CAPEC |
-
Relative Path Traversal
An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
-
Directory Traversal
An attacker with access to file system resources, either directly or via application logic, will use various file path specification or navigation mechanisms such as ".." in path strings and absolute paths to extend their range of access to inappropriate areas of the file system. The attacker attempts to either explore the file system for recon purposes or access directories and files that are intended to be restricted from their access. Exploring the file system can be achieved through constructing paths presented to directory listing programs, such as "ls" and 'dir', or through specially crafted programs that attempt to explore the file system. The attacker engaging in this type of activity is searching for information that can be used later in a more exploitive attack. Access to restricted directories or files can be achieved through modification of path references utilized by system applications.
-
File System Function Injection, Content Based
An attack of this type exploits the host's trust in executing remote content including binary files. The files are poisoned with a malicious payload (targeting the file systems accessible by the target software) by the attacker and may be passed through standard channels such as via email, and standard web content like PDF and multimedia files. The attacker exploits known vulnerabilities or handling routines in the target processes. Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the attacker knows the standard handling routines and can identify vulnerabilities and entry points they can be exploited by otherwise seemingly normal content. Once the attack is executed, the attackers' program can access relative directories such as C:\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.
-
Using Slashes and URL Encoding Combined to Bypass Validation Logic
This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.
-
Manipulating Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
-
Using Escaped Slashes in Alternate Encoding
This attack targets the use of the backslash in alternate encoding. An attacker can provide a backslash as a leading character and causes a parser to believe that the next character is special. This is called an escape. By using that trick, the attacker tries to exploit alternate ways to encode the same character which leads to filter problems and opens avenues to attack.
-
Using Slashes in Alternate Encoding
This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
|
nessus
via4
|
NASL family | Fedora Local Security Checks | NASL id | FEDORA_2007-4106.NASL | description | - Sun Dec 2 2007 Kai Engert -
1.1.7-1
- SeaMonkey 1.1.7
- Mon Nov 5 2007 Kai Engert -
1.1.6-1
- SeaMonkey 1.1.6
- Fri Oct 19 2007 Kai Engert -
1.1.5-1
- SeaMonkey 1.1.5
- Fri Jul 27 2007 Martin Stransky - 1.1.3-2
- added pango patches
- Fri Jul 20 2007 Kai Engert -
1.1.3-1
- SeaMonkey 1.1.3
- Thu May 31 2007 Kai Engert
1.1.2-1
- SeaMonkey 1.1.2
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2016-12-08 | plugin id | 29267 | published | 2007-12-11 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=29267 | title | Fedora 7 : seamonkey-1.1.7-1.fc7 (2007-4106) |
NASL family | Oracle Linux Local Security Checks | NASL id | ORACLELINUX_ELSA-2007-1083.NASL | description | From Red Hat Security Advisory 2007:1083 :
Updated thunderbird packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
Mozilla Thunderbird is a standalone mail and newsgroup client.
A cross-site scripting flaw was found in the way Thunderbird handled
the jar: URI scheme. It may be possible for a malicious HTML mail
message to leverage this flaw, and conduct a cross-site scripting
attack against a user running Thunderbird. (CVE-2007-5947)
Several flaws were found in the way Thunderbird processed certain
malformed HTML mail content. A HTML mail message containing malicious
content could cause Thunderbird to crash, or potentially execute
arbitrary code as the user running Thunderbird. (CVE-2007-5959)
A race condition existed when Thunderbird set the 'window.location'
property when displaying HTML mail content. This flaw could allow a
HTML mail message to set an arbitrary Referer header, which may lead
to a Cross-site Request Forgery (CSRF) attack against websites that
rely only on the Referer header for protection. (CVE-2007-5960)
All users of thunderbird are advised to upgrade to these updated
packages, which contain backported patches to resolve these issues. | last seen | 2019-01-16 | modified | 2016-12-07 | plugin id | 67616 | published | 2013-07-12 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=67616 | title | Oracle Linux 4 : thunderbird (ELSA-2007-1083) |
NASL family | SuSE Local Security Checks | NASL id | SUSE_SEAMONKEY-4794.NASL | description | This update brings Mozilla SeaMonkey to security update version 1.1.7
Following security problems were fixed: MFSA 2007-37 / CVE-2007-5947:
The jar protocol handler in Mozilla Firefox retrieves the inner URL
regardless of its MIME type, and considers HTML documents within a jar
archive to have the same origin as the inner URL, which allows remote
attackers to conduct cross-site scripting (XSS) attacks via a jar:
URI.
MFSA 2007-38 / CVE-2007-5959: The Firefox 2.0.0.10 update contains
fixes for three bugs that improve the stability of the product. These
crashes showed some evidence of memory corruption under certain
circumstances and we presume that with enough effort at least some of
these could be exploited to run arbitrary code.
MFSA 2007-39 / CVE-2007-5960: Gregory Fleischer demonstrated that it
was possible to generate a fake HTTP Referer header by exploiting a
timing condition when setting the window.location property. This could
be used to conduct a Cross-site Request Forgery (CSRF) attack against
websites that rely only on the Referer header as protection against
such attacks.
Also enigmail was upgraded to 0.95.5. | last seen | 2019-01-16 | modified | 2016-12-27 | plugin id | 29695 | published | 2007-12-13 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=29695 | title | openSUSE 10 Security Update : seamonkey (seamonkey-4794) |
NASL family | Ubuntu Local Security Checks | NASL id | UBUNTU_USN-546-1.NASL | description | It was discovered that Firefox incorrectly associated redirected sites
as the origin of 'jar:' contents. A malicious website could exploit
this to modify or steal confidential data (such as passwords) from
other web sites. (CVE-2007-5947)
Various flaws were discovered in the layout and JavaScript engines. By
tricking a user into opening a malicious web page, an attacker could
execute arbitrary code with the user's privileges. (CVE-2007-5959)
Gregory Fleischer discovered that it was possible to use JavaScript to
manipulate Firefox's Referer header. A malicious website could exploit
this to conduct cross-site request forgeries against sites that relied
only on Referer headers for protection from such attacks.
(CVE-2007-5960).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2018-11-28 | plugin id | 28358 | published | 2007-11-29 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=28358 | title | Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-546-1) |
NASL family | Fedora Local Security Checks | NASL id | FEDORA_2007-756.NASL | description | Updated firefox packages that fix several security issues are now
available for Fedora Core 6.
This update has been rated as having critical security impact by the
Fedora Security Response Team.
Mozilla Firefox is an open source Web browser.
A cross-site scripting flaw was found in the way Firefox handled the
jar: URI scheme. It was possible for a malicious website to leverage
this flaw and conduct a cross-site scripting attack against a user
running Firefox. (CVE-2007-5947)
Several flaws were found in the way Firefox processed certain
malformed web content. A web page containing malicious content could
cause Firefox to crash, or potentially execute arbitrary code as the
user running Firefox. (CVE-2007-5959)
A race condition existed when Firefox set the 'window.location'
property for a web page. This flaw could allow a web page to set an
arbitrary Referer header, which may lead to a Cross-site Request
Forgery (CSRF) attack against websites that rely only on the Referer
header for protection. (CVE-2007-5960)
Users of Firefox are advised to upgrade to these updated packages,
which contain backported patches to resolve these issues.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2016-12-08 | plugin id | 29197 | published | 2007-12-04 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=29197 | title | Fedora Core 6 : firefox-1.5.0.12-7.fc6 (2007-756) |
NASL family | SuSE Local Security Checks | NASL id | SUSE_SEAMONKEY-4795.NASL | description | This update fixed various security problems in Mozilla SeaMonkey.
Following security problems were fixed: MFSA 2007-37 / CVE-2007-5947:
The jar protocol handler in Mozilla Firefox retrieves the inner URL
regardless of its MIME type, and considers HTML documents within a jar
archive to have the same origin as the inner URL, which allows remote
attackers to conduct cross-site scripting (XSS) attacks via a jar:
URI.
MFSA 2007-38 / CVE-2007-5959: The Firefox 2.0.0.10 update contains
fixes for three bugs that improve the stability of the product. These
crashes showed some evidence of memory corruption under certain
circumstances and we presume that with enough effort at least some of
these could be exploited to run arbitrary code.
MFSA 2007-39 / CVE-2007-5960: Gregory Fleischer demonstrated that it
was possible to generate a fake HTTP Referer header by exploiting a
timing condition when setting the window.location property. This could
be used to conduct a Cross-site Request Forgery (CSRF) attack against
websites that rely only on the Referer header as protection against
such attacks. | last seen | 2019-01-16 | modified | 2018-07-19 | plugin id | 29888 | published | 2008-01-08 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=29888 | title | openSUSE 10 Security Update : seamonkey (seamonkey-4795) |
NASL family | Mandriva Local Security Checks | NASL id | MANDRAKE_MDKSA-2007-246.NASL | description | A number of security vulnerabilities have been discovered and
corrected in the latest Mozilla Firefox program, version 2.0.0.11.
This update provides the latest Firefox to correct these issues. As
well, it provides Firefox 2.0.0.11 for older products. | last seen | 2019-01-16 | modified | 2018-07-19 | plugin id | 29718 | published | 2007-12-17 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=29718 | title | Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2007:246) |
NASL family | Windows | NASL id | SEAMONKEY_117.NASL | description | The installed version of SeaMonkey is affected by various security
issues :
- Three bugs that can result in crashes with traces
of memory corruption
- A cross-site scripting vulnerability involving
support for the 'jar:' URI scheme
- A timing issue when setting the 'window.location'
property that could be leveraged to conduct
cross-site request forgery attacks. | last seen | 2019-01-16 | modified | 2018-07-27 | plugin id | 28374 | published | 2007-12-02 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=28374 | title | SeaMonkey < 1.1.7 Multiple Vulnerabilities |
NASL family | SuSE Local Security Checks | NASL id | SUSE_EPIPHANY-4870.NASL | description | This update brings the Mozilla XUL runner engine to security update
version 1.8.1.10
MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla
Firefox retrieves the inner URL regardless of its MIME type, and
considers HTML documents within a jar archive to have the same origin
as the inner URL, which allows remote attackers to conduct cross-site
scripting (XSS) attacks via a jar: URI.
MFSA 2007-38 / CVE-2007-5959: The Firefox 2.0.0.10 update contains
fixes for three bugs that improve the stability of the product. These
crashes showed some evidence of memory corruption under certain
circumstances and we presume that with enough effort at least some of
these could be exploited to run arbitrary code.
MFSA 2007-39 / CVE-2007-5960: Gregory Fleischer demonstrated that it
was possible to generate a fake HTTP Referer header by exploiting a
timing condition when setting the window.location property. This could
be used to conduct a Cross-site Request Forgery (CSRF) attack against
websites that rely only on the Referer header as protection against
such attacks. | last seen | 2019-01-16 | modified | 2016-12-22 | plugin id | 29915 | published | 2008-01-10 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=29915 | title | openSUSE 10 Security Update : epiphany (epiphany-4870) |
NASL family | Red Hat Local Security Checks | NASL id | REDHAT-RHSA-2007-1082.NASL | description | Updated firefox packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the
Red Hat Security Response Team.
Mozilla Firefox is an open source Web browser.
A cross-site scripting flaw was found in the way Firefox handled the
jar: URI scheme. It was possible for a malicious website to leverage
this flaw and conduct a cross-site scripting attack against a user
running Firefox. (CVE-2007-5947)
Several flaws were found in the way Firefox processed certain
malformed web content. A webpage containing malicious content could
cause Firefox to crash, or potentially execute arbitrary code as the
user running Firefox. (CVE-2007-5959)
A race condition existed when Firefox set the 'window.location'
property for a webpage. This flaw could allow a webpage to set an
arbitrary Referer header, which may lead to a Cross-site Request
Forgery (CSRF) attack against websites that rely only on the Referer
header for protection. (CVE-2007-5960)
Users of Firefox are advised to upgrade to these updated packages,
which contain backported patches to resolve these issues. | last seen | 2019-01-16 | modified | 2018-11-16 | plugin id | 28353 | published | 2007-11-29 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=28353 | title | RHEL 4 / 5 : firefox (RHSA-2007:1082) |
NASL family | SuSE Local Security Checks | NASL id | SUSE_MOZILLAFIREFOX-4757.NASL | description | This update brings Mozilla Firefox to security update version 2.0.0.10
Following security problems were fixed: MFSA 2007-37 / CVE-2007-5947:
The jar protocol handler in Mozilla Firefox retrieves the inner URL
regardless of its MIME type, and considers HTML documents within a jar
archive to have the same origin as the inner URL, which allows remote
attackers to conduct cross-site scripting (XSS) attacks via a jar:
URI.
- The Firefox 2.0.0.10 update contains fixes for three
bugs that improve the stability of the product. These
crashes showed some evidence of memory corruption under
certain circumstances and we presume that with enough
effort at least some of these could be exploited to run
arbitrary code. (MFSA 2007-38 / CVE-2007-5959)
- Gregory Fleischer demonstrated that it was possible to
generate a fake HTTP Referer header by exploiting a
timing condition when setting the window.location
property. This could be used to conduct a Cross-site
Request Forgery (CSRF) attack against websites that rely
only on the Referer header as protection against such
attacks. (MFSA 2007-39 / CVE-2007-5960) | last seen | 2019-01-16 | modified | 2016-12-22 | plugin id | 29363 | published | 2007-12-13 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=29363 | title | SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 4757) |
NASL family | Scientific Linux Local Security Checks | NASL id | SL_20071126_FIREFOX_ON_SL5_X.NASL | description | A cross-site scripting flaw was found in the way Firefox handled the
jar: URI scheme. It was possible for a malicious website to leverage
this flaw and conduct a cross-site scripting attack against a user
running Firefox. (CVE-2007-5947)
Several flaws were found in the way Firefox processed certain
malformed web content. A webpage containing malicious content could
cause Firefox to crash, or potentially execute arbitrary code as the
user running Firefox. (CVE-2007-5959)
A race condition existed when Firefox set the 'window.location'
property for a webpage. This flaw could allow a webpage to set an
arbitrary Referer header, which may lead to a Cross-site Request
Forgery (CSRF) attack against websites that rely only on the Referer
header for protection. (CVE-2007-5960) | last seen | 2019-01-16 | modified | 2019-01-07 | plugin id | 60314 | published | 2012-08-01 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=60314 | title | Scientific Linux Security Update : firefox on SL5.x, SL4.x i386/x86_64 |
NASL family | Scientific Linux Local Security Checks | NASL id | SL_20071126_SEAMONKEY_ON_SL4_X.NASL | description | A cross-site scripting flaw was found in the way SeaMonkey handled the
jar: URI scheme. It was possible for a malicious website to leverage
this flaw and conduct a cross-site scripting attack against a user
running SeaMonkey. (CVE-2007-5947)
Several flaws were found in the way SeaMonkey processed certain
malformed web content. A webpage containing malicious content could
cause SeaMonkey to crash, or potentially execute arbitrary code as the
user running SeaMonkey. (CVE-2007-5959)
A race condition existed when SeaMonkey set the 'window.location'
property for a webpage. This flaw could allow a webpage to set an
arbitrary Referer header, which may lead to a Cross-site Request
Forgery (CSRF) attack against websites that rely only on the Referer
header for protection. (CVE-2007-5960) | last seen | 2019-01-16 | modified | 2019-01-07 | plugin id | 60315 | published | 2012-08-01 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=60315 | title | Scientific Linux Security Update : seamonkey on SL4.x, SL3.x i386/x86_64 |
NASL family | Debian Local Security Checks | NASL id | DEBIAN_DSA-1425.NASL | description | Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems :
- CVE-2007-5947
Jesse Ruderman and Petko D. Petkov discovered that the
URI handler for JAR archives allows cross-site
scripting.
- CVE-2007-5959
Several crashes in the layout engine were discovered,
which might allow the execution of arbitrary code.
- CVE-2007-5960
Gregory Fleischer discovered a race condition in the
handling of the 'window.location' property, which might
lead to cross-site request forgery.
The oldstable distribution (sarge) doesn't contain xulrunner. | last seen | 2019-01-16 | modified | 2018-11-10 | plugin id | 29260 | published | 2007-12-11 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=29260 | title | Debian DSA-1425-1 : xulrunner - several vulnerabilities |
NASL family | CentOS Local Security Checks | NASL id | CENTOS_RHSA-2007-1083.NASL | description | Updated thunderbird packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
Mozilla Thunderbird is a standalone mail and newsgroup client.
A cross-site scripting flaw was found in the way Thunderbird handled
the jar: URI scheme. It may be possible for a malicious HTML mail
message to leverage this flaw, and conduct a cross-site scripting
attack against a user running Thunderbird. (CVE-2007-5947)
Several flaws were found in the way Thunderbird processed certain
malformed HTML mail content. A HTML mail message containing malicious
content could cause Thunderbird to crash, or potentially execute
arbitrary code as the user running Thunderbird. (CVE-2007-5959)
A race condition existed when Thunderbird set the 'window.location'
property when displaying HTML mail content. This flaw could allow a
HTML mail message to set an arbitrary Referer header, which may lead
to a Cross-site Request Forgery (CSRF) attack against websites that
rely only on the Referer header for protection. (CVE-2007-5960)
All users of thunderbird are advised to upgrade to these updated
packages, which contain backported patches to resolve these issues. | last seen | 2019-01-16 | modified | 2018-11-10 | plugin id | 29750 | published | 2007-12-24 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=29750 | title | CentOS 4 / 5 : thunderbird (CESA-2007:1083) |
NASL family | Slackware Local Security Checks | NASL id | SLACKWARE_SSA_2007-333-01.NASL | description | New seamonkey packages are available for Slackware 11.0, 12.0, and
-current to fix security issues. | last seen | 2018-09-02 | modified | 2018-06-27 | plugin id | 28362 | published | 2007-11-30 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=28362 | title | Slackware 11.0 / 12.0 / current : seamonkey (SSA:2007-333-01) |
NASL family | Windows | NASL id | MOZILLA_FIREFOX_20010.NASL | description | The installed version of Firefox is affected by various security
issues :
- Three bugs that can result in crashes with traces
of memory corruption
- A cross-site scripting vulnerability involving
support for the 'jar:' URI scheme
- A timing issue when setting the 'window.location'
property that could be leveraged to conduct
cross-site request forgery attacks. | last seen | 2019-01-16 | modified | 2018-07-16 | plugin id | 28329 | published | 2007-11-27 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=28329 | title | Firefox < 2.0.0.10 Multiple Vulnerabilities |
NASL family | Ubuntu Local Security Checks | NASL id | UBUNTU_USN-546-2.NASL | description | USN-546-1 fixed vulnerabilities in Firefox. The upstream update
included a faulty patch which caused the drawImage method of the
canvas element to fail. This update fixes the problem.
We apologize for the inconvenience.
It was discovered that Firefox incorrectly associated redirected sites
as the origin of 'jar:' contents. A malicious website could exploit
this to modify or steal confidential data (such as passwords) from
other web sites. (CVE-2007-5947)
Various flaws were discovered in the layout and JavaScript
engines. By tricking a user into opening a malicious web
page, an attacker could execute arbitrary code with the
user's privileges. (CVE-2007-5959)
Gregory Fleischer discovered that it was possible to use
JavaScript to manipulate Firefox's Referer header. A
malicious website could exploit this to conduct cross-site
request forgeries against sites that relied only on Referer
headers for protection from such attacks. (CVE-2007-5960).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2018-11-28 | plugin id | 29236 | published | 2007-12-07 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=29236 | title | Ubuntu 6.10 / 7.04 / 7.10 : firefox regression (USN-546-2) |
NASL family | SuSE Local Security Checks | NASL id | SUSE_MOZILLAFIREFOX-4758.NASL | description | This update brings Mozilla Firefox to security update version 2.0.0.10
Following security problems were fixed: MFSA 2007-37 / CVE-2007-5947:
The jar protocol handler in Mozilla Firefox retrieves the inner URL
regardless of its MIME type, and considers HTML documents within a jar
archive to have the same origin as the inner URL, which allows remote
attackers to conduct cross-site scripting (XSS) attacks via a jar:
URI.
MFSA 2007-38 / CVE-2007-5959: The Firefox 2.0.0.10 update contains
fixes for three bugs that improve the stability of the product. These
crashes showed some evidence of memory corruption under certain
circumstances and we presume that with enough effort at least some of
these could be exploited to run arbitrary code.
MFSA 2007-39 / CVE-2007-5960: Gregory Fleischer demonstrated that it
was possible to generate a fake HTTP Referer header by exploiting a
timing condition when setting the window.location property. This could
be used to conduct a Cross-site Request Forgery (CSRF) attack against
websites that rely only on the Referer header as protection against
such attacks. | last seen | 2019-01-16 | modified | 2016-12-22 | plugin id | 28369 | published | 2007-11-30 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=28369 | title | openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-4758) |
NASL family | Slackware Local Security Checks | NASL id | SLACKWARE_SSA_2007-331-01.NASL | description | New mozilla-firefox packages are available for Slackware 10.2, 11.0,
12.0, and -current to fix security issues. | last seen | 2019-01-16 | modified | 2018-06-27 | plugin id | 28335 | published | 2007-11-29 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=28335 | title | Slackware 10.2 / 11.0 / 12.0 / current : firefox (SSA:2007-331-01) |
NASL family | Scientific Linux Local Security Checks | NASL id | SL_20071219_THUNDERBIRD_ON_SL5_X.NASL | description | A cross-site scripting flaw was found in the way Thunderbird handled
the jar: URI scheme. It may be possible for a malicious HTML mail
message to leverage this flaw, and conduct a cross-site scripting
attack against a user running Thunderbird. (CVE-2007-5947)
Several flaws were found in the way Thunderbird processed certain
malformed HTML mail content. A HTML mail message containing malicious
content could cause Thunderbird to crash, or potentially execute
arbitrary code as the user running Thunderbird. (CVE-2007-5959)
A race condition existed when Thunderbird set the 'window.location'
property when displaying HTML mail content. This flaw could allow a
HTML mail message to set an arbitrary Referer header, which may lead
to a Cross-site Request Forgery (CSRF) attack against websites that
rely only on the Referer header for protection. (CVE-2007-5960) | last seen | 2019-01-16 | modified | 2019-01-07 | plugin id | 60338 | published | 2012-08-01 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=60338 | title | Scientific Linux Security Update : thunderbird on SL5.x, SL4.x i386/x86_64 |
NASL family | CentOS Local Security Checks | NASL id | CENTOS_RHSA-2007-1082.NASL | description | Updated firefox packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the
Red Hat Security Response Team.
Mozilla Firefox is an open source Web browser.
A cross-site scripting flaw was found in the way Firefox handled the
jar: URI scheme. It was possible for a malicious website to leverage
this flaw and conduct a cross-site scripting attack against a user
running Firefox. (CVE-2007-5947)
Several flaws were found in the way Firefox processed certain
malformed web content. A webpage containing malicious content could
cause Firefox to crash, or potentially execute arbitrary code as the
user running Firefox. (CVE-2007-5959)
A race condition existed when Firefox set the 'window.location'
property for a webpage. This flaw could allow a webpage to set an
arbitrary Referer header, which may lead to a Cross-site Request
Forgery (CSRF) attack against websites that rely only on the Referer
header for protection. (CVE-2007-5960)
Users of Firefox are advised to upgrade to these updated packages,
which contain backported patches to resolve these issues. | last seen | 2019-01-16 | modified | 2018-11-10 | plugin id | 37591 | published | 2009-04-23 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=37591 | title | CentOS 4 : firefox (CESA-2007:1082) |
NASL family | Oracle Linux Local Security Checks | NASL id | ORACLELINUX_ELSA-2007-1082.NASL | description | From Red Hat Security Advisory 2007:1082 :
Updated firefox packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the
Red Hat Security Response Team.
Mozilla Firefox is an open source Web browser.
A cross-site scripting flaw was found in the way Firefox handled the
jar: URI scheme. It was possible for a malicious website to leverage
this flaw and conduct a cross-site scripting attack against a user
running Firefox. (CVE-2007-5947)
Several flaws were found in the way Firefox processed certain
malformed web content. A webpage containing malicious content could
cause Firefox to crash, or potentially execute arbitrary code as the
user running Firefox. (CVE-2007-5959)
A race condition existed when Firefox set the 'window.location'
property for a webpage. This flaw could allow a webpage to set an
arbitrary Referer header, which may lead to a Cross-site Request
Forgery (CSRF) attack against websites that rely only on the Referer
header for protection. (CVE-2007-5960)
Users of Firefox are advised to upgrade to these updated packages,
which contain backported patches to resolve these issues. | last seen | 2019-01-16 | modified | 2018-07-18 | plugin id | 67615 | published | 2013-07-12 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=67615 | title | Oracle Linux 4 / 5 : firefox (ELSA-2007-1082) |
NASL family | Fedora Local Security Checks | NASL id | FEDORA_2007-4098.NASL | description | - Sun Dec 2 2007 Kai Engert -
1.1.7-1
- SeaMonkey 1.1.7
- Mon Nov 5 2007 Kai Engert -
1.1.6-1
- SeaMonkey 1.1.6
- Fri Oct 19 2007 Kai Engert -
1.1.5-2
- SeaMonkey 1.1.5
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2016-12-08 | plugin id | 29266 | published | 2007-12-11 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=29266 | title | Fedora 8 : seamonkey-1.1.7-1.fc8 (2007-4098) |
NASL family | Windows | NASL id | NETSCAPE_BROWSER_9004.NASL | description | The installed version of Netscape is affected by various security
issues :
- Three bugs that can result in crashes with traces
of memory corruption
- A cross-site scripting vulnerability involving
support for the 'jar:' URI scheme
- A timing issue when setting the 'window.location'
property that could be leveraged to conduct
cross-site request forgery attacks. | last seen | 2019-01-16 | modified | 2018-07-16 | plugin id | 28377 | published | 2007-12-03 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=28377 | title | Netscape Browser < 9.0.0.4 Multiple Vulnerabilities |
NASL family | Red Hat Local Security Checks | NASL id | REDHAT-RHSA-2007-1084.NASL | description | Updated SeaMonkey packages that fix several security issues are now
available for Red Hat Enterprise Linux 2.1, 3, and 4.
This update has been rated as having critical security impact by the
Red Hat Security Response Team.
SeaMonkey is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.
A cross-site scripting flaw was found in the way SeaMonkey handled the
jar: URI scheme. It was possible for a malicious website to leverage
this flaw and conduct a cross-site scripting attack against a user
running SeaMonkey. (CVE-2007-5947)
Several flaws were found in the way SeaMonkey processed certain
malformed web content. A webpage containing malicious content could
cause SeaMonkey to crash, or potentially execute arbitrary code as the
user running SeaMonkey. (CVE-2007-5959)
A race condition existed when SeaMonkey set the 'window.location'
property for a webpage. This flaw could allow a webpage to set an
arbitrary Referer header, which may lead to a Cross-site Request
Forgery (CSRF) attack against websites that rely only on the Referer
header for protection. (CVE-2007-5960)
Users of SeaMonkey are advised to upgrade to these updated packages,
which contain backported patches to resolve these issues. | last seen | 2019-01-16 | modified | 2018-11-16 | plugin id | 28354 | published | 2007-11-29 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=28354 | title | RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2007:1084) |
NASL family | Oracle Linux Local Security Checks | NASL id | ORACLELINUX_ELSA-2007-1084.NASL | description | From Red Hat Security Advisory 2007:1084 :
Updated SeaMonkey packages that fix several security issues are now
available for Red Hat Enterprise Linux 2.1, 3, and 4.
This update has been rated as having critical security impact by the
Red Hat Security Response Team.
SeaMonkey is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.
A cross-site scripting flaw was found in the way SeaMonkey handled the
jar: URI scheme. It was possible for a malicious website to leverage
this flaw and conduct a cross-site scripting attack against a user
running SeaMonkey. (CVE-2007-5947)
Several flaws were found in the way SeaMonkey processed certain
malformed web content. A webpage containing malicious content could
cause SeaMonkey to crash, or potentially execute arbitrary code as the
user running SeaMonkey. (CVE-2007-5959)
A race condition existed when SeaMonkey set the 'window.location'
property for a webpage. This flaw could allow a webpage to set an
arbitrary Referer header, which may lead to a Cross-site Request
Forgery (CSRF) attack against websites that rely only on the Referer
header for protection. (CVE-2007-5960)
Users of SeaMonkey are advised to upgrade to these updated packages,
which contain backported patches to resolve these issues. | last seen | 2019-01-16 | modified | 2018-07-18 | plugin id | 67617 | published | 2013-07-12 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=67617 | title | Oracle Linux 3 : seamonkey (ELSA-2007-1084) |
NASL family | CentOS Local Security Checks | NASL id | CENTOS_RHSA-2007-1084.NASL | description | Updated SeaMonkey packages that fix several security issues are now
available for Red Hat Enterprise Linux 2.1, 3, and 4.
This update has been rated as having critical security impact by the
Red Hat Security Response Team.
SeaMonkey is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.
A cross-site scripting flaw was found in the way SeaMonkey handled the
jar: URI scheme. It was possible for a malicious website to leverage
this flaw and conduct a cross-site scripting attack against a user
running SeaMonkey. (CVE-2007-5947)
Several flaws were found in the way SeaMonkey processed certain
malformed web content. A webpage containing malicious content could
cause SeaMonkey to crash, or potentially execute arbitrary code as the
user running SeaMonkey. (CVE-2007-5959)
A race condition existed when SeaMonkey set the 'window.location'
property for a webpage. This flaw could allow a webpage to set an
arbitrary Referer header, which may lead to a Cross-site Request
Forgery (CSRF) attack against websites that rely only on the Referer
header for protection. (CVE-2007-5960)
Users of SeaMonkey are advised to upgrade to these updated packages,
which contain backported patches to resolve these issues. | last seen | 2019-01-16 | modified | 2018-11-10 | plugin id | 36661 | published | 2009-04-23 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=36661 | title | CentOS 3 / 4 : seamonkey (CESA-2007:1084) |
NASL family | Fedora Local Security Checks | NASL id | FEDORA_2007-3952.NASL | description | Updated firefox packages that fix several security issues are now
available for Fedora 7.
This update has been rated as having critical security impact by the
Fedora Security Response Team.
Mozilla Firefox is an open source Web browser.
A cross-site scripting flaw was found in the way Firefox handled the
jar: URI scheme. It was possible for a malicious website to leverage
this flaw and conduct a cross-site scripting attack against a user
running Firefox. (CVE-2007-5947)
Several flaws were found in the way Firefox processed certain
malformed web content. A web page containing malicious content could
cause Firefox to crash, or potentially execute arbitrary code as the
user running Firefox. (CVE-2007-5959)
A race condition existed when Firefox set the 'window.location'
property for a web page. This flaw could allow a web page to set an
arbitrary Referer header, which may lead to a Cross-site Request
Forgery (CSRF) attack against websites that rely only on the Referer
header for protection. (CVE-2007-5960)
Users of Firefox are advised to upgrade to these updated packages,
which contain backported patches to resolve these issues.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2016-12-08 | plugin id | 28345 | published | 2007-11-29 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=28345 | title | Fedora 7 : Miro-1.0-2.fc7 / blam-1.8.3-10.fc7 / chmsee-1.0.0-1.27.fc7 / devhelp-0.13-12.fc7 / etc (2007-3952) |
NASL family | Debian Local Security Checks | NASL id | DEBIAN_DSA-1424.NASL | description | Several remote vulnerabilities have been discovered in the Iceweasel
web browser, an unbranded version of the Firefox browser. The Common
Vulnerabilities and Exposures project identifies the following
problems :
- CVE-2007-5947
Jesse Ruderman and Petko D. Petkov discovered that the
URI handler for JAR archives allows cross-site
scripting.
- CVE-2007-5959
Several crashes in the layout engine were discovered,
which might allow the execution of arbitrary code.
- CVE-2007-5960
Gregory Fleischer discovered a race condition in the
handling of the 'window.location' property, which might
lead to cross-site request forgery.
The Mozilla products in the oldstable distribution (sarge) are no
longer supported with security updates. | last seen | 2019-01-16 | modified | 2018-11-10 | plugin id | 29259 | published | 2007-12-11 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=29259 | title | Debian DSA-1424-1 : iceweasel - several vulnerabilities |
NASL family | Gentoo Local Security Checks | NASL id | GENTOO_GLSA-200712-21.NASL | description | The remote host is affected by the vulnerability described in GLSA-200712-21
(Mozilla Firefox, SeaMonkey: Multiple vulnerabilities)
Jesse Ruderman and Petko D. Petkov reported that the jar protocol
handler in Mozilla Firefox and SeaMonkey does not properly check MIME
types (CVE-2007-5947). Gregory Fleischer reported that the
window.location property can be used to generate a fake HTTP Referer
(CVE-2007-5960). Multiple memory errors have also been reported
(CVE-2007-5959).
Impact :
A remote attacker could possibly exploit these vulnerabilities to
execute arbitrary code in the context of the browser and conduct
Cross-Site-Scripting or Cross-Site Request Forgery attacks.
Workaround :
There is no known workaround at this time. | last seen | 2019-01-16 | modified | 2018-07-11 | plugin id | 29818 | published | 2007-12-31 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=29818 | title | GLSA-200712-21 : Mozilla Firefox, SeaMonkey: Multiple vulnerabilities |
NASL family | Red Hat Local Security Checks | NASL id | REDHAT-RHSA-2007-1083.NASL | description | Updated thunderbird packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
Mozilla Thunderbird is a standalone mail and newsgroup client.
A cross-site scripting flaw was found in the way Thunderbird handled
the jar: URI scheme. It may be possible for a malicious HTML mail
message to leverage this flaw, and conduct a cross-site scripting
attack against a user running Thunderbird. (CVE-2007-5947)
Several flaws were found in the way Thunderbird processed certain
malformed HTML mail content. A HTML mail message containing malicious
content could cause Thunderbird to crash, or potentially execute
arbitrary code as the user running Thunderbird. (CVE-2007-5959)
A race condition existed when Thunderbird set the 'window.location'
property when displaying HTML mail content. This flaw could allow a
HTML mail message to set an arbitrary Referer header, which may lead
to a Cross-site Request Forgery (CSRF) attack against websites that
rely only on the Referer header for protection. (CVE-2007-5960)
All users of thunderbird are advised to upgrade to these updated
packages, which contain backported patches to resolve these issues. | last seen | 2019-01-16 | modified | 2018-11-16 | plugin id | 29773 | published | 2007-12-24 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=29773 | title | RHEL 4 / 5 : thunderbird (RHSA-2007:1083) |
|