https://github.com/offensive-security/exploitdb-bin-sploits/blob/master/bin-sploits/18531.zip
[EDB-18531]
GitHub: https://github.com/Fullmetal5/str2hax
[CVE-2009-0689: An implementation of CVE-2009-0689 for the Nintendo Wii.]
GitHub: https://github.com/mk219533/CVE-2010-1205
[CVE-2010-1205: Sample exploit of buffer overflow in libpng]
GitHub: https://github.com/argp/cve-2011-3026-firefox
[CVE-2011-3026: Example of exploiting CVE-2011-3026 on Firefox (Linux/x86)]
ExploitHub: EH-11-772
Immunity Canvas: White_Phosphorus

Before running any exploit against any system, make sure you are authorized by the owner of the target system(s) to perform such activity. In any other case, this would be considered as an illegal activity.

WARNING: Beware of using unverified exploits from sources such as GitHub or Exploit-DB. These exploits and PoCs could contain malware. For more information, see how to use exploits safely.

Risk Information

CVSS V2 Vector [?]: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C

CVSS Base Score:	10.0 (High)
Impact Subscore:	10.0
Exploitability Subscore:	10.0
CVSS Temporal Score:	8.7 (High)
CVSS Environmental Score:	NA (None)
Modified Impact Subscore:	NA
Overall CVSS Score:	8.7 (High)

CVSS V3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C

CVSS Base Score:	9.8 (Critical)
Impact Subscore:	5.9
Exploitability Subscore:	3.9
CVSS Temporal Score:	9.4 (Critical)
CVSS Environmental Score:	NA (None)
Modified Impact Subscore:	NA
Overall CVSS Score:	9.4 (Critical)

Go back to menu.

Plugin Source

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201301-01.
#
# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(63402);
  script_version("1.31");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2007-1861", "CVE-2007-2437", "CVE-2007-2671", "CVE-2007-3073", "CVE-2008-0016", "CVE-2008-0017", "CVE-2008-0367", "CVE-2008-3835", "CVE-2008-3836", "CVE-2008-3837", "CVE-2008-4058", "CVE-2008-4059", "CVE-2008-4060", "CVE-2008-4061", "CVE-2008-4062", "CVE-2008-4063", "CVE-2008-4064", "CVE-2008-4065", "CVE-2008-4066", "CVE-2008-4067", "CVE-2008-4068", "CVE-2008-4069", "CVE-2008-4070", "CVE-2008-4582", "CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5014", "CVE-2008-5015", "CVE-2008-5016", "CVE-2008-5017", "CVE-2008-5018", "CVE-2008-5019", "CVE-2008-5021", "CVE-2008-5022", "CVE-2008-5023", "CVE-2008-5024", "CVE-2008-5052", "CVE-2008-5500", "CVE-2008-5501", "CVE-2008-5502", "CVE-2008-5503", "CVE-2008-5504", "CVE-2008-5505", "CVE-2008-5506", "CVE-2008-5507", "CVE-2008-5508", "CVE-2008-5510", "CVE-2008-5511", "CVE-2008-5512", "CVE-2008-5513", "CVE-2008-5822", "CVE-2008-5913", "CVE-2008-6961", "CVE-2009-0071", "CVE-2009-0352", "CVE-2009-0353", "CVE-2009-0354", "CVE-2009-0355", "CVE-2009-0356", "CVE-2009-0357", "CVE-2009-0358", "CVE-2009-0652", "CVE-2009-0689", "CVE-2009-0771", "CVE-2009-0772", "CVE-2009-0773", "CVE-2009-0774", "CVE-2009-0775", "CVE-2009-0776", "CVE-2009-0777", "CVE-2009-1044", "CVE-2009-1169", "CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305", "CVE-2009-1306", "CVE-2009-1307", "CVE-2009-1308", "CVE-2009-1309", "CVE-2009-1310", "CVE-2009-1311", "CVE-2009-1312", "CVE-2009-1313", "CVE-2009-1392", "CVE-2009-1571", "CVE-2009-1828", "CVE-2009-1832", "CVE-2009-1833", "CVE-2009-1834", "CVE-2009-1835", "CVE-2009-1836", "CVE-2009-1837", "CVE-2009-1838", "CVE-2009-1839", "CVE-2009-1840", "CVE-2009-1841", "CVE-2009-2043", "CVE-2009-2044", "CVE-2009-2061", "CVE-2009-2065", "CVE-2009-2210", "CVE-2009-2404", "CVE-2009-2408", "CVE-2009-2462", "CVE-2009-2463", "CVE-2009-2464", "CVE-2009-2465", "CVE-2009-2466", "CVE-2009-2467", "CVE-2009-2469", "CVE-2009-2470", "CVE-2009-2471", "CVE-2009-2472", "CVE-2009-2477", "CVE-2009-2478", "CVE-2009-2479", "CVE-2009-2535", "CVE-2009-2654", "CVE-2009-2662", "CVE-2009-2664", "CVE-2009-2665", "CVE-2009-3069", "CVE-2009-3070", "CVE-2009-3071", "CVE-2009-3072", "CVE-2009-3074", "CVE-2009-3075", "CVE-2009-3076", "CVE-2009-3077", "CVE-2009-3078", "CVE-2009-3079", "CVE-2009-3274", "CVE-2009-3371", "CVE-2009-3372", "CVE-2009-3373", "CVE-2009-3374", "CVE-2009-3375", "CVE-2009-3376", "CVE-2009-3377", "CVE-2009-3378", "CVE-2009-3379", "CVE-2009-3380", "CVE-2009-3381", "CVE-2009-3382", "CVE-2009-3383", "CVE-2009-3388", "CVE-2009-3389", "CVE-2009-3555", "CVE-2009-3978", "CVE-2009-3979", "CVE-2009-3980", "CVE-2009-3981", "CVE-2009-3982", "CVE-2009-3983", "CVE-2009-3984", "CVE-2009-3985", "CVE-2009-3986", "CVE-2009-3987", "CVE-2009-3988", "CVE-2010-0159", "CVE-2010-0160", "CVE-2010-0162", "CVE-2010-0163", "CVE-2010-0164", "CVE-2010-0165", "CVE-2010-0166", "CVE-2010-0167", "CVE-2010-0168", "CVE-2010-0169", "CVE-2010-0170", "CVE-2010-0171", "CVE-2010-0172", "CVE-2010-0173", "CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0176", "CVE-2010-0177", "CVE-2010-0178", "CVE-2010-0179", "CVE-2010-0181", "CVE-2010-0182", "CVE-2010-0183", "CVE-2010-0220", "CVE-2010-0648", "CVE-2010-0654", "CVE-2010-1028", "CVE-2010-1121", "CVE-2010-1125", "CVE-2010-1196", "CVE-2010-1197", "CVE-2010-1198", "CVE-2010-1199", "CVE-2010-1200", "CVE-2010-1201", "CVE-2010-1202", "CVE-2010-1203", "CVE-2010-1205", "CVE-2010-1206", "CVE-2010-1207", "CVE-2010-1208", "CVE-2010-1209", "CVE-2010-1210", "CVE-2010-1211", "CVE-2010-1212", "CVE-2010-1213", "CVE-2010-1214", "CVE-2010-1215", "CVE-2010-1585", "CVE-2010-2751", "CVE-2010-2752", "CVE-2010-2753", "CVE-2010-2754", "CVE-2010-2755", "CVE-2010-2760", "CVE-2010-2762", "CVE-2010-2763", "CVE-2010-2764", "CVE-2010-2765", "CVE-2010-2766", "CVE-2010-2767", "CVE-2010-2768", "CVE-2010-2769", "CVE-2010-2770", "CVE-2010-3131", "CVE-2010-3166", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-3169", "CVE-2010-3170", "CVE-2010-3171", "CVE-2010-3173", "CVE-2010-3174", "CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3399", "CVE-2010-3400", "CVE-2010-3765", "CVE-2010-3766", "CVE-2010-3767", "CVE-2010-3768", "CVE-2010-3769", "CVE-2010-3770", "CVE-2010-3771", "CVE-2010-3772", "CVE-2010-3773", "CVE-2010-3774", "CVE-2010-3775", "CVE-2010-3776", "CVE-2010-3777", "CVE-2010-3778", "CVE-2010-4508", "CVE-2010-5074", "CVE-2011-0051", "CVE-2011-0053", "CVE-2011-0054", "CVE-2011-0055", "CVE-2011-0056", "CVE-2011-0057", "CVE-2011-0058", "CVE-2011-0059", "CVE-2011-0061", "CVE-2011-0062", "CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0068", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0076", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0079", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-0082", "CVE-2011-0083", "CVE-2011-0084", "CVE-2011-0085", "CVE-2011-1187", "CVE-2011-1202", "CVE-2011-1712", "CVE-2011-2362", "CVE-2011-2363", "CVE-2011-2364", "CVE-2011-2365", "CVE-2011-2369", "CVE-2011-2370", "CVE-2011-2371", "CVE-2011-2372", "CVE-2011-2373", "CVE-2011-2374", "CVE-2011-2375", "CVE-2011-2376", "CVE-2011-2377", "CVE-2011-2378", "CVE-2011-2605", "CVE-2011-2980", "CVE-2011-2981", "CVE-2011-2982", "CVE-2011-2983", "CVE-2011-2984", "CVE-2011-2985", "CVE-2011-2986", "CVE-2011-2987", "CVE-2011-2988", "CVE-2011-2989", "CVE-2011-2990", "CVE-2011-2991", "CVE-2011-2993", "CVE-2011-2995", "CVE-2011-2996", "CVE-2011-2997", "CVE-2011-2998", "CVE-2011-2999", "CVE-2011-3000", "CVE-2011-3001", "CVE-2011-3002", "CVE-2011-3003", "CVE-2011-3004", "CVE-2011-3005", "CVE-2011-3026", "CVE-2011-3062", "CVE-2011-3101", "CVE-2011-3232", "CVE-2011-3389", "CVE-2011-3640", "CVE-2011-3647", "CVE-2011-3648", "CVE-2011-3649", "CVE-2011-3650", "CVE-2011-3651", "CVE-2011-3652", "CVE-2011-3653", "CVE-2011-3654", "CVE-2011-3655", "CVE-2011-3658", "CVE-2011-3659", "CVE-2011-3660", "CVE-2011-3661", "CVE-2011-3663", "CVE-2011-3665", "CVE-2011-3670", "CVE-2011-3866", "CVE-2011-4688", "CVE-2012-0441", "CVE-2012-0442", "CVE-2012-0443", "CVE-2012-0444", "CVE-2012-0445", "CVE-2012-0446", "CVE-2012-0447", "CVE-2012-0449", "CVE-2012-0450", "CVE-2012-0451", "CVE-2012-0452", "CVE-2012-0455", "CVE-2012-0456", "CVE-2012-0457", "CVE-2012-0458", "CVE-2012-0459", "CVE-2012-0460", "CVE-2012-0461", "CVE-2012-0462", "CVE-2012-0463", "CVE-2012-0464", "CVE-2012-0467", "CVE-2012-0468", "CVE-2012-0469", "CVE-2012-0470", "CVE-2012-0471", "CVE-2012-0473", "CVE-2012-0474", "CVE-2012-0475", "CVE-2012-0477", "CVE-2012-0478", "CVE-2012-0479", "CVE-2012-1937", "CVE-2012-1938", "CVE-2012-1939", "CVE-2012-1940", "CVE-2012-1941", "CVE-2012-1945", "CVE-2012-1946", "CVE-2012-1947", "CVE-2012-1948", "CVE-2012-1949", "CVE-2012-1950", "CVE-2012-1951", "CVE-2012-1952", "CVE-2012-1953", "CVE-2012-1954", "CVE-2012-1955", "CVE-2012-1956", "CVE-2012-1957", "CVE-2012-1958", "CVE-2012-1959", "CVE-2012-1960", "CVE-2012-1961", "CVE-2012-1962", "CVE-2012-1963", "CVE-2012-1964", "CVE-2012-1965", "CVE-2012-1966", "CVE-2012-1967", "CVE-2012-1970", "CVE-2012-1971", "CVE-2012-1972", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-1975", "CVE-2012-1976", "CVE-2012-1994", "CVE-2012-3956", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-3959", "CVE-2012-3960", "CVE-2012-3961", "CVE-2012-3962", "CVE-2012-3963", "CVE-2012-3964", "CVE-2012-3965", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3968", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3971", "CVE-2012-3972", "CVE-2012-3973", "CVE-2012-3975", "CVE-2012-3976", "CVE-2012-3978", "CVE-2012-3980", "CVE-2012-3982", "CVE-2012-3984", "CVE-2012-3985", "CVE-2012-3986", "CVE-2012-3988", "CVE-2012-3989", "CVE-2012-3990", "CVE-2012-3991", "CVE-2012-3992", "CVE-2012-3993", "CVE-2012-3994", "CVE-2012-3995", "CVE-2012-4179", "CVE-2012-4180", "CVE-2012-4181", "CVE-2012-4182", "CVE-2012-4183", "CVE-2012-4184", "CVE-2012-4185", "CVE-2012-4186", "CVE-2012-4187", "CVE-2012-4188", "CVE-2012-4190", "CVE-2012-4191", "CVE-2012-4192", "CVE-2012-4193", "CVE-2012-4194", "CVE-2012-4195", "CVE-2012-4196", "CVE-2012-4201", "CVE-2012-4202", "CVE-2012-4204", "CVE-2012-4205", "CVE-2012-4206", "CVE-2012-4207", "CVE-2012-4208", "CVE-2012-4209", "CVE-2012-4210", "CVE-2012-4212", "CVE-2012-4215", "CVE-2012-4216", "CVE-2012-4930", "CVE-2012-5354", "CVE-2012-5829", "CVE-2012-5830", "CVE-2012-5833", "CVE-2012-5835", "CVE-2012-5836", "CVE-2012-5838", "CVE-2012-5839", "CVE-2012-5840", "CVE-2012-5841", "CVE-2012-5842", "CVE-2012-5843");
  script_bugtraq_id(51752, 51753, 51754, 51756, 51757, 51765, 51787, 51975, 52456, 52457, 52458, 52459, 52460, 52461, 52463, 52464, 52465, 52466, 52467, 53219, 53220, 53221, 53223, 53224, 53225, 53227, 53228, 53229, 53230, 53231, 53315, 53791, 53792, 53793, 53794, 53796, 53797, 53798, 53799, 53800, 54572, 54573, 54574, 54575, 54576, 54577, 54578, 54579, 54580, 54581, 54582, 54583, 54584, 54585, 54586, 55257, 55260, 55264, 55266, 55274, 55276, 55277, 55278, 55292, 55304, 55306, 55308, 55310, 55311, 55313, 55314, 55316, 55317, 55318, 55319, 55320, 55321, 55322, 55323, 55324, 55325, 55340, 55342, 55857, 55922, 55924, 55926, 55927, 55930, 55931, 55932, 56118, 56119, 56120, 56121, 56123, 56125, 56126, 56127, 56128, 56129, 56130, 56131, 56135, 56136, 56140, 56151, 56153, 56154, 56155, 56301, 56302, 56306, 56611, 56612, 56613, 56614, 56616, 56618, 56621, 56625, 56627, 56629, 56630, 56631, 56632, 56633, 56634, 56635, 56636, 56637, 56641, 56642, 56643, 56644, 56646);
  script_xref(name:"GLSA", value:"201301-01");

  script_name(english:"GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The remote host is affected by the vulnerability described in GLSA-201301-01
(Mozilla Products: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Mozilla Firefox,
      Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the
      CVE identifiers referenced below for details.
  
Impact :

    A remote attacker could entice a user to view a specially crafted web
      page or email, possibly resulting in execution of arbitrary code or a
      Denial of Service condition. Furthermore, a remote attacker may be able
      to perform Man-in-the-Middle attacks, obtain sensitive information,
      bypass restrictions and protection mechanisms, force file downloads,
      conduct XML injection attacks, conduct XSS attacks, bypass the Same
      Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical
      scroll, spoof the location bar, spoof an SSL indicator, modify the
      browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified
      impact.
    A local attacker could gain escalated privileges, obtain sensitive
      information, or replace an arbitrary downloaded file.
  
Workaround :

    There is no known workaround at this time."
  );
  # https://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-certificates/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?a9b416a4"
  );
  # https://www.mozilla.org/security/announce/2011/mfsa2011-11.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-11/"
  );
  # https://www.mozilla.org/security/announce/2011/mfsa2011-34.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-34/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201301-01"
  );
  script_set_attribute(
    attribute:"solution",
    value:
"All Mozilla Firefox users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=www-client/firefox-10.0.11'
    All users of the Mozilla Firefox binary package should upgrade to the
      latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-10.0.11'
    All Mozilla Thunderbird users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-10.0.11'
    All users of the Mozilla Thunderbird binary package should upgrade to
      the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose
      '>=mail-client/thunderbird-bin-10.0.11'
    All Mozilla SeaMonkey users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=www-client/seamonkey-2.14-r1'
    All users of the Mozilla SeaMonkey binary package should upgrade to the
      latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-2.14'
    All NSS users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=dev-libs/nss-3.14'
    The &ldquo;www-client/mozilla-firefox&rdquo; package has been merged into the
      &ldquo;www-client/firefox&rdquo; package. To upgrade, please unmerge
      &ldquo;www-client/mozilla-firefox&rdquo; and then emerge the latest
      &ldquo;www-client/firefox&rdquo; package:
      # emerge --sync
      # emerge --unmerge 'www-client/mozilla-firefox'
      # emerge --ask --oneshot --verbose '>=www-client/firefox-10.0.11'
    The &ldquo;www-client/mozilla-firefox-bin&rdquo; package has been merged into
      the &ldquo;www-client/firefox-bin&rdquo; package. To upgrade, please unmerge
      &ldquo;www-client/mozilla-firefox-bin&rdquo; and then emerge the latest
      &ldquo;www-client/firefox-bin&rdquo; package:
      # emerge --sync
      # emerge --unmerge 'www-client/mozilla-firefox-bin'
      # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-10.0.11'
    The &ldquo;mail-client/mozilla-thunderbird&rdquo; package has been merged into
      the &ldquo;mail-client/thunderbird&rdquo; package. To upgrade, please unmerge
      &ldquo;mail-client/mozilla-thunderbird&rdquo; and then emerge the latest
      &ldquo;mail-client/thunderbird&rdquo; package:
      # emerge --sync
      # emerge --unmerge 'mail-client/mozilla-thunderbird'
      # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-10.0.11'
    The &ldquo;mail-client/mozilla-thunderbird-bin&rdquo; package has been merged
      into the &ldquo;mail-client/thunderbird-bin&rdquo; package. To upgrade, please
      unmerge &ldquo;mail-client/mozilla-thunderbird-bin&rdquo; and then emerge the
      latest &ldquo;mail-client/thunderbird-bin&rdquo; package:
      # emerge --sync
      # emerge --unmerge 'mail-client/mozilla-thunderbird-bin'
      # emerge --ask --oneshot --verbose
      '>=mail-client/thunderbird-bin-10.0.11'
    Gentoo discontinued support for GNU IceCat. We recommend that users
      unmerge GNU IceCat:
      # emerge --unmerge 'www-client/icecat'
    Gentoo discontinued support for XULRunner. We recommend that users
      unmerge XULRunner:
      # emerge --unmerge 'net-libs/xulrunner'
    Gentoo discontinued support for the XULRunner binary package. We
      recommend that users unmerge XULRunner:
      # emerge --unmerge 'net-libs/xulrunner-bin'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploithub_sku", value:"EH-11-772");
  script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus');
  script_cwe_id(16, 20, 22, 59, 79, 94, 119, 189, 200, 264, 287, 310, 362, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firefox-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:icecat");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-firefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-firefox-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-thunderbird");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:nss");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:thunderbird");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:thunderbird-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xulrunner");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xulrunner-bin");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2007/05/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/01/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/08");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"net-libs/xulrunner-bin", unaffected:make_list(), vulnerable:make_list("le 1.8.1.19"))) flag++;
if (qpkg_check(package:"mail-client/thunderbird-bin", unaffected:make_list("ge 10.0.11"), vulnerable:make_list("lt 10.0.11"))) flag++;
if (qpkg_check(package:"www-client/firefox", unaffected:make_list("ge 10.0.11"), vulnerable:make_list("lt 10.0.11"))) flag++;
if (qpkg_check(package:"mail-client/thunderbird", unaffected:make_list("ge 10.0.11"), vulnerable:make_list("lt 10.0.11"))) flag++;
if (qpkg_check(package:"mail-client/mozilla-thunderbird-bin", unaffected:make_list(), vulnerable:make_list("le 3.0"))) flag++;
if (qpkg_check(package:"mail-client/mozilla-thunderbird", unaffected:make_list(), vulnerable:make_list("le 3.0.4-r1"))) flag++;
if (qpkg_check(package:"dev-libs/nss", unaffected:make_list("ge 3.14"), vulnerable:make_list("lt 3.14"))) flag++;
if (qpkg_check(package:"www-client/firefox-bin", unaffected:make_list("ge 10.0.11"), vulnerable:make_list("lt 10.0.11"))) flag++;
if (qpkg_check(package:"net-libs/xulrunner", unaffected:make_list(), vulnerable:make_list("le 2.0-r1"))) flag++;
if (qpkg_check(package:"www-client/mozilla-firefox-bin", unaffected:make_list(), vulnerable:make_list("le 3.5.6"))) flag++;
if (qpkg_check(package:"www-client/seamonkey", unaffected:make_list("ge 2.14-r1"), vulnerable:make_list("lt 2.14-r1"))) flag++;
if (qpkg_check(package:"www-client/icecat", unaffected:make_list(), vulnerable:make_list("le 10.0-r1"))) flag++;
if (qpkg_check(package:"www-client/seamonkey-bin", unaffected:make_list("ge 2.14"), vulnerable:make_list("lt 2.14"))) flag++;
if (qpkg_check(package:"www-client/mozilla-firefox", unaffected:make_list(), vulnerable:make_list("le 3.6.8"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla Products");
}

The latest version of this script can be found in these locations depending on your platform:

Linux / Unix:
/opt/nessus/lib/nessus/plugins/gentoo_GLSA-201301-01.nasl
Windows:
C:\ProgramData\Tenable\Nessus\nessus\plugins\gentoo_GLSA-201301-01.nasl
Mac OS X:
/Library/Nessus/run/lib/nessus/plugins/gentoo_GLSA-201301-01.nasl

Go back to menu.

How to Run

Here is how to run the GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) as a standalone plugin via the Nessus web user interface (https://localhost:8834/):

Click to start a New Scan.
Select Advanced Scan.
Navigate to the Plugins tab.
On the top right corner click to Disable All plugins.
On the left side table select Gentoo Local Security Checks plugin family.
On the right side table select GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) plugin ID 63402.
Specify the target on the Settings tab and click to Save the scan.
Run the scan.

Here are a few examples of how to run the plugin in the command line. Note that the examples below demonstrate the usage on the Linux / Unix platform.

Basic usage:

/opt/nessus/bin/nasl gentoo_GLSA-201301-01.nasl -t <IP/HOST>

Run the plugin with audit trail message on the console:

/opt/nessus/bin/nasl -a gentoo_GLSA-201301-01.nasl -t <IP/HOST>

Run the plugin with trace script execution written to the console (useful for debugging):

/opt/nessus/bin/nasl -T - gentoo_GLSA-201301-01.nasl -t <IP/HOST>

Run the plugin with using a state file for the target and updating it (useful for running multiple plugins on the target):

/opt/nessus/bin/nasl -K /tmp/state gentoo_GLSA-201301-01.nasl -t <IP/HOST>

Go back to menu.

References

BID | SecurityFocus Bugtraq ID:

51752, 51753, 51754, 51756, 51757, 51765, 51787, 51975, 52456, 52457, 52458, 52459, 52460, 52461, 52463, 52464, 52465, 52466, 52467, 53219, 53220, 53221, 53223, 53224, 53225, 53227, 53228, 53229, 53230, 53231, 53315, 53791, 53792, 53793, 53794, 53796, 53797, 53798, 53799, 53800, 54572, 54573, 54574, 54575, 54576, 54577, 54578, 54579, 54580, 54581, 54582, 54583, 54584, 54585, 54586, 55257, 55260, 55264, 55266, 55274, 55276, 55277, 55278, 55292, 55304, 55306, 55308, 55310, 55311, 55313, 55314, 55316, 55317, 55318, 55319, 55320, 55321, 55322, 55323, 55324, 55325, 55340, 55342, 55857, 55922, 55924, 55926, 55927, 55930, 55931, 55932, 56118, 56119, 56120, 56121, 56123, 56125, 56126, 56127, 56128, 56129, 56130, 56131, 56135, 56136, 56140, 56151, 56153, 56154, 56155, 56301, 56302, 56306, 56611, 56612, 56613, 56614, 56616, 56618, 56621, 56625, 56627, 56629, 56630, 56631, 56632, 56633, 56634, 56635, 56636, 56637, 56641, 56642, 56643, 56644, 56646

GLSA | Gentoo Linux Security Advisory:

201301-01

CWE | Common Weakness Enumeration:

CWE-16 (Category) Configuration
CWE-20 (Weakness) Improper Input Validation
CWE-22 (Weakness) Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-59 (Weakness) Improper Link Resolution Before File Access ('Link Following')
CWE-79 (Weakness) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-94 (Weakness) Improper Control of Generation of Code ('Code Injection')
CWE-119 (Weakness) Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-189 (Category) Numeric Errors
CWE-200 (Weakness) Exposure of Sensitive Information to an Unauthorized Actor
CWE-264 (Category) Permissions, Privileges, and Access Controls
CWE-287 (Weakness) Improper Authentication
CWE-310 (Category) Cryptographic Issues
CWE-362 (Weakness) Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-399 (Category) Resource Management Errors

See also:

Similar and related Nessus plugins:

62548 - Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1611-1)
62565 - Transport Layer Security (TLS) Protocol CRIME Vulnerability
62573 - SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8327)
62575 - Firefox < 10.0.8 Multiple Vulnerabilities (Mac OS X)
62576 - Firefox < 16.0 Multiple Vulnerabilities (Mac OS X)
62577 - Mozilla Thunderbird 10.0.x < 10.0.8 Multiple Vulnerabilities (Mac OS X)
62578 - Mozilla Thunderbird < 16.0 Multiple Vulnerabilities (Mac OS X)
62579 - Firefox 10.0.x < 10.0.8 Multiple Vulnerabilities
62580 - Firefox < 16.0 Multiple Vulnerabilities
62581 - Mozilla Thunderbird 10.0.x < 10.0.8 Multiple Vulnerabilities
62582 - Mozilla Thunderbird < 16.0 Multiple Vulnerabilities
62583 - SeaMonkey < 2.13 Multiple Vulnerabilities
62667 - Debian DSA-2565-1 : iceweasel - several vulnerabilities
62748 - Debian DSA-2569-1 : icedove - several vulnerabilities
62805 - Debian DSA-2572-1 : iceape - several vulnerabilities
62944 - VMSA-2012-0016 : VMware security updates for vSphere API and ESX Service Console
63195 - Fedora 18 : libxslt-1.1.27-2.fc18 (2012-15716)
63447 - Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1681-1)
63448 - Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1681-2)
63463 - FreeBSD : mozilla -- multiple vulnerabilities (a4ed6632-5aa9-11e2-8fcb-c8600054b392)
63545 - Firefox < 18.0 Multiple Vulnerabilities (Mac OS X)
63626 - SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 8426)
63665 - Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1681-3)
63888 - RHEL 4 : nspr and nss (RHSA-2009:1190)
63889 - RHEL 5 : nspr and nss (RHSA-2009:1207)
63923 - RHEL 5 : thunderbird (RHSA-2010:0153)
63939 - RHEL 5 : thunderbird (RHSA-2010:0545)
63983 - RHEL 5 : IBM Java Runtime (RHSA-2011:0880)
64133 - SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 6951)
64136 - SuSE 11.2 Security Update : MozillaFirefox (SAT Patch Number 7224)
64209 - SuSE 11 Security Update : Mozilla (SAT Patch Number 1304)
64379 - IBM Informix Genero < 2.41 png_decompress_chunk Integer Overflow
64480 - Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1681-4)
64642 - VMSA-2013-0001 : VMware vSphere security updates for the authentication service and third-party libraries

Version

This page has been produced using Nessus Professional 10.1.2 (#68) LINUX, Plugin set 202205072148.
Plugin file gentoo_GLSA-201301-01.nasl version 1.31. For more plugins, visit the Nessus Plugin Library.

Go back to menu.

GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) - Nessus

Plugin Overview

Vulnerability Information

Synopsis

Description

Solution

Public Exploits

Risk Information

Plugin Source

How to Run

References

Version

Nessus Plugin Library

Solving Problems with Office 365 Email from GoDaddy

Empire Module Library

CrackMapExec Module Library

Metasploit Android Modules

Top 16 Active Directory Vulnerabilities

Top 10 Vulnerabilities: Internal Infrastructure Pentest

Terminal Escape Injection

Cisco Password Cracking and Decrypting Guide

Capture Passwords using Wireshark

SSH Brute Force Attack Tool using PuTTY / Plink (ssh-putty-brute.ps1)

SMB Brute Force Attack Tool in PowerShell (SMBLogin.ps1)

Port Scanner in PowerShell (TCP/UDP)

Nessus CSV Parser and Extractor

Default Password Scanner (default-http-login-hunter.sh)