Vulnerabilities > CVE-2014-1554 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

mozilla

CWE-119

critical

nessus

NVD

Published: 2014-09-03

Updated: 2017-01-07

Summary

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Vulnerable Configurations

Part	Description	Count
Application	Mozilla Mozilla Firefox 30.0 Mozilla Firefox 31.0 Mozilla Firefox - Mozilla Firefox 0.1 Mozilla Firefox 0.2 Mozilla Firefox 0.3 Mozilla Firefox 0.4 Mozilla Firefox 0.5 Mozilla Firefox 0.6 Mozilla Firefox 0.6.1 Mozilla Firefox 0.7 Mozilla Firefox 0.7.1 Mozilla Firefox 0.8 Mozilla Firefox 0.9 Mozilla Firefox 0.9.1 Mozilla Firefox 0.9.2 Mozilla Firefox 0.9.3 Mozilla Firefox 0.10 Mozilla Firefox 0.10.1 Mozilla Firefox 1.0 Mozilla Firefox 1.0.1 Mozilla Firefox 1.0.2 Mozilla Firefox 1.0.3 Mozilla Firefox 1.0.4 Mozilla Firefox 1.0.5 Mozilla Firefox 1.0.6 Mozilla Firefox 1.0.7 Mozilla Firefox 1.0.8 Mozilla Firefox 1.4.1 Mozilla Firefox 1.5 Mozilla Firefox 1.5.0.1 Mozilla Firefox 1.5.0.2 Mozilla Firefox 1.5.0.3 Mozilla Firefox 1.5.0.4 Mozilla Firefox 1.5.0.5 Mozilla Firefox 1.5.0.6 Mozilla Firefox 1.5.0.7 Mozilla Firefox 1.5.0.8 Mozilla Firefox 1.5.0.9 Mozilla Firefox 1.5.0.10 Mozilla Firefox 1.5.0.11 Mozilla Firefox 1.5.0.12 Mozilla Firefox 1.5.1 Mozilla Firefox 1.5.2 Mozilla Firefox 1.5.3 Mozilla Firefox 1.5.4 Mozilla Firefox 1.5.5 Mozilla Firefox 1.5.6 Mozilla Firefox 1.5.7 Mozilla Firefox 1.5.8 Mozilla Firefox 1.8 Mozilla Firefox 2.0 Mozilla Firefox 2.0.0.1 Mozilla Firefox 2.0.0.2 Mozilla Firefox 2.0.0.3 Mozilla Firefox 2.0.0.4 Mozilla Firefox 2.0.0.5 Mozilla Firefox 2.0.0.6 Mozilla Firefox 2.0.0.7 Mozilla Firefox 2.0.0.8 Mozilla Firefox 2.0.0.9 Mozilla Firefox 2.0.0.10 Mozilla Firefox 2.0.0.11 Mozilla Firefox 2.0.0.12 Mozilla Firefox 2.0.0.13 Mozilla Firefox 2.0.0.14 Mozilla Firefox 2.0.0.15 Mozilla Firefox 2.0.0.16 Mozilla Firefox 2.0.0.17 Mozilla Firefox 2.0.0.18 Mozilla Firefox 2.0.0.19 Mozilla Firefox 2.0.0.20 Mozilla Firefox 3.0 Mozilla Firefox 3.0.1 Mozilla Firefox 3.0.2 Mozilla Firefox 3.0.3 Mozilla Firefox 3.0.4 Mozilla Firefox 3.0.5 Mozilla Firefox 3.0.6 Mozilla Firefox 3.0.7 Mozilla Firefox 3.0.8 Mozilla Firefox 3.0.9 Mozilla Firefox 3.0.10 Mozilla Firefox 3.0.11 Mozilla Firefox 3.0.12 Mozilla Firefox 3.0.13 Mozilla Firefox 3.0.14 Mozilla Firefox 3.0.15 Mozilla Firefox 3.0.16 Mozilla Firefox 3.0.17 Mozilla Firefox 3.0.18 Mozilla Firefox 3.0.19 Mozilla Firefox 3.5 Mozilla Firefox 3.5.1 Mozilla Firefox 3.5.2 Mozilla Firefox 3.5.3 Mozilla Firefox 3.5.4 Mozilla Firefox 3.5.5 Mozilla Firefox 3.5.6 Mozilla Firefox 3.5.7 Mozilla Firefox 3.5.8 Mozilla Firefox 3.5.9 Mozilla Firefox 3.5.10 Mozilla Firefox 3.5.11 Mozilla Firefox 3.5.12 Mozilla Firefox 3.5.13 Mozilla Firefox 3.5.14 Mozilla Firefox 3.5.15 Mozilla Firefox 3.5.16 Mozilla Firefox 3.5.17 Mozilla Firefox 3.5.18 Mozilla Firefox 3.5.19 Mozilla Firefox 3.6 Mozilla Firefox 3.6.2 Mozilla Firefox 3.6.3 Mozilla Firefox 3.6.4 Mozilla Firefox 3.6.6 Mozilla Firefox 3.6.7 Mozilla Firefox 3.6.8 Mozilla Firefox 3.6.9 Mozilla Firefox 3.6.10 Mozilla Firefox 3.6.11 Mozilla Firefox 3.6.12 Mozilla Firefox 3.6.13 Mozilla Firefox 3.6.14 Mozilla Firefox 3.6.15 Mozilla Firefox 3.6.16 Mozilla Firefox 3.6.17 Mozilla Firefox 3.6.18 Mozilla Firefox 3.6.19 Mozilla Firefox 3.6.20 Mozilla Firefox 3.6.21 Mozilla Firefox 3.6.22 Mozilla Firefox 3.6.23 Mozilla Firefox 3.6.24 Mozilla Firefox 3.6.25 Mozilla Firefox 3.6.26 Mozilla Firefox 3.6.27 Mozilla Firefox 3.6.28 Mozilla Firefox 4.0 Mozilla Firefox 4.0.1 Mozilla Firefox 5.0 Mozilla Firefox 5.0.1 Mozilla Firefox 6.0 Mozilla Firefox 6.0.1 Mozilla Firefox 6.0.2 Mozilla Firefox 7.0 Mozilla Firefox 7.0.1 Mozilla Firefox 8.0 Mozilla Firefox 8.0.1 Mozilla Firefox 9.0 Mozilla Firefox 9.0.1 Mozilla Firefox 10.0 Mozilla Firefox 10.0.1 Mozilla Firefox 10.0.2 Mozilla Firefox 10.0.3 Mozilla Firefox 10.0.4 Mozilla Firefox 10.0.5 Mozilla Firefox 10.0.6 Mozilla Firefox 10.0.7 Mozilla Firefox 10.0.8 Mozilla Firefox 10.0.9 Mozilla Firefox 10.0.10 Mozilla Firefox 10.0.11 Mozilla Firefox 10.0.12 Mozilla Firefox 11.0 Mozilla Firefox 12.0 Mozilla Firefox 13.0 Mozilla Firefox 13.0.1 Mozilla Firefox 14.0 Mozilla Firefox 14.0.1 Mozilla Firefox 15.0 Mozilla Firefox 15.0.1 Mozilla Firefox 16.0 Mozilla Firefox 16.0.1 Mozilla Firefox 16.0.2 Mozilla Firefox 17.0 Mozilla Firefox 17.0.1 Mozilla Firefox 17.0.2 Mozilla Firefox 17.0.3 Mozilla Firefox 17.0.4 Mozilla Firefox 17.0.5 Mozilla Firefox 17.0.6 Mozilla Firefox 17.0.7 Mozilla Firefox 17.0.8 Mozilla Firefox 17.0.9 Mozilla Firefox 17.0.10 Mozilla Firefox 17.0.11 Mozilla Firefox 18.0 Mozilla Firefox 18.0.1 Mozilla Firefox 18.0.2 Mozilla Firefox 19.0 Mozilla Firefox 19.0.1 Mozilla Firefox 19.0.2 Mozilla Firefox 20.0 Mozilla Firefox 20.0.1 Mozilla Firefox 21.0 Mozilla Firefox 22.0 Mozilla Firefox 23.0 Mozilla Firefox 23.0.1 Mozilla Firefox 24.0 Mozilla Firefox 24.1 Mozilla Firefox 24.1.0 Mozilla Firefox 24.1.1 Mozilla Firefox 24.2.0 Mozilla Firefox 24.3.0 Mozilla Firefox 24.4.0 Mozilla Firefox 24.5.0 Mozilla Firefox 24.6.0 Mozilla Firefox 24.7.0 Mozilla Firefox 24.8.0 Mozilla Firefox 24.8.1 Mozilla Firefox 25.0 Mozilla Firefox 25.0.1 Mozilla Firefox 26.0 Mozilla Firefox 27.0 Mozilla Firefox 27.0.1 Mozilla Firefox 28.0 Mozilla Firefox 29.0 Mozilla Firefox 29.0.1 Mozilla Firefox 31.1.0	240

Common Weakness Enumeration (CWE)

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201504-01.NASL
description	The remote host is affected by the vulnerability described in GLSA-201504-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround : There are no known workarounds at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	82632
published	2015-04-08
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/82632
title	GLSA-201504-01 : Mozilla Products: Multiple vulnerabilities
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201504-01. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(82632); script_version("1.7"); script_cvs_date("Date: 2019/08/12 17:35:38"); script_cve_id("CVE-2013-1741", "CVE-2013-2566", "CVE-2013-5590", "CVE-2013-5591", "CVE-2013-5592", "CVE-2013-5593", "CVE-2013-5595", "CVE-2013-5596", "CVE-2013-5597", "CVE-2013-5598", "CVE-2013-5599", "CVE-2013-5600", "CVE-2013-5601", "CVE-2013-5602", "CVE-2013-5603", "CVE-2013-5604", "CVE-2013-5605", "CVE-2013-5606", "CVE-2013-5607", "CVE-2013-5609", "CVE-2013-5610", "CVE-2013-5612", "CVE-2013-5613", "CVE-2013-5614", "CVE-2013-5615", "CVE-2013-5616", "CVE-2013-5618", "CVE-2013-5619", "CVE-2013-6671", "CVE-2013-6672", "CVE-2013-6673", "CVE-2014-1477", "CVE-2014-1478", "CVE-2014-1479", "CVE-2014-1480", "CVE-2014-1481", "CVE-2014-1482", "CVE-2014-1483", "CVE-2014-1485", "CVE-2014-1486", "CVE-2014-1487", "CVE-2014-1488", "CVE-2014-1489", "CVE-2014-1490", "CVE-2014-1491", "CVE-2014-1492", "CVE-2014-1493", "CVE-2014-1494", "CVE-2014-1496", "CVE-2014-1497", "CVE-2014-1498", "CVE-2014-1499", "CVE-2014-1500", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1505", "CVE-2014-1508", "CVE-2014-1509", "CVE-2014-1510", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1513", "CVE-2014-1514", "CVE-2014-1518", "CVE-2014-1519", "CVE-2014-1520", "CVE-2014-1522", "CVE-2014-1523", "CVE-2014-1524", "CVE-2014-1525", "CVE-2014-1526", "CVE-2014-1529", "CVE-2014-1530", "CVE-2014-1531", "CVE-2014-1532", "CVE-2014-1533", "CVE-2014-1534", "CVE-2014-1536", "CVE-2014-1537", "CVE-2014-1538", "CVE-2014-1539", "CVE-2014-1540", "CVE-2014-1541", "CVE-2014-1542", "CVE-2014-1543", "CVE-2014-1544", "CVE-2014-1545", "CVE-2014-1547", "CVE-2014-1548", "CVE-2014-1549", "CVE-2014-1550", "CVE-2014-1551", "CVE-2014-1552", "CVE-2014-1553", "CVE-2014-1554", "CVE-2014-1555", "CVE-2014-1556", "CVE-2014-1557", "CVE-2014-1558", "CVE-2014-1559", "CVE-2014-1560", "CVE-2014-1561", "CVE-2014-1562", "CVE-2014-1563", "CVE-2014-1564", "CVE-2014-1565", "CVE-2014-1566", "CVE-2014-1567", "CVE-2014-1568", "CVE-2014-1574", "CVE-2014-1575", "CVE-2014-1576", "CVE-2014-1577", "CVE-2014-1578", "CVE-2014-1580", "CVE-2014-1581", "CVE-2014-1582", "CVE-2014-1583", "CVE-2014-1584", "CVE-2014-1585", "CVE-2014-1586", "CVE-2014-1587", "CVE-2014-1588", "CVE-2014-1589", "CVE-2014-1590", "CVE-2014-1591", "CVE-2014-1592", "CVE-2014-1593", "CVE-2014-1594", "CVE-2014-5369", "CVE-2014-8631", "CVE-2014-8632", "CVE-2014-8634", "CVE-2014-8635", "CVE-2014-8636", "CVE-2014-8637", "CVE-2014-8638", "CVE-2014-8639", "CVE-2014-8640", "CVE-2014-8641", "CVE-2014-8642", "CVE-2015-0817", "CVE-2015-0818", "CVE-2015-0819", "CVE-2015-0820", "CVE-2015-0821", "CVE-2015-0822", "CVE-2015-0823", "CVE-2015-0824", "CVE-2015-0825", "CVE-2015-0826", "CVE-2015-0827", "CVE-2015-0828", "CVE-2015-0829", "CVE-2015-0830", "CVE-2015-0831", "CVE-2015-0832", "CVE-2015-0833", "CVE-2015-0834", "CVE-2015-0835", "CVE-2015-0836"); script_xref(name:"GLSA", value:"201504-01"); script_name(english:"GLSA-201504-01 : Mozilla Products: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201504-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround : There are no known workarounds at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201504-01" ); script_set_attribute( attribute:"solution", value: "All firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/firefox-31.5.3' All firefox-bin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-31.5.3' All thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-31.5.0' All thunderbird-bin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-bin-31.5.0' All seamonkey users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/seamonkey-2.33.1' All seamonkey-bin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-2.33.1' All nspr users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-libs/nspr-4.10.6'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox Proxy Prototype Privileged Javascript Injection'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firefox-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:thunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:thunderbird-bin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/15"); script_set_attribute(attribute:"patch_publication_date", value:"2015/04/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-libs/nspr", unaffected:make_list("ge 4.10.6"), vulnerable:make_list("lt 4.10.6"))) flag++; if (qpkg_check(package:"www-client/firefox-bin", unaffected:make_list("ge 31.5.3"), vulnerable:make_list("lt 31.5.3"))) flag++; if (qpkg_check(package:"www-client/seamonkey", unaffected:make_list("ge 2.33.1"), vulnerable:make_list("lt 2.33.1"))) flag++; if (qpkg_check(package:"www-client/seamonkey-bin", unaffected:make_list("ge 2.33.1"), vulnerable:make_list("lt 2.33.1"))) flag++; if (qpkg_check(package:"mail-client/thunderbird-bin", unaffected:make_list("ge 31.5.0"), vulnerable:make_list("lt 31.5.0"))) flag++; if (qpkg_check(package:"www-client/firefox", unaffected:make_list("ge 31.5.3"), vulnerable:make_list("lt 31.5.3"))) flag++; if (qpkg_check(package:"mail-client/thunderbird", unaffected:make_list("ge 31.5.0"), vulnerable:make_list("lt 31.5.0"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla Products"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2014-530.NASL
description	Mozilla Firefox was updated to Firefox 32 fixing security issues and bugs. Security issues fixed: MFSA 2014-72 / CVE-2014-1567: Security researcher regenrecht reported, via TippingPoint
last seen	2020-06-05
modified	2014-09-11
plugin id	77618
published	2014-09-11
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/77618
title	openSUSE Security Update : MozillaFirefox (openSUSE-SU-2014:1099-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014-530. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(77618); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-1553", "CVE-2014-1554", "CVE-2014-1562", "CVE-2014-1563", "CVE-2014-1564", "CVE-2014-1565", "CVE-2014-1567"); script_name(english:"openSUSE Security Update : MozillaFirefox (openSUSE-SU-2014:1099-1)"); script_summary(english:"Check for the openSUSE-2014-530 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Mozilla Firefox was updated to Firefox 32 fixing security issues and bugs. Security issues fixed: MFSA 2014-72 / CVE-2014-1567: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with the setting of text direction. This results in a use-after-free which can lead to arbitrary code execution. MFSA 2014-70 / CVE-2014-1565: Security researcher Holger Fuhrmannek discovered an out-of-bounds read during the creation of an audio timeline in Web Audio. This results in a crash and could allow for the reading of random memory values. MFSA 2014-69 / CVE-2014-1564: Google security researcher Michal Zalewski discovered that when a malformated GIF image is rendered in certain circumstances, memory is not properly initialized before use. The resulting image then uses this memory during rendering. This could allow for the a script in web content to access this uninitialized memory using the <canvas> feature. MFSA 2014-68 / CVE-2014-1563: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a use-after-free during cycle collection. This was found in interactions with the SVG content through the document object model (DOM) with animating SVG content. This leads to a potentially exploitable crash. MFSA 2014-67: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jan de Mooij reported a memory safety problem that affects Firefox ESR 24.7, ESR 31 and Firefox 31. (CVE-2014-1562) Christian Holler, Jan de Mooij, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman, and JW Wang reported memory safety problems and crashes that affect Firefox ESR 31 and Firefox 31. (CVE-2014-1553) Gary Kwong, Christian Holler, and David Weir reported memory safety problems and crashes that affect Firefox 31. (CVE-2014-1554) Mozilla NSS was updated to 3.16.4: Notable Changes : - The following 1024-bit root CA certificate was restored to allow more time to develop a better transition strategy for affected sites. It was removed in NSS 3.16.3, but discussion in the mozilla.dev.security.policy forum led to the decision to keep this root included longer in order to give website administrators more time to update their web servers. - CN = GTE CyberTrust Global Root - In NSS 3.16.3, the 1024-bit 'Entrust.net Secure Server Certification Authority' root CA certificate was removed. In NSS 3.16.4, a 2048-bit intermediate CA certificate has been included, without explicit trust. The intention is to mitigate the effects of the previous removal of the 1024-bit Entrust.net root certificate, because many public Internet sites still use the 'USERTrust Legacy Secure Server CA' intermediate certificate that is signed by the 1024-bit Entrust.net root certificate. The inclusion of the intermediate certificate is a temporary measure to allow those sites to function, by allowing them to find a trust path to another 2048-bit root CA certificate. The temporarily included intermediate certificate expires November 1, 2015." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=894201" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=894370" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html" ); script_set_attribute( attribute:"solution", value:"Update the affected MozillaFirefox packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.3\|SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3 / 13.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-31.1.0-1.86.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-branding-upstream-31.1.0-1.86.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-buildsymbols-31.1.0-1.86.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-debuginfo-31.1.0-1.86.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-debugsource-31.1.0-1.86.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-devel-31.1.0-1.86.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-translations-common-31.1.0-1.86.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-translations-other-31.1.0-1.86.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libfreebl3-3.16.4-1.51.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libfreebl3-debuginfo-3.16.4-1.51.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libsoftokn3-3.16.4-1.51.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libsoftokn3-debuginfo-3.16.4-1.51.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-3.16.4-1.51.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-certs-3.16.4-1.51.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-certs-debuginfo-3.16.4-1.51.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-debuginfo-3.16.4-1.51.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-debugsource-3.16.4-1.51.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-devel-3.16.4-1.51.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-sysinit-3.16.4-1.51.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-sysinit-debuginfo-3.16.4-1.51.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-tools-3.16.4-1.51.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-tools-debuginfo-3.16.4-1.51.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libfreebl3-32bit-3.16.4-1.51.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.16.4-1.51.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libsoftokn3-32bit-3.16.4-1.51.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.16.4-1.51.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-32bit-3.16.4-1.51.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.16.4-1.51.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.16.4-1.51.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.16.4-1.51.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.16.4-1.51.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.16.4-1.51.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-31.1.0-42.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-branding-upstream-31.1.0-42.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-buildsymbols-31.1.0-42.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-debuginfo-31.1.0-42.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-debugsource-31.1.0-42.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-devel-31.1.0-42.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-translations-common-31.1.0-42.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-translations-other-31.1.0-42.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libfreebl3-3.16.4-35.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libfreebl3-debuginfo-3.16.4-35.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsoftokn3-3.16.4-35.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsoftokn3-debuginfo-3.16.4-35.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-3.16.4-35.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-certs-3.16.4-35.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-certs-debuginfo-3.16.4-35.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-debuginfo-3.16.4-35.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-debugsource-3.16.4-35.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-devel-3.16.4-35.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-sysinit-3.16.4-35.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-sysinit-debuginfo-3.16.4-35.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-tools-3.16.4-35.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-tools-debuginfo-3.16.4-35.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libfreebl3-32bit-3.16.4-35.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.16.4-35.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsoftokn3-32bit-3.16.4-35.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.16.4-35.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-32bit-3.16.4-35.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.16.4-35.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.16.4-35.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.16.4-35.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.16.4-35.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.16.4-35.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox"); }

NASL family	Windows
NASL id	MOZILLA_FIREFOX_32.NASL
description	The version of Firefox installed on the remote host is a version prior to 32.0. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1553, CVE-2014-1554, CVE-2014-1562) - A use-after-free vulnerability exists due to improper cycle collection when processing animated SVG content. A remote attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2014-1563) - Memory is not properly initialized during GIF rendering. Using a specially crafted web script, a remote attacker can exploit this to acquire sensitive information from the process memory. (CVE-2014-1564) - The Web Audio API contains a flaw where audio timelines are properly created. Using specially crafted API calls, a remote attacker can exploit this to acquire sensitive information from the process memory or cause a denial of service. (CVE-2014-1565) - A use-after-free vulnerability exists due to improper handling of text layout in directionality resolution. A remote attacker can exploit this to execute arbitrary code. (CVE-2014-1567)
last seen	2020-06-01
modified	2020-06-02
plugin id	77500
published	2014-09-03
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/77500
title	Firefox < 32.0 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(77500); script_version("1.8"); script_cvs_date("Date: 2019/11/25"); script_cve_id( "CVE-2014-1553", "CVE-2014-1554", "CVE-2014-1562", "CVE-2014-1563", "CVE-2014-1564", "CVE-2014-1565", "CVE-2014-1567" ); script_bugtraq_id( 69519, 69520, 69521, 69523, 69524, 69525, 69526 ); script_name(english:"Firefox < 32.0 Multiple Vulnerabilities"); script_summary(english:"Checks the version of Firefox."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a web browser that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Firefox installed on the remote host is a version prior to 32.0. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1553, CVE-2014-1554, CVE-2014-1562) - A use-after-free vulnerability exists due to improper cycle collection when processing animated SVG content. A remote attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2014-1563) - Memory is not properly initialized during GIF rendering. Using a specially crafted web script, a remote attacker can exploit this to acquire sensitive information from the process memory. (CVE-2014-1564) - The Web Audio API contains a flaw where audio timelines are properly created. Using specially crafted API calls, a remote attacker can exploit this to acquire sensitive information from the process memory or cause a denial of service. (CVE-2014-1565) - A use-after-free vulnerability exists due to improper handling of text layout in directionality resolution. A remote attacker can exploit this to execute arbitrary code. (CVE-2014-1567)"); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/533357/30/0/threaded"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-67.html"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-68.html"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-69.html"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-70.html"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2014-71/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-72.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Firefox 32.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-1563"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/02"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/03"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Firefox/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item("SMB/transport"); if (!port) port = 445; installs = get_kb_list("SMB/Mozilla/Firefox/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox"); mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'32.0', severity:SECURITY_HOLE, xss:FALSE);

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2014-612.NASL
description	- update to Firefox 33.0 (bnc#900941) New features : - OpenH264 support (sandboxed) - Enhanced Tiles - Improved search experience through the location bar - Slimmer and faster JavaScript strings - New CSP (Content Security Policy) backend - Support for connecting to HTTP proxy over HTTPS - Improved reliability of the session restoration - Proprietary window.crypto properties/functions removed Security : - MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 Miscellaneous memory safety hazards - MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation - MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms - MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video - MFSA 2014-78/CVE-2014-1580 (bmo#1063733) Further uninitialized memory use during GIF rendering - MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality - MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190) Key pinning bypasses - MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe - MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API (only relevant for installed web apps) - requires NSPR 4.10.7 - requires NSS 3.17.1 - removed obsolete patches : - mozilla-ppc.patch - mozilla-libproxy-compat.patch - added basic appdata information - update to SeaMonkey 2.30 (bnc#900941) - venkman debugger removed from application and therefore obsolete package seamonkey-venkman - MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 Miscellaneous memory safety hazards - MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation - MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms - MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video - MFSA 2014-78/CVE-2014-1580 (bmo#1063733) Further uninitialized memory use during GIF rendering - MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality - MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190) Key pinning bypasses - MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe - MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API (only relevant for installed web apps) - requires NSPR 4.10.7 - requires NSS 3.17.1 - removed obsolete patches : - mozilla-ppc.patch - mozilla-libproxy-compat.patch Changes in mozilla-nss : - update to 3.17.1 (bnc#897890) - Change library
last seen	2020-06-05
modified	2014-11-03
plugin id	78818
published	2014-11-03
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78818
title	openSUSE Security Update : firefox / mozilla-nspr / mozilla-nss (openSUSE-SU-2014:1344-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014-612. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(78818); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-1554", "CVE-2014-1574", "CVE-2014-1575", "CVE-2014-1576", "CVE-2014-1577", "CVE-2014-1578", "CVE-2014-1580", "CVE-2014-1581", "CVE-2014-1582", "CVE-2014-1583", "CVE-2014-1584", "CVE-2014-1585", "CVE-2014-1586"); script_name(english:"openSUSE Security Update : firefox / mozilla-nspr / mozilla-nss (openSUSE-SU-2014:1344-1)"); script_summary(english:"Check for the openSUSE-2014-612 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: " - update to Firefox 33.0 (bnc#900941) New features : - OpenH264 support (sandboxed) - Enhanced Tiles - Improved search experience through the location bar - Slimmer and faster JavaScript strings - New CSP (Content Security Policy) backend - Support for connecting to HTTP proxy over HTTPS - Improved reliability of the session restoration - Proprietary window.crypto properties/functions removed Security : - MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 Miscellaneous memory safety hazards - MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation - MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms - MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video - MFSA 2014-78/CVE-2014-1580 (bmo#1063733) Further uninitialized memory use during GIF rendering - MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality - MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190) Key pinning bypasses - MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe - MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API (only relevant for installed web apps) - requires NSPR 4.10.7 - requires NSS 3.17.1 - removed obsolete patches : - mozilla-ppc.patch - mozilla-libproxy-compat.patch - added basic appdata information - update to SeaMonkey 2.30 (bnc#900941) - venkman debugger removed from application and therefore obsolete package seamonkey-venkman - MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 Miscellaneous memory safety hazards - MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation - MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms - MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video - MFSA 2014-78/CVE-2014-1580 (bmo#1063733) Further uninitialized memory use during GIF rendering - MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality - MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190) Key pinning bypasses - MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe - MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API (only relevant for installed web apps) - requires NSPR 4.10.7 - requires NSS 3.17.1 - removed obsolete patches : - mozilla-ppc.patch - mozilla-libproxy-compat.patch Changes in mozilla-nss : - update to 3.17.1 (bnc#897890) - Change library's signature algorithm default to SHA256 - Add support for draft-ietf-tls-downgrade-scsv - Add clang-cl support to the NSS build system - Implement TLS 1.3 : - Part 1. Negotiate TLS 1.3 - Part 2. Remove deprecated cipher suites andcompression. - Add support for little-endian powerpc64 - update to 3.17 - required for Firefox 33 New functionality : - When using ECDHE, the TLS server code may be configured to generate a fresh ephemeral ECDH key for each handshake, by setting the SSL_REUSE_SERVER_ECDHE_KEY socket option to PR_FALSE. The SSL_REUSE_SERVER_ECDHE_KEY option defaults to PR_TRUE, which means the server's ephemeral ECDH key is reused for multiple handshakes. This option does not affect the TLS client code, which always generates a fresh ephemeral ECDH key for each handshake. New Macros - SSL_REUSE_SERVER_ECDHE_KEY Notable Changes : - The manual pages for the certutil and pp tools have been updated to document the new parameters that had been added in NSS 3.16.2. - On Windows, the new build variable USE_STATIC_RTL can be used to specify the static C runtime library should be used. By default the dynamic C runtime library is used. Changes in mozilla-nspr : - update to version 4.10.7 - bmo#836658: VC11+ defaults to SSE2 builds by default. - bmo#979278: TSan: data race nsprpub/pr/src/threads/prtpd.c:103 PR_NewThreadPrivateIndex. - bmo#1026129: Replace some manual declarations of MSVC intrinsics with #include <intrin.h>. - bmo#1026469: Use AC_CHECK_LIB instead of MOZ_CHECK_PTHREADS. Skip compiler checks when using MSVC, even when $CC is not literally 'cl'. - bmo#1034415: NSPR hardcodes the C compiler to cl on Windows. - bmo#1042408: Compilation fix for Android > API level 19. - bmo#1043082: NSPR's build system hardcodes -MD." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1012609" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1015540" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1026129" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1026469" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1034415" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1041512" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1042408" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1043082" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1049095" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1062876" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1062981" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1063327" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1063733" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1063971" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1066190" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1068218" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=836658" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=979278" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=894370" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=896624" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=897890" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=900941" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=901213" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html" ); script_set_attribute( attribute:"solution", value:"Update the affected firefox / mozilla-nspr / mozilla-nss packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-irc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-other"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-33.0-1.90.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-branding-upstream-33.0-1.90.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-buildsymbols-33.0-1.90.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-debuginfo-33.0-1.90.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-debugsource-33.0-1.90.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-devel-33.0-1.90.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-translations-common-33.0-1.90.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaFirefox-translations-other-33.0-1.90.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libfreebl3-3.17.1-1.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libfreebl3-debuginfo-3.17.1-1.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libsoftokn3-3.17.1-1.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libsoftokn3-debuginfo-3.17.1-1.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nspr-4.10.7-1.34.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nspr-debuginfo-4.10.7-1.34.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nspr-debugsource-4.10.7-1.34.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nspr-devel-4.10.7-1.34.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-3.17.1-1.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-certs-3.17.1-1.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-certs-debuginfo-3.17.1-1.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-debuginfo-3.17.1-1.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-debugsource-3.17.1-1.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-devel-3.17.1-1.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-sysinit-3.17.1-1.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-sysinit-debuginfo-3.17.1-1.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-tools-3.17.1-1.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"mozilla-nss-tools-debuginfo-3.17.1-1.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-2.30-1.61.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-debuginfo-2.30-1.61.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-debugsource-2.30-1.61.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-dom-inspector-2.30-1.61.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-irc-2.30-1.61.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-translations-common-2.30-1.61.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"seamonkey-translations-other-2.30-1.61.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libfreebl3-32bit-3.17.1-1.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.17.1-1.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libsoftokn3-32bit-3.17.1-1.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.17.1-1.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nspr-32bit-4.10.7-1.34.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nspr-debuginfo-32bit-4.10.7-1.34.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-32bit-3.17.1-1.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.17.1-1.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.17.1-1.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.17.1-1.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.17.1-1.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.17.1-1.59.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-upstream / etc"); }

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2329-1.NASL
description	Jan de Mooij, Christian Holler, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman, JW Wang and David Weir discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1553, CVE-2014-1554, CVE-2014-1562) Abhishek Arya discovered a use-after-free during DOM interactions with SVG. If a user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1563) Michal Zalewski discovered that memory is not initialized properly during GIF rendering in some circumstances. If a user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to steal confidential information. (CVE-2014-1564) Holger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or steal confidential information. (CVE-2014-1565) A use-after-free was discovered during text layout in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1567). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	77486
published	2014-09-03
reporter	Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/77486
title	Ubuntu 12.04 LTS / 14.04 LTS : firefox vulnerabilities (USN-2329-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2329-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(77486); script_version("1.12"); script_cvs_date("Date: 2019/09/19 12:54:30"); script_cve_id("CVE-2014-1553", "CVE-2014-1554", "CVE-2014-1562", "CVE-2014-1563", "CVE-2014-1564", "CVE-2014-1565", "CVE-2014-1567"); script_bugtraq_id(69519, 69520, 69521, 69523, 69524, 69525, 69526); script_xref(name:"USN", value:"2329-1"); script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS : firefox vulnerabilities (USN-2329-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Jan de Mooij, Christian Holler, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman, JW Wang and David Weir discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1553, CVE-2014-1554, CVE-2014-1562) Abhishek Arya discovered a use-after-free during DOM interactions with SVG. If a user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1563) Michal Zalewski discovered that memory is not initialized properly during GIF rendering in some circumstances. If a user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to steal confidential information. (CVE-2014-1564) Holger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or steal confidential information. (CVE-2014-1565) A use-after-free was discovered during text layout in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1567). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2329-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected firefox package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/03"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04\|14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"firefox", pkgver:"32.0+build1-0ubuntu0.12.04.1")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"firefox", pkgver:"32.0+build1-0ubuntu0.14.04.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox"); }

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_FIREFOX_32.NASL
description	The version of Firefox installed on the remote Mac OS X host is a version prior to 32.0. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1553, CVE-2014-1554, CVE-2014-1562) - A use-after-free vulnerability exists due to improper cycle collection when processing animated SVG content. A remote attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2014-1563) - Memory is not properly initialized during GIF rendering. Using a specially crafted web script, a remote attacker can exploit this to acquire sensitive information from the process memory. (CVE-2014-1564) - The Web Audio API contains a flaw where audio timelines are properly created. Using specially crafted API calls, a remote attacker can exploit this to acquire sensitive information from the process memory or cause a denial of service. (CVE-2014-1565) - A use-after-free vulnerability exists due to improper handling of text layout in directionality resolution. A remote attacker can exploit this to execute arbitrary code. (CVE-2014-1567)
last seen	2020-06-01
modified	2020-06-02
plugin id	77495
published	2014-09-03
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/77495
title	Firefox < 32.0 Multiple Vulnerabilities (Mac OS X)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(77495); script_version("1.8"); script_cvs_date("Date: 2019/11/25"); script_cve_id( "CVE-2014-1553", "CVE-2014-1554", "CVE-2014-1562", "CVE-2014-1563", "CVE-2014-1564", "CVE-2014-1565", "CVE-2014-1567" ); script_bugtraq_id( 69519, 69520, 69521, 69523, 69524, 69525, 69526 ); script_name(english:"Firefox < 32.0 Multiple Vulnerabilities (Mac OS X)"); script_summary(english:"Checks the version of Firefox."); script_set_attribute(attribute:"synopsis", value: "The remote Mac OS X host contains a web browser that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Firefox installed on the remote Mac OS X host is a version prior to 32.0. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1553, CVE-2014-1554, CVE-2014-1562) - A use-after-free vulnerability exists due to improper cycle collection when processing animated SVG content. A remote attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2014-1563) - Memory is not properly initialized during GIF rendering. Using a specially crafted web script, a remote attacker can exploit this to acquire sensitive information from the process memory. (CVE-2014-1564) - The Web Audio API contains a flaw where audio timelines are properly created. Using specially crafted API calls, a remote attacker can exploit this to acquire sensitive information from the process memory or cause a denial of service. (CVE-2014-1565) - A use-after-free vulnerability exists due to improper handling of text layout in directionality resolution. A remote attacker can exploit this to execute arbitrary code. (CVE-2014-1567)"); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/533357/30/0/threaded"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-67.html"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-68.html"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-69.html"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-70.html"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-72.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Firefox 32.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-1563"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/02"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/03"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_firefox_installed.nasl"); script_require_keys("MacOSX/Firefox/Installed"); exit(0); } include("mozilla_version.inc"); kb_base = "MacOSX/Firefox"; get_kb_item_or_exit(kb_base+"/Installed"); version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1); path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1); if (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.'); mozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'32.0', severity:SECURITY_HOLE, xss:FALSE);

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2014-611.NASL
description	- update to Firefox 33.0 (bnc#900941) New features : - OpenH264 support (sandboxed) - Enhanced Tiles - Improved search experience through the location bar - Slimmer and faster JavaScript strings - New CSP (Content Security Policy) backend - Support for connecting to HTTP proxy over HTTPS - Improved reliability of the session restoration - Proprietary window.crypto properties/functions removed Security : - MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 Miscellaneous memory safety hazards - MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation - MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms - MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video - MFSA 2014-78/CVE-2014-1580 (bmo#1063733) Further uninitialized memory use during GIF rendering - MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality - MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190) Key pinning bypasses - MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe - MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API (only relevant for installed web apps) - requires NSPR 4.10.7 - requires NSS 3.17.1 - removed obsolete patches : - mozilla-ppc.patch - mozilla-libproxy-compat.patch - added basic appdata information - update to SeaMonkey 2.30 (bnc#900941) - venkman debugger removed from application and therefore obsolete package seamonkey-venkman - MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 Miscellaneous memory safety hazards - MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation - MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms - MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video - MFSA 2014-78/CVE-2014-1580 (bmo#1063733) Further uninitialized memory use during GIF rendering - MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality - MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190) Key pinning bypasses - MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe - MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API (only relevant for installed web apps) - requires NSPR 4.10.7 - requires NSS 3.17.1 - removed obsolete patches : - mozilla-ppc.patch - mozilla-libproxy-compat.patch Changes in mozilla-nspr : - update to version 4.10.7 - bmo#836658: VC11+ defaults to SSE2 builds by default. - bmo#979278: TSan: data race nsprpub/pr/src/threads/prtpd.c:103 PR_NewThreadPrivateIndex. - bmo#1026129: Replace some manual declarations of MSVC intrinsics with #include <intrin.h>. - bmo#1026469: Use AC_CHECK_LIB instead of MOZ_CHECK_PTHREADS. Skip compiler checks when using MSVC, even when $CC is not literally
last seen	2020-06-05
modified	2014-11-03
plugin id	78817
published	2014-11-03
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78817
title	openSUSE Security Update : firefox / mozilla-nspr / mozilla-nss and seamonkey (openSUSE-SU-2014:1345-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014-611. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(78817); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-1554", "CVE-2014-1574", "CVE-2014-1575", "CVE-2014-1576", "CVE-2014-1577", "CVE-2014-1578", "CVE-2014-1580", "CVE-2014-1581", "CVE-2014-1582", "CVE-2014-1583", "CVE-2014-1584", "CVE-2014-1585", "CVE-2014-1586"); script_name(english:"openSUSE Security Update : firefox / mozilla-nspr / mozilla-nss and seamonkey (openSUSE-SU-2014:1345-1)"); script_summary(english:"Check for the openSUSE-2014-611 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: " - update to Firefox 33.0 (bnc#900941) New features : - OpenH264 support (sandboxed) - Enhanced Tiles - Improved search experience through the location bar - Slimmer and faster JavaScript strings - New CSP (Content Security Policy) backend - Support for connecting to HTTP proxy over HTTPS - Improved reliability of the session restoration - Proprietary window.crypto properties/functions removed Security : - MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 Miscellaneous memory safety hazards - MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation - MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms - MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video - MFSA 2014-78/CVE-2014-1580 (bmo#1063733) Further uninitialized memory use during GIF rendering - MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality - MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190) Key pinning bypasses - MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe - MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API (only relevant for installed web apps) - requires NSPR 4.10.7 - requires NSS 3.17.1 - removed obsolete patches : - mozilla-ppc.patch - mozilla-libproxy-compat.patch - added basic appdata information - update to SeaMonkey 2.30 (bnc#900941) - venkman debugger removed from application and therefore obsolete package seamonkey-venkman - MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 Miscellaneous memory safety hazards - MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation - MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms - MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video - MFSA 2014-78/CVE-2014-1580 (bmo#1063733) Further uninitialized memory use during GIF rendering - MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality - MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190) Key pinning bypasses - MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe - MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API (only relevant for installed web apps) - requires NSPR 4.10.7 - requires NSS 3.17.1 - removed obsolete patches : - mozilla-ppc.patch - mozilla-libproxy-compat.patch Changes in mozilla-nspr : - update to version 4.10.7 - bmo#836658: VC11+ defaults to SSE2 builds by default. - bmo#979278: TSan: data race nsprpub/pr/src/threads/prtpd.c:103 PR_NewThreadPrivateIndex. - bmo#1026129: Replace some manual declarations of MSVC intrinsics with #include <intrin.h>. - bmo#1026469: Use AC_CHECK_LIB instead of MOZ_CHECK_PTHREADS. Skip compiler checks when using MSVC, even when $CC is not literally 'cl'. - bmo#1034415: NSPR hardcodes the C compiler to cl on Windows. - bmo#1042408: Compilation fix for Android > API level 19. - bmo#1043082: NSPR's build system hardcodes -MD. Changes in mozilla-nss : - update to 3.17.1 (bnc#897890) - Change library's signature algorithm default to SHA256 - Add support for draft-ietf-tls-downgrade-scsv - Add clang-cl support to the NSS build system - Implement TLS 1.3 : - Part 1. Negotiate TLS 1.3 - Part 2. Remove deprecated cipher suites andcompression. - Add support for little-endian powerpc64 - update to 3.17 - required for Firefox 33 New functionality : - When using ECDHE, the TLS server code may be configured to generate a fresh ephemeral ECDH key for each handshake, by setting the SSL_REUSE_SERVER_ECDHE_KEY socket option to PR_FALSE. The SSL_REUSE_SERVER_ECDHE_KEY option defaults to PR_TRUE, which means the server's ephemeral ECDH key is reused for multiple handshakes. This option does not affect the TLS client code, which always generates a fresh ephemeral ECDH key for each handshake. New Macros - SSL_REUSE_SERVER_ECDHE_KEY Notable Changes : - The manual pages for the certutil and pp tools have been updated to document the new parameters that had been added in NSS 3.16.2. - On Windows, the new build variable USE_STATIC_RTL can be used to specify the static C runtime library should be used. By default the dynamic C runtime library is used." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1012609" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1015540" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1026129" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1026469" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1034415" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1041512" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1042408" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1043082" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1049095" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1062876" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1062981" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1063327" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1063733" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1063971" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1066190" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1068218" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=836658" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=979278" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=894370" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=896624" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=897890" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=900941" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=901213" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html" ); script_set_attribute( attribute:"solution", value:"Update the affected firefox / mozilla-nspr / mozilla-nss and seamonkey packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-irc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-other"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-33.0-46.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-branding-upstream-33.0-46.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-buildsymbols-33.0-46.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-debuginfo-33.0-46.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-debugsource-33.0-46.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-devel-33.0-46.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-translations-common-33.0-46.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-translations-other-33.0-46.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libfreebl3-3.17.1-43.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libfreebl3-debuginfo-3.17.1-43.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsoftokn3-3.17.1-43.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsoftokn3-debuginfo-3.17.1-43.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nspr-4.10.7-16.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nspr-debuginfo-4.10.7-16.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nspr-debugsource-4.10.7-16.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nspr-devel-4.10.7-16.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-3.17.1-43.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-certs-3.17.1-43.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-certs-debuginfo-3.17.1-43.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-debuginfo-3.17.1-43.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-debugsource-3.17.1-43.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-devel-3.17.1-43.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-sysinit-3.17.1-43.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-sysinit-debuginfo-3.17.1-43.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-tools-3.17.1-43.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-tools-debuginfo-3.17.1-43.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-2.30-36.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-debuginfo-2.30-36.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-debugsource-2.30-36.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-dom-inspector-2.30-36.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-irc-2.30-36.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-translations-common-2.30-36.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-translations-other-2.30-36.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libfreebl3-32bit-3.17.1-43.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.17.1-43.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsoftokn3-32bit-3.17.1-43.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.17.1-43.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nspr-32bit-4.10.7-16.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nspr-debuginfo-32bit-4.10.7-16.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-32bit-3.17.1-43.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.17.1-43.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.17.1-43.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.17.1-43.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.17.1-43.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.17.1-43.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-upstream / etc"); }

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

References