Vulnerabilities > CVE-2015-0813 - Use After Free Memory Corruption vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file. <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>
Vulnerable Configurations
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-0766.NASL description Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0813, CVE-2015-0815, CVE-2015-0801) A flaw was found in the way documents were loaded via resource URLs in, for example, Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 82477 published 2015-04-01 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82477 title CentOS 5 / 6 / 7 : firefox / xulrunner (CESA-2015:0766) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:0766 and # CentOS Errata and Security Advisory 2015:0766 respectively. # include("compat.inc"); if (description) { script_id(82477); script_version("1.16"); script_cvs_date("Date: 2020/02/18"); script_cve_id("CVE-2015-0801", "CVE-2015-0807", "CVE-2015-0813", "CVE-2015-0815", "CVE-2015-0816"); script_xref(name:"RHSA", value:"2015:0766"); script_name(english:"CentOS 5 / 6 / 7 : firefox / xulrunner (CESA-2015:0766)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0813, CVE-2015-0815, CVE-2015-0801) A flaw was found in the way documents were loaded via resource URLs in, for example, Mozilla's PDF.js PDF file viewer. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0816) A flaw was found in the Beacon interface implementation in Firefox. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery (CSRF) attack. (CVE-2015-0807) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Byron Campen, Steve Fink, Mariusz Mlynski, Christoph Kerschbaumer, Muneaki Nishimura, Olli Pettay, Boris Zbarsky, and Aki Helin as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 31.6.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect." ); # https://lists.centos.org/pipermail/centos-announce/2015-April/021011.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a26bd333" ); # https://lists.centos.org/pipermail/centos-announce/2015-April/021046.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5ae005e4" ); # https://lists.centos.org/pipermail/centos-announce/2015-April/021047.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5bc076b8" ); # https://lists.centos.org/pipermail/centos-announce/2015-March/021009.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?341ef806" ); script_set_attribute( attribute:"solution", value:"Update the affected firefox and / or xulrunner packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-0801"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox PDF.js Privileged Javascript Injection'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xulrunner"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xulrunner-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/04/01"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x / 6.x / 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"firefox-31.6.0-2.el5.centos", allowmaj:TRUE)) flag++; if (rpm_check(release:"CentOS-6", reference:"firefox-31.6.0-2.el6.centos", allowmaj:TRUE)) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"firefox-31.6.0-2.el7.centos", allowmaj:TRUE)) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"xulrunner-31.6.0-2.el7.centos", allowmaj:TRUE)) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"xulrunner-devel-31.6.0-2.el7.centos", allowmaj:TRUE)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / xulrunner / xulrunner-devel"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2552-1.NASL description Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to bypass same-origin policy restrictions. (CVE-2015-0801) Christoph Kerschbaumer discovered that CORS requests from navigator.sendBeacon() followed 30x redirections after preflight. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to conduct cross-site request forgery (XSRF) attacks. (CVE-2015-0807) Aki Helin discovered a use-after-free when playing MP3 audio files using the Fluendo MP3 GStreamer plugin in certain circumstances. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-0813) Christian Holler, Steve Fink, and Byron Campen discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-0815) Mariusz Mlynski discovered that documents loaded via resource: URLs (such as PDF.js) could load privileged chrome pages. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this in combination with another flaw, in order to execute arbitrary script in a privileged context. (CVE-2015-0816). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 82565 published 2015-04-03 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82565 title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : thunderbird vulnerabilities (USN-2552-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2552-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(82565); script_version("1.13"); script_cvs_date("Date: 2019/09/18 12:31:44"); script_cve_id("CVE-2015-0801", "CVE-2015-0807", "CVE-2015-0813", "CVE-2015-0815", "CVE-2015-0816"); script_xref(name:"USN", value:"2552-1"); script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : thunderbird vulnerabilities (USN-2552-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to bypass same-origin policy restrictions. (CVE-2015-0801) Christoph Kerschbaumer discovered that CORS requests from navigator.sendBeacon() followed 30x redirections after preflight. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to conduct cross-site request forgery (XSRF) attacks. (CVE-2015-0807) Aki Helin discovered a use-after-free when playing MP3 audio files using the Fluendo MP3 GStreamer plugin in certain circumstances. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-0813) Christian Holler, Steve Fink, and Byron Campen discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-0815) Mariusz Mlynski discovered that documents loaded via resource: URLs (such as PDF.js) could load privileged chrome pages. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this in combination with another flaw, in order to execute arbitrary script in a privileged context. (CVE-2015-0816). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2552-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected thunderbird package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox PDF.js Privileged Javascript Injection'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:thunderbird"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/04/01"); script_set_attribute(attribute:"patch_publication_date", value:"2015/04/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04|14\.04|14\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 14.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"thunderbird", pkgver:"1:31.6.0+build1-0ubuntu0.12.04.1")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"thunderbird", pkgver:"1:31.6.0+build1-0ubuntu0.14.04.1")) flag++; if (ubuntu_check(osver:"14.10", pkgname:"thunderbird", pkgver:"1:31.6.0+build1-0ubuntu0.14.10.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0766.NASL description Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0813, CVE-2015-0815, CVE-2015-0801) A flaw was found in the way documents were loaded via resource URLs in, for example, Mozilla last seen 2020-05-31 modified 2015-04-01 plugin id 82495 published 2015-04-01 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82495 title RHEL 5 / 6 / 7 : firefox (RHSA-2015:0766) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:0766. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(82495); script_version("1.22"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29"); script_cve_id("CVE-2015-0801", "CVE-2015-0807", "CVE-2015-0813", "CVE-2015-0815", "CVE-2015-0816"); script_xref(name:"RHSA", value:"2015:0766"); script_name(english:"RHEL 5 / 6 / 7 : firefox (RHSA-2015:0766)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0813, CVE-2015-0815, CVE-2015-0801) A flaw was found in the way documents were loaded via resource URLs in, for example, Mozilla's PDF.js PDF file viewer. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0816) A flaw was found in the Beacon interface implementation in Firefox. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery (CSRF) attack. (CVE-2015-0807) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Byron Campen, Steve Fink, Mariusz Mlynski, Christoph Kerschbaumer, Muneaki Nishimura, Olli Pettay, Boris Zbarsky, and Aki Helin as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 31.6.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect." ); # https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/# script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8b5eaff4" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2015:0766" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-0815" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-0801" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-0807" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-0816" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-0813" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox PDF.js Privileged Javascript Injection'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xulrunner"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xulrunner-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xulrunner-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/04/01"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x / 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2015:0766"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", reference:"firefox-31.6.0-2.el5_11", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL5", reference:"firefox-debuginfo-31.6.0-2.el5_11", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL6", reference:"firefox-31.6.0-2.el6_6", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL6", reference:"firefox-debuginfo-31.6.0-2.el6_6", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", reference:"firefox-31.6.0-2.el7_1", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", reference:"firefox-debuginfo-31.6.0-2.el7_1", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", reference:"xulrunner-31.6.0-2.el7_1")) flag++; if (rpm_check(release:"RHEL7", reference:"xulrunner-debuginfo-31.6.0-2.el7_1")) flag++; if (rpm_check(release:"RHEL7", reference:"xulrunner-devel-31.6.0-2.el7_1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / firefox-debuginfo / xulrunner / xulrunner-debuginfo / etc"); } }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0771.NASL description An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-0813, CVE-2015-0815, CVE-2015-0801) A flaw was found in the way documents were loaded via resource URLs. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-0816) A flaw was found in the Beacon interface implementation in Thunderbird. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery (CSRF) attack. (CVE-2015-0807) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Byron Campen, Steve Fink, Mariusz Mlynski, Christoph Kerschbaumer, Muneaki Nishimura, Olli Pettay, Boris Zbarsky, and Aki Helin as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 31.6.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 31.6.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. last seen 2020-05-31 modified 2015-04-02 plugin id 82519 published 2015-04-02 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82519 title RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:0771) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:0771. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(82519); script_version("1.21"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29"); script_cve_id("CVE-2015-0801", "CVE-2015-0807", "CVE-2015-0813", "CVE-2015-0815", "CVE-2015-0816"); script_xref(name:"RHSA", value:"2015:0771"); script_name(english:"RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:0771)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-0813, CVE-2015-0815, CVE-2015-0801) A flaw was found in the way documents were loaded via resource URLs. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-0816) A flaw was found in the Beacon interface implementation in Thunderbird. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery (CSRF) attack. (CVE-2015-0807) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Byron Campen, Steve Fink, Mariusz Mlynski, Christoph Kerschbaumer, Muneaki Nishimura, Olli Pettay, Boris Zbarsky, and Aki Helin as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 31.6.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 31.6.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect." ); # https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/# script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f3138c54" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2015:0771" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-0815" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-0801" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-0807" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-0816" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-0813" ); script_set_attribute( attribute:"solution", value: "Update the affected thunderbird and / or thunderbird-debuginfo packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox PDF.js Privileged Javascript Injection'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:thunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/04/01"); script_set_attribute(attribute:"patch_publication_date", value:"2015/04/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x / 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2015:0771"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"thunderbird-31.6.0-1.el5_11", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"thunderbird-31.6.0-1.el5_11", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"thunderbird-debuginfo-31.6.0-1.el5_11", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"thunderbird-debuginfo-31.6.0-1.el5_11", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"thunderbird-31.6.0-1.el6_6", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"thunderbird-31.6.0-1.el6_6", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"thunderbird-31.6.0-1.el6_6", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"thunderbird-debuginfo-31.6.0-1.el6_6", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"thunderbird-debuginfo-31.6.0-1.el6_6", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"thunderbird-debuginfo-31.6.0-1.el6_6", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"thunderbird-31.6.0-1.el7_1", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"thunderbird-debuginfo-31.6.0-1.el7_1", allowmaj:TRUE)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird / thunderbird-debuginfo"); } }NASL family Scientific Linux Local Security Checks NASL id SL_20150401_FIREFOX_ON_SL5_X.NASL description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0813, CVE-2015-0815, CVE-2015-0801) A flaw was found in the way documents were loaded via resource URLs in, for example, Mozilla last seen 2020-03-18 modified 2015-04-02 plugin id 82520 published 2015-04-02 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82520 title Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20150401) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(82520); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2015-0801", "CVE-2015-0807", "CVE-2015-0813", "CVE-2015-0815", "CVE-2015-0816"); script_name(english:"Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20150401)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0813, CVE-2015-0815, CVE-2015-0801) A flaw was found in the way documents were loaded via resource URLs in, for example, Mozilla's PDF.js PDF file viewer. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0816) A flaw was found in the Beacon interface implementation in Firefox. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery (CSRF) attack. (CVE-2015-0807) After installing the update, Firefox must be restarted for the changes to take effect." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1504&L=scientific-linux-errata&T=0&P=204 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8438e7cb" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox PDF.js Privileged Javascript Injection'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xulrunner"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xulrunner-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xulrunner-devel"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/04/01"); script_set_attribute(attribute:"patch_publication_date", value:"2015/04/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"firefox-31.6.0-2.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"firefox-debuginfo-31.6.0-2.el5_11")) flag++; if (rpm_check(release:"SL6", reference:"firefox-31.6.0-2.el6_6")) flag++; if (rpm_check(release:"SL6", reference:"firefox-debuginfo-31.6.0-2.el6_6")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"firefox-31.6.0-2.el7_1")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"firefox-debuginfo-31.6.0-2.el7_1")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xulrunner-31.6.0-2.el7_1")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xulrunner-debuginfo-31.6.0-2.el7_1")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xulrunner-devel-31.6.0-2.el7_1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / firefox-debuginfo / xulrunner / xulrunner-debuginfo / etc"); }NASL family Scientific Linux Local Security Checks NASL id SL_20150401_THUNDERBIRD_ON_SL5_X.NASL description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-0813, CVE-2015-0815, CVE-2015-0801) A flaw was found in the way documents were loaded via resource URLs. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-0816) A flaw was found in the Beacon interface implementation in Thunderbird. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery (CSRF) attack. (CVE-2015-0807) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. After installing the update, Thunderbird must be restarted for the changes to take effect. last seen 2020-03-18 modified 2015-04-02 plugin id 82522 published 2015-04-02 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82522 title Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20150401) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3212.NASL description Multiple security issues have been found in Icedove, Debian last seen 2020-03-17 modified 2015-04-03 plugin id 82538 published 2015-04-03 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82538 title Debian DSA-3212-1 : icedove - security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-290.NASL description Mozilla Firefox and Thunderbird were updated to fix several important vulnerabilities. Mozilla Firefox was updated to 37.0.1. Mozilla Thunderbird was updated to 31.6.0. mozilla-nspr was updated to 4.10.8 as a dependency. The following vulnerabilities were fixed in Mozilla Firefox : - Miscellaneous memory safety hazards (MFSA 2015-30/CVE-2015-0814/CVE-2015-0815 boo#925392) - Use-after-free when using the Fluendo MP3 GStreamer plugin (MFSA 2015-31/CVE-2015-0813 bmo#1106596 boo#925393) - Add-on lightweight theme installation approval bypassed through MITM attack (MFSA 2015-32/CVE-2015-0812 bmo#1128126 boo#925394) - resource:// documents can load privileged pages (MFSA 2015-33/CVE-2015-0816 bmo#1144991 boo#925395) - Out of bounds read in QCMS library (MFSA-2015-34/CVE-2015-0811 bmo#1132468 boo#925396) - Incorrect memory management for simple-type arrays in WebRTC (MFSA-2015-36/CVE-2015-0808 bmo#1109552 boo#925397) - CORS requests should not follow 30x redirections after preflight (MFSA-2015-37/CVE-2015-0807 bmo#1111834 boo#925398) - Memory corruption crashes in Off Main Thread Compositing (MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 bmo#1135511 bmo#1099437 boo#925399) - Use-after-free due to type confusion flaws (MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (mo#1134560 boo#925400) - Same-origin bypass through anchor navigation (MFSA-2015-40/CVE-2015-0801 bmo#1146339 boo#925401) - Windows can retain access to privileged content on navigation to unprivileged pages (MFSA-2015-42/CVE-2015-0802 bmo#1124898 boo#925402) The following vulnerability was fixed in functionality that was not released as an update to openSUSE : - Certificate verification could be bypassed through the HTTP/2 Alt-Svc header (MFSA 2015-44/CVE-2015-0799 bmo#1148328 bnc#926166) The functionality added in 37.0 and thus removed in 37.0.1 was : - Opportunistically encrypt HTTP traffic where the server supports HTTP/2 AltSvc The following functionality was added or updated in Mozilla Firefox : - Heartbeat user rating system - Yandex set as default search provider for the Turkish locale - Bing search now uses HTTPS for secure searching - Improved protection against site impersonation via OneCRL centralized certificate revocation - some more behaviour changes for TLS The following vulnerabilities were fixed in Mozilla Thunderbird : - Miscellaneous memory safety hazards (MFSA 2015-30/CVE-2015-0814/CVE-2015-0815 boo#925392) - Use-after-free when using the Fluendo MP3 GStreamer plugin (MFSA 2015-31/CVE-2015-0813 bmo#1106596 boo#925393) - resource:// documents can load privileged pages (MFSA 2015-33/CVE-2015-0816 bmo#1144991 boo#925395) - CORS requests should not follow 30x redirections after preflight (MFSA-2015-37/CVE-2015-0807 bmo#1111834 boo#925398) - Same-origin bypass through anchor navigation (MFSA-2015-40/CVE-2015-0801 bmo#1146339 boo#925401) mozilla-nspr was updated to 4.10.8 as a dependency and received the following changes : - bmo#573192: remove the stack-based PRFileDesc cache. - bmo#756047: check for _POSIX_THREAD_PRIORITY_SCHEDULING > 0 instead of only checking if the identifier is defined. - bmo#1089908: Fix variable shadowing in _PR_MD_LOCKFILE. Use PR_ARRAY_SIZE to get the array size of _PR_RUNQ(t->cpu). - bmo#1106600: Replace PR_ASSERT(! last seen 2020-06-05 modified 2015-04-09 plugin id 82651 published 2015-04-09 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82651 title openSUSE Security Update : MozillaFirefox / MozillaThunderbird / mozilla-nspr (openSUSE-2015-290) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-0771.NASL description From Red Hat Security Advisory 2015:0771 : An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-0813, CVE-2015-0815, CVE-2015-0801) A flaw was found in the way documents were loaded via resource URLs. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-0816) A flaw was found in the Beacon interface implementation in Thunderbird. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery (CSRF) attack. (CVE-2015-0807) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Byron Campen, Steve Fink, Mariusz Mlynski, Christoph Kerschbaumer, Muneaki Nishimura, Olli Pettay, Boris Zbarsky, and Aki Helin as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 31.6.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 31.6.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. last seen 2020-05-31 modified 2015-04-02 plugin id 82517 published 2015-04-02 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82517 title Oracle Linux 6 / 7 : thunderbird (ELSA-2015-0771) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-0766.NASL description From Red Hat Security Advisory 2015:0766 : Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0813, CVE-2015-0815, CVE-2015-0801) A flaw was found in the way documents were loaded via resource URLs in, for example, Mozilla last seen 2020-05-31 modified 2015-04-01 plugin id 82488 published 2015-04-01 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82488 title Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-0766) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_D0C97697DF2C4B8BBFF2CEC24DC35AF8.NASL description The Mozilla Project reports : MFSA-2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6) MFSA-2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin MFSA-2015-32 Add-on lightweight theme installation approval bypassed through MITM attack MFSA-2015-33 resource:// documents can load privileged pages MFSA-2015-34 Out of bounds read in QCMS library MFSA-2015-35 Cursor clickjacking with flash and images MFSA-2015-36 Incorrect memory management for simple-type arrays in WebRTC MFSA-2015-37 CORS requests should not follow 30x redirections after preflight MFSA-2015-38 Memory corruption crashes in Off Main Thread Compositing MFSA-2015-39 Use-after-free due to type confusion flaws MFSA-2015-40 Same-origin bypass through anchor navigation MFSA-2015-41 PRNG weakness allows for DNS poisoning on Android MFSA-2015-42 Windows can retain access to privileged content on navigation to unprivileged pages last seen 2020-06-01 modified 2020-06-02 plugin id 82482 published 2015-04-01 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82482 title FreeBSD : mozilla -- multiple vulnerabilities (d0c97697-df2c-4b8b-bff2-cec24dc35af8) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201512-10.NASL description The remote host is affected by the vulnerability described in GLSA-201512-10 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 87710 published 2016-01-04 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87710 title GLSA-201512-10 : Mozilla Products: Multiple vulnerabilities (Bar Mitzvah) (Logjam) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3211.NASL description Multiple security issues have been found in Iceweasel, Debian last seen 2020-03-17 modified 2015-04-02 plugin id 82512 published 2015-04-02 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82512 title Debian DSA-3211-1 : iceweasel - security update NASL family SuSE Local Security Checks NASL id SUSE_11_MOZILLAFIREFOX-20150402-150402.NASL description Mozilla Firefox was updated to 31.6.0 ESR to fix five security issues. The following vulnerabilities have been fixed : - Miscellaneous memory safety hazards. (MFSA 2015-30 / CVE-2015-0814 / CVE-2015-0815) - Use-after-free when using the Fluendo MP3 GStreamer plugin. (MFSA 2015-31 / CVE-2015-0813) - resource:// documents can load privileged pages. (MFSA 2015-33 / CVE-2015-0816) - CORS requests should not follow 30x redirections after preflight. (MFSA 2015-37 / CVE-2015-0807) - Same-origin bypass through anchor navigation (MFSA 2015-40 / CVE-2015-0801) last seen 2020-06-01 modified 2020-06-02 plugin id 82739 published 2015-04-13 reporter This script is Copyright (C) 2015-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82739 title SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 10571) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-0771.NASL description An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-0813, CVE-2015-0815, CVE-2015-0801) A flaw was found in the way documents were loaded via resource URLs. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-0816) A flaw was found in the Beacon interface implementation in Thunderbird. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery (CSRF) attack. (CVE-2015-0807) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Byron Campen, Steve Fink, Mariusz Mlynski, Christoph Kerschbaumer, Muneaki Nishimura, Olli Pettay, Boris Zbarsky, and Aki Helin as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 31.6.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 31.6.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. last seen 2020-05-31 modified 2015-04-02 plugin id 82510 published 2015-04-02 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82510 title CentOS 5 / 7 : thunderbird (CESA-2015:0771) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2550-1.NASL description Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin policy restrictions. (CVE-2015-0801) Bobby Holley discovered that windows created to hold privileged UI content retained access to privileged internal methods if navigated to unprivileged content. An attacker could potentially exploit this in combination with another flaw, in order to execute arbitrary script in a privileged context. (CVE-2015-0802) Several type confusion issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0803, CVE-2015-0804) Abhishek Arya discovered memory corruption issues during 2D graphics rendering. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0805, CVE-2015-0806) Christoph Kerschbaumer discovered that CORS requests from navigator.sendBeacon() followed 30x redirections after preflight. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct cross-site request forgery (XSRF) attacks. (CVE-2015-0807) Mitchell Harper discovered an issue with memory management of simple-type arrays in WebRTC. An attacker could potentially exploit this to cause undefined behaviour. (CVE-2015-0808) Felix Grobert discovered an out-of-bounds read in the QCMS colour management library. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-0811) Armin Razmdjou discovered that lightweight themes could be installed in Firefox without a user approval message, from Mozilla subdomains over HTTP without SSL. A remote attacker could potentially exploit this by conducting a Man-In-The-Middle (MITM) attack to install themes without user approval. (CVE-2015-0812) Aki Helin discovered a use-after-free when playing MP3 audio files using the Fluendo MP3 GStreamer plugin in certain circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0813) Christian Holler, Andrew McCreight, Gary Kwong, Karl Tomlinson, Randell Jesup, Shu-yu Guo, Steve Fink, Tooru Fujisawa, and Byron Campen discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0814, CVE-2015-0815) Mariusz Mlynski discovered that documents loaded via resource: URLs (such as PDF.js) could load privileged chrome pages. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this in combination with another flaw, in order to execute arbitrary script in a privileged context. (CVE-2015-0816). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 82524 published 2015-04-02 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82524 title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : firefox vulnerabilities (USN-2550-1)
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
- http://rhn.redhat.com/errata/RHSA-2015-0766.html
- http://rhn.redhat.com/errata/RHSA-2015-0771.html
- http://www.debian.org/security/2015/dsa-3211
- http://www.debian.org/security/2015/dsa-3212
- http://www.mozilla.org/security/announce/2015/mfsa2015-31.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.securityfocus.com/bid/73463
- http://www.securitytracker.com/id/1031996
- http://www.securitytracker.com/id/1032000
- http://www.ubuntu.com/usn/USN-2550-1
- http://www.ubuntu.com/usn/USN-2552-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1106596
- https://security.gentoo.org/glsa/201512-10