Vulnerabilities > CVE-2015-2726 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

nessus

NVD

Published: 2015-07-06

Updated: 2023-09-12

Summary

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Vulnerable Configurations

Part	Description	Count
OS	Oracle Oracle Solaris 11.3	1
OS	Novell Novell Suse Linux Enterprise Server 12.0 Novell Suse Linux Enterprise Server 11 Novell Suse Linux Enterprise Desktop 12.0	3
Application	Mozilla Mozilla Firefox - Mozilla Firefox 0.1 Mozilla Firefox 0.2 Mozilla Firefox 0.3 Mozilla Firefox 0.4 Mozilla Firefox 0.5 Mozilla Firefox 0.6 Mozilla Firefox 0.6.1 Mozilla Firefox 0.7 Mozilla Firefox 0.7.1 Mozilla Firefox 0.8 Mozilla Firefox 0.9 Mozilla Firefox 0.9.1 Mozilla Firefox 0.9.2 Mozilla Firefox 0.9.3 Mozilla Firefox 0.10 Mozilla Firefox 0.10.1 Mozilla Firefox 1.0 Mozilla Firefox 1.0.1 Mozilla Firefox 1.0.2 Mozilla Firefox 1.0.3 Mozilla Firefox 1.0.4 Mozilla Firefox 1.0.5 Mozilla Firefox 1.0.6 Mozilla Firefox 1.0.7 Mozilla Firefox 1.0.8 Mozilla Firefox 1.4.1 Mozilla Firefox 1.5 Mozilla Firefox 1.5.0.1 Mozilla Firefox 1.5.0.2 Mozilla Firefox 1.5.0.3 Mozilla Firefox 1.5.0.4 Mozilla Firefox 1.5.0.5 Mozilla Firefox 1.5.0.6 Mozilla Firefox 1.5.0.7 Mozilla Firefox 1.5.0.8 Mozilla Firefox 1.5.0.9 Mozilla Firefox 1.5.0.10 Mozilla Firefox 1.5.0.11 Mozilla Firefox 1.5.0.12 Mozilla Firefox 1.5.1 Mozilla Firefox 1.5.2 Mozilla Firefox 1.5.3 Mozilla Firefox 1.5.4 Mozilla Firefox 1.5.5 Mozilla Firefox 1.5.6 Mozilla Firefox 1.5.7 Mozilla Firefox 1.5.8 Mozilla Firefox 1.8 Mozilla Firefox 2.0 Mozilla Firefox 2.0.0.1 Mozilla Firefox 2.0.0.2 Mozilla Firefox 2.0.0.3 Mozilla Firefox 2.0.0.4 Mozilla Firefox 2.0.0.5 Mozilla Firefox 2.0.0.6 Mozilla Firefox 2.0.0.7 Mozilla Firefox 2.0.0.8 Mozilla Firefox 2.0.0.9 Mozilla Firefox 2.0.0.10 Mozilla Firefox 2.0.0.11 Mozilla Firefox 2.0.0.12 Mozilla Firefox 2.0.0.13 Mozilla Firefox 2.0.0.14 Mozilla Firefox 2.0.0.15 Mozilla Firefox 2.0.0.16 Mozilla Firefox 2.0.0.17 Mozilla Firefox 2.0.0.18 Mozilla Firefox 2.0.0.19 Mozilla Firefox 2.0.0.20 Mozilla Firefox 3.0 Mozilla Firefox 3.0.1 Mozilla Firefox 3.0.2 Mozilla Firefox 3.0.3 Mozilla Firefox 3.0.4 Mozilla Firefox 3.0.5 Mozilla Firefox 3.0.6 Mozilla Firefox 3.0.7 Mozilla Firefox 3.0.8 Mozilla Firefox 3.0.9 Mozilla Firefox 3.0.10 Mozilla Firefox 3.0.11 Mozilla Firefox 3.0.12 Mozilla Firefox 3.0.13 Mozilla Firefox 3.0.14 Mozilla Firefox 3.0.15 Mozilla Firefox 3.0.16 Mozilla Firefox 3.0.17 Mozilla Firefox 3.0.18 Mozilla Firefox 3.0.19 Mozilla Firefox 3.5 Mozilla Firefox 3.5.1 Mozilla Firefox 3.5.2 Mozilla Firefox 3.5.3 Mozilla Firefox 3.5.4 Mozilla Firefox 3.5.5 Mozilla Firefox 3.5.6 Mozilla Firefox 3.5.7 Mozilla Firefox 3.5.8 Mozilla Firefox 3.5.9 Mozilla Firefox 3.5.10 Mozilla Firefox 3.5.11 Mozilla Firefox 3.5.12 Mozilla Firefox 3.5.13 Mozilla Firefox 3.5.14 Mozilla Firefox 3.5.15 Mozilla Firefox 3.5.16 Mozilla Firefox 3.5.17 Mozilla Firefox 3.5.18 Mozilla Firefox 3.5.19 Mozilla Firefox 3.6 Mozilla Firefox 3.6.2 Mozilla Firefox 3.6.3 Mozilla Firefox 3.6.4 Mozilla Firefox 3.6.6 Mozilla Firefox 3.6.7 Mozilla Firefox 3.6.8 Mozilla Firefox 3.6.9 Mozilla Firefox 3.6.10 Mozilla Firefox 3.6.11 Mozilla Firefox 3.6.12 Mozilla Firefox 3.6.13 Mozilla Firefox 3.6.14 Mozilla Firefox 3.6.15 Mozilla Firefox 3.6.16 Mozilla Firefox 3.6.17 Mozilla Firefox 3.6.18 Mozilla Firefox 3.6.19 Mozilla Firefox 3.6.20 Mozilla Firefox 3.6.21 Mozilla Firefox 3.6.22 Mozilla Firefox 3.6.23 Mozilla Firefox 3.6.24 Mozilla Firefox 3.6.25 Mozilla Firefox 3.6.26 Mozilla Firefox 3.6.27 Mozilla Firefox 3.6.28 Mozilla Firefox 4.0 Mozilla Firefox 4.0.1 Mozilla Firefox 5.0 Mozilla Firefox 5.0.1 Mozilla Firefox 6.0 Mozilla Firefox 6.0.1 Mozilla Firefox 6.0.2 Mozilla Firefox 7.0 Mozilla Firefox 7.0.1 Mozilla Firefox 8.0 Mozilla Firefox 8.0.1 Mozilla Firefox 9.0 Mozilla Firefox 9.0.1 Mozilla Firefox 10.0 Mozilla Firefox 10.0.1 Mozilla Firefox 10.0.2 Mozilla Firefox 10.0.3 Mozilla Firefox 10.0.4 Mozilla Firefox 10.0.5 Mozilla Firefox 10.0.6 Mozilla Firefox 10.0.7 Mozilla Firefox 10.0.8 Mozilla Firefox 10.0.9 Mozilla Firefox 10.0.10 Mozilla Firefox 10.0.11 Mozilla Firefox 10.0.12 Mozilla Firefox 11.0 Mozilla Firefox 12.0 Mozilla Firefox 13.0 Mozilla Firefox 13.0.1 Mozilla Firefox 14.0 Mozilla Firefox 14.0.1 Mozilla Firefox 15.0 Mozilla Firefox 15.0.1 Mozilla Firefox 15.1 Mozilla Firefox 16.0 Mozilla Firefox 16.0.1 Mozilla Firefox 16.0.2 Mozilla Firefox 16.1 Mozilla Firefox 16.2 Mozilla Firefox 17.0 Mozilla Firefox 17.0.1 Mozilla Firefox 17.0.2 Mozilla Firefox 17.0.3 Mozilla Firefox 17.0.4 Mozilla Firefox 17.0.5 Mozilla Firefox 17.0.6 Mozilla Firefox 17.0.7 Mozilla Firefox 17.0.8 Mozilla Firefox 17.0.9 Mozilla Firefox 17.0.10 Mozilla Firefox 17.0.11 Mozilla Firefox 17.1 Mozilla Firefox 17.2 Mozilla Firefox 17.3 Mozilla Firefox 18.0 Mozilla Firefox 18.0.1 Mozilla Firefox 18.0.2 Mozilla Firefox 18.1 Mozilla Firefox 18.2 Mozilla Firefox 19.0 Mozilla Firefox 19.0.1 Mozilla Firefox 19.0.2 Mozilla Firefox 19.1 Mozilla Firefox 20.0 Mozilla Firefox 20.0.1 Mozilla Firefox 20.1 Mozilla Firefox 20.2 Mozilla Firefox 21.0 Mozilla Firefox 22.0 Mozilla Firefox 23.0 Mozilla Firefox 23.0.1 Mozilla Firefox 24.0 Mozilla Firefox 24.1 Mozilla Firefox 24.1.0 Mozilla Firefox 24.1.1 Mozilla Firefox 24.2.0 Mozilla Firefox 24.3.0 Mozilla Firefox 24.4.0 Mozilla Firefox 24.5.0 Mozilla Firefox 24.6.0 Mozilla Firefox 24.7.0 Mozilla Firefox 24.8.0 Mozilla Firefox 24.8.1 Mozilla Firefox 25.0 Mozilla Firefox 25.0.1 Mozilla Firefox 25.1 Mozilla Firefox 26.0 Mozilla Firefox 27.0 Mozilla Firefox 27.0.1 Mozilla Firefox 28.0 Mozilla Firefox 29.0 Mozilla Firefox 29.0.1 Mozilla Firefox 30.0 Mozilla Firefox 31.0 Mozilla Firefox 31.1.0 Mozilla Firefox 31.1.1 Mozilla Firefox 31.2.0 Mozilla Firefox 31.3.0 Mozilla Firefox 31.4.0 Mozilla Firefox 31.5.0 Mozilla Firefox 31.5.2 Mozilla Firefox 31.5.3 Mozilla Firefox 31.6.0 Mozilla Firefox 31.7.0 Mozilla Firefox 31.8.0 Mozilla Firefox 32.0 Mozilla Firefox 32.0.1 Mozilla Firefox 32.0.2 Mozilla Firefox 32.0.3 Mozilla Firefox 33.0 Mozilla Firefox 33.0.1 Mozilla Firefox 33.0.2 Mozilla Firefox 33.0.3 Mozilla Firefox 33.1 Mozilla Firefox 33.1.1 Mozilla Firefox 34.0 Mozilla Firefox 34.0.5 Mozilla Firefox 35.0 Mozilla Firefox 35.0.1 Mozilla Firefox 36.0 Mozilla Firefox 36.0.1 Mozilla Firefox 36.0.3 Mozilla Firefox 36.0.4 Mozilla Firefox 37.0 Mozilla Firefox 37.0.1 Mozilla Firefox 37.0.2 Mozilla Firefox 38.0 Mozilla Firefox 38.0.1 Mozilla Firefox 38.0.5 Mozilla Firefox 38.1.0	321
Application	Novell Novell Suse Linux Enterprise Software Development KIT 12.0	1

Common Weakness Enumeration (CWE)

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2656-2.NASL
description	USN-2656-1 fixed vulnerabilities in Firefox for Ubuntu 14.04 LTS and later releases. This update provides the corresponding update for Ubuntu 12.04 LTS. Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721) Looben Yan discovered 2 use-after-free issues when using XMLHttpRequest in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2722, CVE-2015-2733) Bob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Tooru Fujisawa, Andrew Sutherland, and Gary Kwong discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2726) Armin Razmdjou discovered that opening hyperlinks with specific mouse and key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2015-2727) Paul Bandha discovered a type confusion bug in the Indexed DB Manager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2728) Holger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-2729) Watson Ladd discovered that NSS incorrectly handled Elliptical Curve Cryptography (ECC) multiplication. A remote attacker could possibly use this issue to spoof ECDSA signatures. (CVE-2015-2730) A use-after-free was discovered when a Content Policy modifies the DOM to remove a DOM object. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2731) Ronald Crane discovered multiple security vulnerabilities. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740) David Keeler discovered that key pinning checks can be skipped when an overridable certificate error occurs. This allows a user to manually override an error for a fake certificate, but cannot be exploited on its own. (CVE-2015-2741) Jonas Jenwald discovered that some internal workers were incorrectly executed with a high privilege. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this in combination with another security vulnerability, to execute arbitrary code in a privileged scope. (CVE-2015-2743) Matthew Green discovered a DHE key processing issue in NSS where a MITM could force a server to downgrade TLS connections to 512-bit export-grade cryptography. An attacker could potentially exploit this to impersonate the server. (CVE-2015-4000). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	84794
published	2015-07-16
reporter	Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84794
title	Ubuntu 12.04 LTS : firefox vulnerabilities (USN-2656-2) (Logjam)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2656-2. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(84794); script_version("2.16"); script_cvs_date("Date: 2019/09/18 12:31:44"); script_cve_id("CVE-2015-2721", "CVE-2015-2722", "CVE-2015-2724", "CVE-2015-2725", "CVE-2015-2726", "CVE-2015-2727", "CVE-2015-2728", "CVE-2015-2729", "CVE-2015-2730", "CVE-2015-2731", "CVE-2015-2733", "CVE-2015-2734", "CVE-2015-2735", "CVE-2015-2736", "CVE-2015-2737", "CVE-2015-2738", "CVE-2015-2739", "CVE-2015-2740", "CVE-2015-2741", "CVE-2015-2743", "CVE-2015-4000"); script_bugtraq_id(75541); script_xref(name:"USN", value:"2656-2"); script_name(english:"Ubuntu 12.04 LTS : firefox vulnerabilities (USN-2656-2) (Logjam)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "USN-2656-1 fixed vulnerabilities in Firefox for Ubuntu 14.04 LTS and later releases. This update provides the corresponding update for Ubuntu 12.04 LTS. Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721) Looben Yan discovered 2 use-after-free issues when using XMLHttpRequest in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2722, CVE-2015-2733) Bob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Tooru Fujisawa, Andrew Sutherland, and Gary Kwong discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2726) Armin Razmdjou discovered that opening hyperlinks with specific mouse and key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2015-2727) Paul Bandha discovered a type confusion bug in the Indexed DB Manager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2728) Holger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-2729) Watson Ladd discovered that NSS incorrectly handled Elliptical Curve Cryptography (ECC) multiplication. A remote attacker could possibly use this issue to spoof ECDSA signatures. (CVE-2015-2730) A use-after-free was discovered when a Content Policy modifies the DOM to remove a DOM object. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2731) Ronald Crane discovered multiple security vulnerabilities. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740) David Keeler discovered that key pinning checks can be skipped when an overridable certificate error occurs. This allows a user to manually override an error for a fake certificate, but cannot be exploited on its own. (CVE-2015-2741) Jonas Jenwald discovered that some internal workers were incorrectly executed with a high privilege. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this in combination with another security vulnerability, to execute arbitrary code in a privileged scope. (CVE-2015-2743) Matthew Green discovered a DHE key processing issue in NSS where a MITM could force a server to downgrade TLS connections to 512-bit export-grade cryptography. An attacker could potentially exploit this to impersonate the server. (CVE-2015-4000). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2656-2/" ); script_set_attribute( attribute:"solution", value:"Update the affected firefox package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/05/21"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/16"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"firefox", pkgver:"39.0+build5-0ubuntu0.12.04.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1449-1.NASL
description	Mozilla Firefox is being updated to the current Firefox 38ESR branch (specifically the 38.2.0ESR release). Security issues fixed : - MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file stealing via PDF reader - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file - MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable JavaScript object properties - MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright - MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in JavaScript - MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489: Vulnerabilities found through code inspection - MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with shared workers The following vulnerabilities were fixed in ESR31 and are also included here : - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/ CVE-2015-2738/CVE-2 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). This update also contains a lot of feature improvements and bug fixes from 31ESR to 38ESR. Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which is what Firefox 38ESR uses. Mozilla Firefox and mozilla-nss were updated to fix 17 security issues. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-31
modified	2015-09-01
plugin id	85721
published	2015-09-01
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85721
title	SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1449-1) (Logjam)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2015:1449-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(85721); script_version("2.11"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29"); script_cve_id("CVE-2015-2721", "CVE-2015-2722", "CVE-2015-2724", "CVE-2015-2725", "CVE-2015-2726", "CVE-2015-2728", "CVE-2015-2730", "CVE-2015-2733", "CVE-2015-2734", "CVE-2015-2735", "CVE-2015-2736", "CVE-2015-2737", "CVE-2015-2738", "CVE-2015-2739", "CVE-2015-2740", "CVE-2015-2743", "CVE-2015-4000", "CVE-2015-4473", "CVE-2015-4474", "CVE-2015-4475", "CVE-2015-4478", "CVE-2015-4479", "CVE-2015-4484", "CVE-2015-4485", "CVE-2015-4486", "CVE-2015-4487", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4491", "CVE-2015-4492", "CVE-2015-4495"); script_bugtraq_id(74733, 75541); script_name(english:"SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1449-1) (Logjam)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Mozilla Firefox is being updated to the current Firefox 38ESR branch (specifically the 38.2.0ESR release). Security issues fixed : - MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file stealing via PDF reader - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file - MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable JavaScript object properties - MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright - MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in JavaScript - MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489: Vulnerabilities found through code inspection - MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with shared workers The following vulnerabilities were fixed in ESR31 and are also included here : - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/ CVE-2015-2738/CVE-2 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). This update also contains a lot of feature improvements and bug fixes from 31ESR to 38ESR. Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which is what Firefox 38ESR uses. Mozilla Firefox and mozilla-nss were updated to fix 17 security issues. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=935033" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=935979" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=940806" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=940918" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2721/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2722/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2724/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2725/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2726/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2728/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2730/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2733/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2734/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2735/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2736/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2737/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2738/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2739/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2740/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2743/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4000/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4473/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4474/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4475/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4478/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4479/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4484/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4485/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4486/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4487/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4488/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4489/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4491/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4492/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4495/" ); # https://www.suse.com/support/update/announcement/2015/suse-su-20151449-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7becea4c" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 11-SP2-LTSS : zypper in -t patch slessp2-mozilla-201507-12049=1 SUSE Linux Enterprise Server 11-SP1-LTSS : zypper in -t patch slessp1-mozilla-201507-12049=1 SUSE Linux Enterprise Debuginfo 11-SP2 : zypper in -t patch dbgsp2-mozilla-201507-12049=1 SUSE Linux Enterprise Debuginfo 11-SP1 : zypper in -t patch dbgsp1-mozilla-201507-12049=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-branding-SLED"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:firefox-libgcc_s1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:firefox-libstdc++6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libfreebl3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/05/21"); script_set_attribute(attribute:"patch_publication_date", value:"2015/08/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/01"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(1\|2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP1/2", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"libfreebl3-32bit-3.19.2.0-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"mozilla-nss-32bit-3.19.2.0-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"s390x", reference:"libfreebl3-32bit-3.19.2.0-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"s390x", reference:"mozilla-nss-32bit-3.19.2.0-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", reference:"MozillaFirefox-38.2.0esr-10.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", reference:"MozillaFirefox-branding-SLED-31.0-0.5.7.11")) flag++; if (rpm_check(release:"SLES11", sp:"1", reference:"MozillaFirefox-translations-38.2.0esr-10.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", reference:"firefox-libgcc_s1-4.7.2_20130108-0.37.2", allowmaj:TRUE)) flag++; if (rpm_check(release:"SLES11", sp:"1", reference:"firefox-libstdc++6-4.7.2_20130108-0.37.2", allowmaj:TRUE)) flag++; if (rpm_check(release:"SLES11", sp:"1", reference:"libfreebl3-3.19.2.0-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", reference:"mozilla-nss-3.19.2.0-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", reference:"mozilla-nss-devel-3.19.2.0-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", reference:"mozilla-nss-tools-3.19.2.0-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"libfreebl3-32bit-3.19.2.0-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"mozilla-nss-32bit-3.19.2.0-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"libfreebl3-32bit-3.19.2.0-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"mozilla-nss-32bit-3.19.2.0-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"MozillaFirefox-38.2.0esr-10.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"MozillaFirefox-branding-SLED-31.0-0.5.7.11")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"MozillaFirefox-translations-38.2.0esr-10.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"firefox-libgcc_s1-4.7.2_20130108-0.37.2", allowmaj:TRUE)) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"firefox-libstdc++6-4.7.2_20130108-0.37.2", allowmaj:TRUE)) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"libfreebl3-3.19.2.0-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"mozilla-nss-3.19.2.0-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"mozilla-nss-devel-3.19.2.0-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"mozilla-nss-tools-3.19.2.0-0.7.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / mozilla-nss"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2015-480.NASL
description	MozillaFirefox was updated to version 39.0 to fix 21 security issues. These security issues were fixed : - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2727: Local files or privileged URLs in pages can be opened into new tabs (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2729: Out-of-bound read while computing an oscillator rendering range in Web Audio (bsc#935979). - CVE-2015-2731: Use-after-free in Content Policy due to microtask execution error (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). - CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/ CVE-2015-2738/CVE-2015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2741: Key pinning is ignored when overridable errors are encountered (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935979). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). New features : - Share Hello URLs with social networks - Support for
last seen	2020-06-05
modified	2015-07-14
plugin id	84720
published	2015-07-14
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/84720
title	openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2015-480) (Logjam)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2015-480. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(84720); script_version("2.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-2721", "CVE-2015-2722", "CVE-2015-2724", "CVE-2015-2725", "CVE-2015-2726", "CVE-2015-2727", "CVE-2015-2728", "CVE-2015-2729", "CVE-2015-2730", "CVE-2015-2731", "CVE-2015-2733", "CVE-2015-2734", "CVE-2015-2735", "CVE-2015-2736", "CVE-2015-2737", "CVE-2015-2738", "CVE-2015-2739", "CVE-2015-2740", "CVE-2015-2741", "CVE-2015-2743", "CVE-2015-4000"); script_name(english:"openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2015-480) (Logjam)"); script_summary(english:"Check for the openSUSE-2015-480 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "MozillaFirefox was updated to version 39.0 to fix 21 security issues. These security issues were fixed : - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2727: Local files or privileged URLs in pages can be opened into new tabs (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2729: Out-of-bound read while computing an oscillator rendering range in Web Audio (bsc#935979). - CVE-2015-2731: Use-after-free in Content Policy due to microtask execution error (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). - CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/ CVE-2015-2738/CVE-2015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2741: Key pinning is ignored when overridable errors are encountered (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935979). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). New features : - Share Hello URLs with social networks - Support for 'switch' role in ARIA 1.1 (web accessibility) - SafeBrowsing malware detection lookups enabled for downloads (Mac OS X and Linux) - Support for new Unicode 8.0 skin tone emoji - Removed support for insecure SSLv3 for network communications - Disable use of RC4 except for temporarily whitelisted hosts - NPAPI Plug-in performance improved via asynchronous initialization mozilla-nss was updated to version 3.19.2 to fix some of the security issues listed above." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=932142" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=933439" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=935979" ); script_set_attribute( attribute:"solution", value:"Update the affected MozillaFirefox / mozilla-nss packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/03"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1\|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-39.0-78.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-branding-upstream-39.0-78.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-buildsymbols-39.0-78.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-debuginfo-39.0-78.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-debugsource-39.0-78.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-devel-39.0-78.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-translations-common-39.0-78.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-translations-other-39.0-78.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libfreebl3-3.19.2-59.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libfreebl3-debuginfo-3.19.2-59.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsoftokn3-3.19.2-59.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsoftokn3-debuginfo-3.19.2-59.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-3.19.2-59.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-certs-3.19.2-59.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-certs-debuginfo-3.19.2-59.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-debuginfo-3.19.2-59.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-debugsource-3.19.2-59.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-devel-3.19.2-59.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-sysinit-3.19.2-59.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-sysinit-debuginfo-3.19.2-59.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-tools-3.19.2-59.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-tools-debuginfo-3.19.2-59.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libfreebl3-32bit-3.19.2-59.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.19.2-59.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsoftokn3-32bit-3.19.2-59.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.19.2-59.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-32bit-3.19.2-59.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.19.2-59.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.19.2-59.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.19.2-59.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.19.2-59.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.19.2-59.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-39.0-34.2") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-branding-upstream-39.0-34.2") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-buildsymbols-39.0-34.2") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-debuginfo-39.0-34.2") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-debugsource-39.0-34.2") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-devel-39.0-34.2") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-translations-common-39.0-34.2") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-translations-other-39.0-34.2") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libfreebl3-3.19.2-16.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libfreebl3-debuginfo-3.19.2-16.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libsoftokn3-3.19.2-16.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libsoftokn3-debuginfo-3.19.2-16.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-3.19.2-16.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-certs-3.19.2-16.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-certs-debuginfo-3.19.2-16.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-debuginfo-3.19.2-16.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-debugsource-3.19.2-16.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-devel-3.19.2-16.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-sysinit-3.19.2-16.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-sysinit-debuginfo-3.19.2-16.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-tools-3.19.2-16.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-tools-debuginfo-3.19.2-16.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libfreebl3-32bit-3.19.2-16.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.19.2-16.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libsoftokn3-32bit-3.19.2-16.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.19.2-16.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"mozilla-nss-32bit-3.19.2-16.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.19.2-16.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.19.2-16.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.19.2-16.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.19.2-16.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.19.2-16.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-upstream / etc"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1269-1.NASL
description	MozillaFirefox, mozilla-nspr, and mozilla-nss were updated to fix 17 security issues. For more details please check the changelogs. - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). - CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/ CVE-2015-2738/CVE-2 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	84899
published	2015-07-21
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/84899
title	SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2015:1269-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2015:1269-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(84899); script_version("2.10"); script_cvs_date("Date: 2018/07/31 17:27:54"); script_cve_id("CVE-2015-2721", "CVE-2015-2722", "CVE-2015-2724", "CVE-2015-2725", "CVE-2015-2726", "CVE-2015-2728", "CVE-2015-2730", "CVE-2015-2733", "CVE-2015-2734", "CVE-2015-2735", "CVE-2015-2736", "CVE-2015-2737", "CVE-2015-2738", "CVE-2015-2739", "CVE-2015-2740", "CVE-2015-2743", "CVE-2015-4000"); script_bugtraq_id(74733, 75541); script_name(english:"SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2015:1269-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "MozillaFirefox, mozilla-nspr, and mozilla-nss were updated to fix 17 security issues. For more details please check the changelogs. - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). - CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/ CVE-2015-2738/CVE-2 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/856315" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/935033" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/935979" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2721.html" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2722.html" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2724.html" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2725.html" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2726.html" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2728.html" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2730.html" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2733.html" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2734.html" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2735.html" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2736.html" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2737.html" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2738.html" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2739.html" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2740.html" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2743.html" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4000.html" ); # https://www.suse.com/support/update/announcement/2015/suse-su-20151269-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?03992c1e" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively, you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12 : zypper in -t patch SUSE-SLE-SDK-12-2015-330=1 SUSE Linux Enterprise Server 12 : zypper in -t patch SUSE-SLE-SERVER-12-2015-330=1 SUSE Linux Enterprise Desktop 12 : zypper in -t patch SUSE-SLE-DESKTOP-12-2015-330=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libfreebl3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libfreebl3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libfreebl3-hmac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsoftokn3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsoftokn3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsoftokn3-hmac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nspr-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nspr-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-certs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-certs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = eregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! ereg(pattern:"^(SLED12\|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); rpm_list =get_kb_item("Host/SuSE/rpm-list"); if (!rpm_list) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); rpm_fixed = ereg_replace(string:rpm_list, pattern:"_CKBI_1\.98-", replace:"-"); flag = 0; if (rpm_check(release:"SLES12", reference:"MozillaFirefox-31.8.0esr-37.3", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"MozillaFirefox-debuginfo-31.8.0esr-37.3", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"MozillaFirefox-debugsource-31.8.0esr-37.3", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"MozillaFirefox-devel-31.8.0esr-37.3", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"MozillaFirefox-translations-31.8.0esr-37.3", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"libfreebl3-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"libfreebl3-debuginfo-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"libfreebl3-hmac-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"libsoftokn3-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"libsoftokn3-debuginfo-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"libsoftokn3-hmac-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"mozilla-nspr-4.10.8-3.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"mozilla-nspr-debuginfo-4.10.8-3.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"mozilla-nspr-debugsource-4.10.8-3.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"mozilla-nspr-devel-4.10.8-3.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"mozilla-nss-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"mozilla-nss-certs-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"mozilla-nss-certs-debuginfo-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"mozilla-nss-debuginfo-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"mozilla-nss-debugsource-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"mozilla-nss-devel-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"mozilla-nss-tools-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"mozilla-nss-tools-debuginfo-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"libfreebl3-32bit-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"libfreebl3-debuginfo-32bit-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"libfreebl3-hmac-32bit-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"libsoftokn3-32bit-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"libsoftokn3-debuginfo-32bit-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"libsoftokn3-hmac-32bit-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"mozilla-nspr-32bit-4.10.8-3.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"mozilla-nspr-debuginfo-32bit-4.10.8-3.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"mozilla-nss-32bit-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"mozilla-nss-certs-32bit-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"mozilla-nss-certs-debuginfo-32bit-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLES12", reference:"mozilla-nss-debuginfo-32bit-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"MozillaFirefox-31.8.0esr-37.3", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"MozillaFirefox-debuginfo-31.8.0esr-37.3", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"MozillaFirefox-debugsource-31.8.0esr-37.3", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"MozillaFirefox-devel-31.8.0esr-37.3", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"MozillaFirefox-translations-31.8.0esr-37.3", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"libfreebl3-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"libfreebl3-32bit-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"libfreebl3-debuginfo-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"libsoftokn3-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"libsoftokn3-32bit-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"libsoftokn3-debuginfo-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"mozilla-nspr-32bit-4.10.8-3.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"mozilla-nspr-4.10.8-3.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"mozilla-nspr-debuginfo-32bit-4.10.8-3.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"mozilla-nspr-debuginfo-4.10.8-3.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"mozilla-nspr-debugsource-4.10.8-3.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"mozilla-nspr-devel-4.10.8-3.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"mozilla-nss-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"mozilla-nss-32bit-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"mozilla-nss-certs-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"mozilla-nss-debuginfo-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"mozilla-nss-debugsource-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"mozilla-nss-devel-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"mozilla-nss-tools-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (rpm_check(release:"SLED12", cpu:"x86_64", reference:"mozilla-nss-tools-debuginfo-3.19.2-21.1", rpm_list:rpm_fixed)) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / mozilla-nspr / mozilla-nss"); }

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201512-10.NASL
description	The remote host is affected by the vulnerability described in GLSA-201512-10 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	87710
published	2016-01-04
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87710
title	GLSA-201512-10 : Mozilla Products: Multiple vulnerabilities (Bar Mitzvah) (Logjam)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201512-10. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(87710); script_version("2.12"); script_cvs_date("Date: 2019/08/12 17:35:38"); script_cve_id("CVE-2015-0798", "CVE-2015-0799", "CVE-2015-0801", "CVE-2015-0802", "CVE-2015-0803", "CVE-2015-0804", "CVE-2015-0805", "CVE-2015-0806", "CVE-2015-0807", "CVE-2015-0808", "CVE-2015-0810", "CVE-2015-0811", "CVE-2015-0812", "CVE-2015-0813", "CVE-2015-0814", "CVE-2015-0815", "CVE-2015-0816", "CVE-2015-2706", "CVE-2015-2721", "CVE-2015-2722", "CVE-2015-2724", "CVE-2015-2725", "CVE-2015-2726", "CVE-2015-2727", "CVE-2015-2728", "CVE-2015-2729", "CVE-2015-2730", "CVE-2015-2731", "CVE-2015-2733", "CVE-2015-2734", "CVE-2015-2735", "CVE-2015-2736", "CVE-2015-2737", "CVE-2015-2738", "CVE-2015-2739", "CVE-2015-2740", "CVE-2015-2741", "CVE-2015-2742", "CVE-2015-2743", "CVE-2015-2808", "CVE-2015-4000", "CVE-2015-4153", "CVE-2015-4495", "CVE-2015-4513", "CVE-2015-4514", "CVE-2015-4515", "CVE-2015-4518", "CVE-2015-7181", "CVE-2015-7182", "CVE-2015-7183", "CVE-2015-7187", "CVE-2015-7188", "CVE-2015-7189", "CVE-2015-7191", "CVE-2015-7192", "CVE-2015-7193", "CVE-2015-7194", "CVE-2015-7195", "CVE-2015-7196", "CVE-2015-7197", "CVE-2015-7198", "CVE-2015-7199", "CVE-2015-7200", "CVE-2015-7201", "CVE-2015-7202", "CVE-2015-7203", "CVE-2015-7204", "CVE-2015-7205", "CVE-2015-7207", "CVE-2015-7208", "CVE-2015-7210", "CVE-2015-7211", "CVE-2015-7212", "CVE-2015-7213", "CVE-2015-7214", "CVE-2015-7215", "CVE-2015-7216", "CVE-2015-7217", "CVE-2015-7218", "CVE-2015-7219", "CVE-2015-7220", "CVE-2015-7221", "CVE-2015-7222", "CVE-2015-7223"); script_xref(name:"GLSA", value:"201512-10"); script_name(english:"GLSA-201512-10 : Mozilla Products: Multiple vulnerabilities (Bar Mitzvah) (Logjam)"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201512-10 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201512-10" ); script_set_attribute( attribute:"solution", value: "All Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/firefox-38.5.0' All Firefox-bin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-38.5.0' All Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-38.5.0' All Thunderbird-bin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-bin-38.5.0'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox PDF.js Privileged Javascript Injection'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firefox-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:thunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:thunderbird-bin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/31"); script_set_attribute(attribute:"patch_publication_date", value:"2015/12/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/04"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-client/firefox-bin", unaffected:make_list("ge 38.5.0"), vulnerable:make_list("lt 38.5.0"))) flag++; if (qpkg_check(package:"mail-client/thunderbird-bin", unaffected:make_list("ge 38.5.0"), vulnerable:make_list("lt 38.5.0"))) flag++; if (qpkg_check(package:"www-client/firefox", unaffected:make_list("ge 38.5.0"), vulnerable:make_list("lt 38.5.0"))) flag++; if (qpkg_check(package:"mail-client/thunderbird", unaffected:make_list("ge 38.5.0"), vulnerable:make_list("lt 38.5.0"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla Products"); }

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2656-1.NASL
description	Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721) Looben Yan discovered 2 use-after-free issues when using XMLHttpRequest in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2722, CVE-2015-2733) Bob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Tooru Fujisawa, Andrew Sutherland, and Gary Kwong discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2726) Armin Razmdjou discovered that opening hyperlinks with specific mouse and key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2015-2727) Paul Bandha discovered a type confusion bug in the Indexed DB Manager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2728) Holger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-2729) Watson Ladd discovered that NSS incorrectly handled Elliptical Curve Cryptography (ECC) multiplication. A remote attacker could possibly use this issue to spoof ECDSA signatures. (CVE-2015-2730) A use-after-free was discovered when a Content Policy modifies the DOM to remove a DOM object. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2731) Ronald Crane discovered multiple security vulnerabilities. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740) David Keeler discovered that key pinning checks can be skipped when an overridable certificate error occurs. This allows a user to manually override an error for a fake certificate, but cannot be exploited on its own. (CVE-2015-2741) Jonas Jenwald discovered that some internal workers were incorrectly executed with a high privilege. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this in combination with another security vulnerability, to execute arbitrary code in a privileged scope. (CVE-2015-2743) Matthew Green discovered a DHE key processing issue in NSS where a MITM could force a server to downgrade TLS connections to 512-bit export-grade cryptography. An attacker could potentially exploit this to impersonate the server. (CVE-2015-4000). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	84664
published	2015-07-13
reporter	Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84664
title	Ubuntu 14.04 LTS / 14.10 / 15.04 : firefox vulnerabilities (USN-2656-1) (Logjam)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2656-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(84664); script_version("1.14"); script_cvs_date("Date: 2019/09/18 12:31:44"); script_cve_id("CVE-2015-2721", "CVE-2015-2722", "CVE-2015-2724", "CVE-2015-2725", "CVE-2015-2726", "CVE-2015-2727", "CVE-2015-2728", "CVE-2015-2729", "CVE-2015-2730", "CVE-2015-2731", "CVE-2015-2733", "CVE-2015-2734", "CVE-2015-2735", "CVE-2015-2736", "CVE-2015-2737", "CVE-2015-2738", "CVE-2015-2739", "CVE-2015-2740", "CVE-2015-2741", "CVE-2015-2743", "CVE-2015-4000"); script_bugtraq_id(74733, 75541); script_xref(name:"USN", value:"2656-1"); script_name(english:"Ubuntu 14.04 LTS / 14.10 / 15.04 : firefox vulnerabilities (USN-2656-1) (Logjam)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721) Looben Yan discovered 2 use-after-free issues when using XMLHttpRequest in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2722, CVE-2015-2733) Bob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Tooru Fujisawa, Andrew Sutherland, and Gary Kwong discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2726) Armin Razmdjou discovered that opening hyperlinks with specific mouse and key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2015-2727) Paul Bandha discovered a type confusion bug in the Indexed DB Manager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2728) Holger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-2729) Watson Ladd discovered that NSS incorrectly handled Elliptical Curve Cryptography (ECC) multiplication. A remote attacker could possibly use this issue to spoof ECDSA signatures. (CVE-2015-2730) A use-after-free was discovered when a Content Policy modifies the DOM to remove a DOM object. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2731) Ronald Crane discovered multiple security vulnerabilities. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740) David Keeler discovered that key pinning checks can be skipped when an overridable certificate error occurs. This allows a user to manually override an error for a fake certificate, but cannot be exploited on its own. (CVE-2015-2741) Jonas Jenwald discovered that some internal workers were incorrectly executed with a high privilege. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this in combination with another security vulnerability, to execute arbitrary code in a privileged scope. (CVE-2015-2743) Matthew Green discovered a DHE key processing issue in NSS where a MITM could force a server to downgrade TLS connections to 512-bit export-grade cryptography. An attacker could potentially exploit this to impersonate the server. (CVE-2015-4000). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2656-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected firefox package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/05/21"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/13"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.04\|14\.10\|15\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 14.10 / 15.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"14.04", pkgname:"firefox", pkgver:"39.0+build5-0ubuntu0.14.04.1")) flag++; if (ubuntu_check(osver:"14.10", pkgname:"firefox", pkgver:"39.0+build5-0ubuntu0.14.10.1")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"firefox", pkgver:"39.0+build5-0ubuntu0.15.04.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox"); }

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_44D9DAEE940C417986BB6E3FFD617869.NASL
description	The Mozilla Project reports : MFSA 2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1) MFSA 2015-60 Local files or privileged URLs in pages can be opened into new tabs MFSA 2015-61 Type confusion in Indexed Database Manager MFSA 2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio MFSA 2015-63 Use-after-free in Content Policy due to microtask execution error MFSA 2015-64 ECDSA signature validation fails to handle some signatures correctly MFSA 2015-65 Use-after-free in workers while using XMLHttpRequest MFSA 2015-66 Vulnerabilities found through code inspection MFSA 2015-67 Key pinning is ignored when overridable errors are encountered MFSA 2015-68 OS X crash reports may contain entered key press information MFSA 2015-69 Privilege escalation through internal workers MFSA 2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites MFSA 2015-71 NSS incorrectly permits skipping of ServerKeyExchange
last seen	2020-06-01
modified	2020-06-02
plugin id	84780
published	2015-07-16
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84780
title	FreeBSD : mozilla -- multiple vulnerabilities (44d9daee-940c-4179-86bb-6e3ffd617869) (Logjam)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1268-2.NASL
description	MozillaFirefox, mozilla-nspr, and mozilla-nss were updated to fix 17 security issues. For more details please check the changelogs. These security issues were fixed : - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). - CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/ CVE-2015-2738/CVE-2 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). This non-security issue was fixed : - bsc#908275: Firefox did not print in landscape orientation. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	84898
published	2015-07-21
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/84898
title	SUSE SLED11 / SLES11 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2015:1268-2)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

References