A vulnerability has been found and corrected in libvorbis :

If a specially crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application (CVE-2012-0444).

The updated packages have been patched to correct this issue.

The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format.

A heap-based buffer overflow flaw was found in the way the libvorbis library parsed Ogg Vorbis media files. If a specially crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
(CVE-2012-0444)

Users of libvorbis should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.

The remote Solaris system is missing necessary patches to address security updates :

  - Mozilla Firefox before 3.6.26 and 4.x through 9.0,     Thunderbird before 3.1.18 and 5.0 through 9.0, and     SeaMonkey before 2.7 do not properly initialize     nsChildView data structures, which allows remote     attackers to cause a denial of service (memory     corruption and application crash) or possibly execute     arbitrary code via a crafted Ogg Vorbis file.
    (CVE-2012-0444)

The remote OracleVM system is missing necessary patches to address critical security updates :

  - Backport fix for (CVE-2018-5146)

  - fix CVE-2012-0444 (#787077)

The installed version of Thunderbird is earlier than 10.0 and thus, is potentially affected by the following security issues :

  - A use-after-free error exists related to removed     nsDOMAttribute child nodes.(CVE-2011-3659)

  - Various memory safety issues exist. (CVE-2012-0442,     CVE-2012-0443)

  - Memory corruption errors exist related to the     decoding of Ogg Vorbis files and processing of     malformed XSLT stylesheets. (CVE-2012-0444,     CVE-2012-0449)

  - The HTML5 frame navigation policy can be violated by     allowing an attacker to replace a sub-frame in another     domain's document. (CVE-2012-0445)

  - Scripts in frames are able to bypass security     restrictions in XPConnect. This bypass can allow     malicious websites to carry out cross-site scripting     attacks. (CVE-2012-0446)

  - An information disclosure issue exists when     uninitialized memory is used as padding when encoding     icon images. (CVE-2012-0447)

Security issues were identified and fixed in mozilla firefox and thunderbird :

Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes (CVE-2011-3659).

Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages (CVE-2011-3670).

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2012-0442).

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2012-0443).

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file (CVE-2012-0444).

Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute (CVE-2012-0445).

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects (CVE-2012-0446).

Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image (CVE-2012-0447).

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document (CVE-2012-0449).

Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations (CVE-2012-0450).

Additionally the libvpx packages has been upgraded to the 0.9.7 version for Mandriva Linux 2011 which is required by firefox 10.0.

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0079 advisory.

    firefox:
    [3.6.26-1.0.1.el6_2]
    - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones

    [3.6.26-1]
    - Update to 3.6.26

    xulrunner:

    [1.9.2.26-1.0.1.el6_2]
    - Replace xulrunner-redhat-default-prefs.js with       xulrunner-oracle-default-prefs.js

    [1.9.2.26-1]
    - Update to 1.9.2.26

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Mozilla SeaMonkey was updated to 2.7 security update, fixing security issues and bugs. Following security bugs were fixed :

MFSA 2012-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References

CVE-2012-0442: Jesse Ruderman and Bob Clary reported memory safety problems that were fixed in both Firefox 10 and Firefox 3.6.26.

MFSA 2012-02/CVE-2011-3670: For historical reasons Firefox has been generous in its interpretation of web addresses containing square brackets around the host. If this host was not a valid IPv6 literal address, Firefox attempted to interpret the host as a regular domain name. Gregory Fleischer reported that requests made using IPv6 syntax using XMLHttpRequest objects through a proxy may generate errors depending on proxy configuration for IPv6. The resulting error messages from the proxy may disclose sensitive data because Same-Origin Policy (SOP) will allow the XMLHttpRequest object to read these error messages, allowing user privacy to be eroded. Firefox now enforces RFC 3986 IPv6 literal syntax and that may break links written using the non-standard Firefox-only forms that were previously accepted.

This was fixed previously for Firefox 7.0, Thunderbird 7.0, and SeaMonkey 2.4 but only fixed in Firefox 3.6.26 and Thunderbird 3.1.18 during 2012.

MFSA 2012-04/CVE-2011-3659: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that removed child nodes of nsDOMAttribute can be accessed under certain circumstances because of a premature notification of AttributeChildRemoved. This use-after-free of the child nodes could possibly allow for for remote code execution.

MFSA 2012-07/CVE-2012-0444: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative the possibility of memory corruption during the decoding of Ogg Vorbis files. This can cause a crash during decoding and has the potential for remote code execution.

MFSA 2012-08/CVE-2012-0449: Security researchers Nicolas Gregoire and Aki Helin independently reported that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to a memory corruption. While there is no evidence that this is directly exploitable, there is a possibility of remote code execution.

ID	Name	Product	Family	Published	Updated	Severity
58585	Mandriva Linux Security Advisory : libvorbis (MDVSA-2012:052)	Nessus	Mandriva Local Security Checks	4/4/2012	1/6/2021	critical
61249	Scientific Linux Security Update : libvorbis on SL4.x, SL5.x, SL6.x i386/x86_64 (20120215)	Nessus	Scientific Linux Local Security Checks	8/1/2012	1/14/2021	critical
80686	Oracle Solaris Third-Party Patch Update : libvorbis (cve_2012_0444_memory_corruption)	Nessus	Solaris Local Security Checks	1/19/2015	1/14/2021	critical
108940	OracleVM 3.4 : libvorbis (OVMSA-2018-0030)	Nessus	OracleVM Local Security Checks	4/10/2018	11/12/2024	high
57770	Mozilla Thunderbird < 10.0 Multiple Vulnerabilities	Nessus	Windows	2/1/2012	11/15/2018	high
57833	Mandriva Linux Security Advisory : mozilla (MDVSA-2012:013)	Nessus	Mandriva Local Security Checks	2/6/2012	1/6/2021	critical
68443	Oracle Linux 5 / 6 : firefox (ELSA-2012-0079)	Nessus	Oracle Linux Local Security Checks	7/12/2013	10/22/2024	critical
76026	openSUSE Security Update : seamonkey (seamonkey-5768)	Nessus	SuSE Local Security Checks	6/13/2014	1/19/2021	critical

Detections

Analytics

Plugins Search

critical

critical

critical

high

high

critical

critical

critical