##############################################################################
#
#  Mozilla Firefox JavaScript Key Filtering Variant Vulnerability (Linux)
#
#  Copyright: OS2A and it's member companies
#
#  Date Written: 2007/02/19
#
#  $Revision: 1.1 $
#
#  $Log: os2a_firefox_javascript_key_filter_linux_602024.nasl,v $
#  Revision 1.1  2007/02/23 07:18:21  schandan
#  To Production. Issue #3695
#
#  Revision 1.1  2007/02/21 06:28:34  jprajna
#  ------------------------------------------------------------------------
#  This program was written by OS2A and/or it's member companies and is
#  licensed under the GNU GPL license. Please see below for details. This
#  header contains information regarding licensing terms under the GPL, and
#  information regarding obtaining source code from the Author. Consequently,
#  pursuant to section 3(c) of the GPL, you must accompany the information
#  found in this header with any distribution you make of this Program.
#  ------------------------------------------------------------------------
##############################################################################


if(description)
{
 script_id(602024);
 script_bugtraq_id(22524);
 script_copyright(english:"Copyright (C) 2007 OS2A");
 script_version("$Revision: 1.1 $");
 script_category(ACT_GATHER_INFO);
 script_family(english:"Misc.");
 script_name(english:"Mozilla Firefox JavaScript Key Filtering Variant Vulnerability (Linux)");
 script_summary(english:"Check for vulnerable version of Mozilla Firefox");
 desc["english"] = "
 Overview : This host has Mozilla Firefox, a web browser installed which
 is prone to javascript key filtering variant vulnerability.

 The vulnerability is caused due to the browser fails to securely handle
 keystroke input from users.

 Exploitation requires victim interaction.

 Impact : Successful exploitation could allow remote attackers to download
 the full path of files that are manually typed by the users.

 Scope of impact is restricted to application level.

 Affected Software : Mozilla Firefox 2.0 and 2.0.0.1
                     Mozilla Firefox version 1.5.0.9 and prior

 Affected Platform : Any system running the affected software.

 Solution : No vendor supplied patch is available as on 23rd February 2007.
 Information regarding this issue will be updated once the solution details
 are available.
 For updates check, http://www.mozilla.com/en-US/firefox/

 References : https://bugzilla.mozilla.org/show_bug.cgi?id=370092

 CVSS Score :
        CVSS Base Score     : 2.8 (AV:R/AC:H/Au:NR/C:P/I:N/A:N/B:C)
        CVSS Temporal Score : 2.5
 Risk factor : Medium";
 script_description(english:desc["english"]);
 script_dependencies("ssh_get_info.nasl",
                     "os2a_linux_setkb_firefox_thunder_600079.nasl");
 script_require_keys("Host/uname", "Mozilla/Firefox/Linux/Version");
 exit(0);
}


 if(!egrep(pattern:"Linux|Darwin", string:get_kb_item("Host/uname"))){
	exit(0);
 }

 if(ereg(pattern:"^(0\..*|1\.0(\..*)?|1\.5(\.0\.[0-9])?|2(\.0($|\.0\.1)))$",
	 string:get_kb_item("Mozilla/Firefox/Linux/Version"))){
        security_warning(0);
 }