Vulnerabilities > CVE-2015-4491 - Numeric Errors vulnerability in multiple products

Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.

Vulnerable Configurations

Part	Description	Count
Application	Gnome Gnome GDK Pixbuf - Gnome GDK Pixbuf 2.22.1 Gnome GDK Pixbuf 2.23.3 Gnome GDK Pixbuf 2.23.5 Gnome GDK Pixbuf 2.24.0 Gnome GDK Pixbuf 2.26.1 Gnome GDK Pixbuf 2.26.5 Gnome GDK Pixbuf 2.28.1 Gnome GDK Pixbuf 2.30.6 Gnome GDK Pixbuf 2.30.7 Gnome GDK Pixbuf 2.30.8 Gnome GDK Pixbuf 2.31.0 Gnome GDK Pixbuf 2.31.1 Gnome GDK Pixbuf 2.31.4	14
Application	Google Google Chrome -	1
Application	Mozilla Mozilla Firefox * Mozilla Firefox ESR 38.0 Mozilla Firefox ESR 38.0.1 Mozilla Firefox ESR 38.0.5 Mozilla Firefox ESR 38.1.0	5
OS	Linux Linux Linux Kernel *	1
OS	Oracle Oracle Solaris 10 Oracle Solaris 11.3	2
OS	Canonical Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 15.04	3
OS	Fedoraproject Fedoraproject Fedora 21 Fedoraproject Fedora 22	2
OS	Opensuse Opensuse Opensuse 13.1 Opensuse Opensuse 13.2	2

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Nessus

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2015-559.NASL
description	This update to Thunderbird 38.2.0 fixes the following issues (bnc#940806) : - MFSA 2015-79/CVE-2015-4473 Miscellaneous memory safety hazards - MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with malformed MP3 file - MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of non-configurable JavaScript object properties - MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues in libstagefright - MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting through Mozilla Maintenance Service with hard links (only affected Windows) - MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with Updater and malicious MAR file (does not affect openSUSE RPM packages which do not ship the updater) - MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared memory in JavaScript - MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection - MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in XMLHttpRequest with shared workers
last seen	2020-06-05
modified	2015-08-31
plugin id	85703
published	2015-08-31
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/85703
title	openSUSE Security Update : MozillaThunderbird (openSUSE-2015-559)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2015-559. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(85703); script_version("2.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-4473", "CVE-2015-4475", "CVE-2015-4478", "CVE-2015-4479", "CVE-2015-4480", "CVE-2015-4481", "CVE-2015-4482", "CVE-2015-4484", "CVE-2015-4485", "CVE-2015-4486", "CVE-2015-4487", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4491", "CVE-2015-4492", "CVE-2015-4493"); script_name(english:"openSUSE Security Update : MozillaThunderbird (openSUSE-2015-559)"); script_summary(english:"Check for the openSUSE-2015-559 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update to Thunderbird 38.2.0 fixes the following issues (bnc#940806) : - MFSA 2015-79/CVE-2015-4473 Miscellaneous memory safety hazards - MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with malformed MP3 file - MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of non-configurable JavaScript object properties - MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues in libstagefright - MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting through Mozilla Maintenance Service with hard links (only affected Windows) - MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with Updater and malicious MAR file (does not affect openSUSE RPM packages which do not ship the updater) - MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared memory in JavaScript - MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection - MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in XMLHttpRequest with shared workers" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=940806" ); script_set_attribute( attribute:"solution", value:"Update the affected MozillaThunderbird packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"patch_publication_date", value:"2015/08/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.2", reference:"MozillaThunderbird-38.2.0-25.2") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"MozillaThunderbird-buildsymbols-38.2.0-25.2") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"MozillaThunderbird-debuginfo-38.2.0-25.2") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"MozillaThunderbird-debugsource-38.2.0-25.2") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"MozillaThunderbird-devel-38.2.0-25.2") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"MozillaThunderbird-translations-common-38.2.0-25.2") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"MozillaThunderbird-translations-other-38.2.0-25.2") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaThunderbird / MozillaThunderbird-buildsymbols / etc"); }

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20150825_THUNDERBIRD_ON_SL5_X.NASL
description	Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message because JavaScript is disabled by default for mail messages. However, they could be exploited in other ways in Thunderbird (for example, by viewing the full remote content of an RSS feed). After installing the update, Thunderbird must be restarted for the changes to take effect.
last seen	2020-03-18
modified	2015-08-26
plugin id	85646
published	2015-08-26
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85646
title	Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20150825)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(85646); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2015-4473", "CVE-2015-4487", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4491"); script_name(english:"Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20150825)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message because JavaScript is disabled by default for mail messages. However, they could be exploited in other ways in Thunderbird (for example, by viewing the full remote content of an RSS feed). After installing the update, Thunderbird must be restarted for the changes to take effect." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1508&L=scientific-linux-errata&F=&S=&P=24093 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?40a93d02" ); script_set_attribute( attribute:"solution", value: "Update the affected thunderbird and / or thunderbird-debuginfo packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:thunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/08/16"); script_set_attribute(attribute:"patch_publication_date", value:"2015/08/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"thunderbird-38.2.0-4.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"thunderbird-debuginfo-38.2.0-4.el5_11")) flag++; if (rpm_check(release:"SL6", reference:"thunderbird-38.2.0-4.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"thunderbird-debuginfo-38.2.0-4.el6_7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"thunderbird-38.2.0-1.el7_1")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"thunderbird-debuginfo-38.2.0-1.el7_1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird / thunderbird-debuginfo"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2015-547.NASL
description	- update to Firefox 40.0 (bnc#940806) - Added protection against unwanted software downloads - Suggested Tiles show sites of interest, based on categories from your recent browsing history - Hello allows adding a link to conversations to provide context on what the conversation will be about - New style for add-on manager based on the in-content preferences style - Improved scrolling, graphics, and video playback performance with off main thread compositing (GNU/Linux only) - Graphic blocklist mechanism improved: Firefox version ranges can be specified, limiting the number of devices blocked security fixes : - MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety hazards - MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with malformed MP3 file - MFSA 2015-81/CVE-2015-4477 (bmo#1179484) Use-after-free in MediaStream playback - MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of non-configurable JavaScript object properties - MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues in libstagefright - MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting through Mozilla Maintenance Service with hard links (only affected Windows) - MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with Updater and malicious MAR file (does not affect openSUSE RPM packages which do not ship the updater) - MFSA 2015-86/CVE-2015-4483 (bmo#1148732) Feed protocol with POST bypasses mixed content protections - MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared memory in JavaScript - MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection - MFSA 2015-91/CVE-2015-4490 (bmo#1086999) Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification - MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in XMLHttpRequest with shared workers - added mozilla-no-stdcxx-check.patch - removed obsolete patches - mozilla-add-glibcxx_use_cxx11_abi.patch - firefox-multilocale-chrome.patch - rebased patches - requires version 40 of the branding package - removed browser/searchplugins/ location as it
last seen	2020-06-05
modified	2015-08-17
plugin id	85436
published	2015-08-17
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/85436
title	openSUSE Security Update : MozillaFirefox (openSUSE-2015-547)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_F5B8B670465C11E5A49DBCAEC565249C.NASL
description	Gustavo Grieco reports : We found a heap overflow and a DoS in the gdk-pixbuf implementation triggered by the scaling of a malformed bmp.
last seen	2020-06-01
modified	2020-06-02
plugin id	85562
published	2015-08-20
reporter	This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85562
title	FreeBSD : gdk-pixbuf2 -- heap overflow and DoS (f5b8b670-465c-11e5-a49d-bcaec565249c)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2712-1.NASL
description	Gary Kwong, Christian Holler, and Byron Campen discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges ofthe user invoking Thunderbird. (CVE-2015-4473) Ronald Crane reported 3 security issues. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these, in combination with another security vulnerability, to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-4487, CVE-2015-4488, CVE-2015-4489) Gustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Thunderbird. (CVE-2015-4491). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	85648
published	2015-08-26
reporter	Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85648
title	Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : thunderbird vulnerabilities (USN-2712-1)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2702-3.NASL
description	USN-2702-1 fixed vulnerabilities in Firefox. After upgrading, some users in the US reported that their default search engine switched to Yahoo. This update fixes the problem. We apologize for the inconvenience. Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, Chris Coulson, and Eric Rahm discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4473, CVE-2015-4474) Aki Helin discovered an out-of-bounds read when playing malformed MP3 content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4475) A use-after-free was discovered during MediaStream playback in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-4477) Andre Bargull discovered that non-configurable properties on JavaScript objects could be redefined when parsing JSON. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-4478) Multiple integer overflows were discovered in libstagefright. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4479, CVE-2015-4480, CVE-2015-4493) Jukka Jylanki discovered a crash that occurs because JavaScript does not properly gate access to Atomics or SharedArrayBuffers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-4484) Abhishek Arya discovered 2 buffer overflows in libvpx when decoding malformed WebM content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4485, CVE-2015-4486) Ronald Crane reported 3 security issues. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these, in combination with another security vulnerability, to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4487, CVE-2015-4488, CVE-2015-4489) Christoph Kerschbaumer discovered an issue with Mozilla
last seen	2020-06-01
modified	2020-06-02
plugin id	85578
published	2015-08-21
reporter	Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85578
title	Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : firefox regression (USN-2702-3)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1438.NASL
description	According to the versions of the gdk-pixbuf2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bitmap format images. An attacker could use a specially crafted BMP image file that, when processed by an application compiled against the gdk-pixbuf library, would cause that application to crash or execute arbitrary code with the permissions of the user running the application.(CVE-2015-4491) - Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution(CVE-2017-1000422) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	124941
published	2019-05-14
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124941
title	EulerOS Virtualization 3.0.1.0 : gdk-pixbuf2 (EulerOS-SA-2019-1438)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-434.NASL
description	Gustavo Grieco discovered different security issues in Gtk+2.0
last seen	2020-03-17
modified	2016-02-29
plugin id	88995
published	2016-02-29
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/88995
title	Debian DLA-434-1 : gtk+2.0 security update

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2015-1694.NASL
description	Updated gdk-pixbuf2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bitmap format images. An attacker could use a specially crafted BMP image file that, when processed by an application compiled against the gdk-pixbuf library, would cause that application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2015-4491) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gustavo Grieco as the original reporter. All gdk-pixbuf2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	86499
published	2015-10-22
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/86499
title	CentOS 6 / 7 : gdk-pixbuf2 (CESA-2015:1694)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2702-2.NASL
description	USN-2702-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubufox. Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, Chris Coulson, and Eric Rahm discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4473, CVE-2015-4474) Aki Helin discovered an out-of-bounds read when playing malformed MP3 content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4475) A use-after-free was discovered during MediaStream playback in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-4477) Andre Bargull discovered that non-configurable properties on JavaScript objects could be redefined when parsing JSON. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-4478) Multiple integer overflows were discovered in libstagefright. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4479, CVE-2015-4480, CVE-2015-4493) Jukka Jylanki discovered a crash that occurs because JavaScript does not properly gate access to Atomics or SharedArrayBuffers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-4484) Abhishek Arya discovered 2 buffer overflows in libvpx when decoding malformed WebM content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4485, CVE-2015-4486) Ronald Crane reported 3 security issues. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these, in combination with another security vulnerability, to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4487, CVE-2015-4488, CVE-2015-4489) Christoph Kerschbaumer discovered an issue with Mozilla
last seen	2020-06-01
modified	2020-06-02
plugin id	85345
published	2015-08-12
reporter	Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85345
title	Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : ubufox update (USN-2702-2)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1787-1.NASL
description	gtk2 was updated to fix two security issues. These security issues were fixed : - CVE-2015-4491: Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, allowed remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that were mishandled during scaling (bsc#942801). - CVE-2015-7674: Fix overflow when scaling GIF files (bsc#948791). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	86536
published	2015-10-22
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/86536
title	SUSE SLED11 / SLES11 Security Update : gtk2 (SUSE-SU-2015:1787-1)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20150811_FIREFOX_ON_SL5_X.NASL
description	Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478, CVE-2015-4479, CVE-2015-4480, CVE-2015-4493, CVE-2015-4484, CVE-2015-4491, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4492) After installing the update, Firefox must be restarted for the changes to take effect.
last seen	2020-03-18
modified	2015-08-12
plugin id	85343
published	2015-08-12
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85343
title	Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20150811)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1449-1.NASL
description	Mozilla Firefox is being updated to the current Firefox 38ESR branch (specifically the 38.2.0ESR release). Security issues fixed : - MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file stealing via PDF reader - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file - MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable JavaScript object properties - MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright - MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in JavaScript - MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489: Vulnerabilities found through code inspection - MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with shared workers The following vulnerabilities were fixed in ESR31 and are also included here : - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/ CVE-2015-2738/CVE-2 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). This update also contains a lot of feature improvements and bug fixes from 31ESR to 38ESR. Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which is what Firefox 38ESR uses. Mozilla Firefox and mozilla-nss were updated to fix 17 security issues. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-31
modified	2015-09-01
plugin id	85721
published	2015-09-01
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85721
title	SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1449-1) (Logjam)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2702-1.NASL
description	Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, Chris Coulson, and Eric Rahm discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4473, CVE-2015-4474) Aki Helin discovered an out-of-bounds read when playing malformed MP3 content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4475) A use-after-free was discovered during MediaStream playback in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-4477) Andre Bargull discovered that non-configurable properties on JavaScript objects could be redefined when parsing JSON. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-4478) Multiple integer overflows were discovered in libstagefright. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4479, CVE-2015-4480, CVE-2015-4493) Jukka Jylanki discovered a crash that occurs because JavaScript does not properly gate access to Atomics or SharedArrayBuffers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-4484) Abhishek Arya discovered 2 buffer overflows in libvpx when decoding malformed WebM content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4485, CVE-2015-4486) Ronald Crane reported 3 security issues. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these, in combination with another security vulnerability, to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4487, CVE-2015-4488, CVE-2015-4489) Christoph Kerschbaumer discovered an issue with Mozilla
last seen	2020-06-01
modified	2020-06-02
plugin id	85344
published	2015-08-12
reporter	Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85344
title	Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : firefox vulnerabilities (USN-2702-1)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2015-1682.NASL
description	From Red Hat Security Advisory 2015:1682 : An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message because JavaScript is disabled by default for mail messages. However, they could be exploited in other ways in Thunderbird (for example, by viewing the full remote content of an RSS feed). Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen, Gustavo Grieco, and Ronald Crane as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 38.2. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 38.2, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
last seen	2020-05-31
modified	2015-08-26
plugin id	85642
published	2015-08-26
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85642
title	Oracle Linux 6 / 7 : thunderbird (ELSA-2015-1682)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2015-1694.NASL
description	From Red Hat Security Advisory 2015:1694 : Updated gdk-pixbuf2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bitmap format images. An attacker could use a specially crafted BMP image file that, when processed by an application compiled against the gdk-pixbuf library, would cause that application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2015-4491) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gustavo Grieco as the original reporter. All gdk-pixbuf2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	85710
published	2015-09-01
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85710
title	Oracle Linux 6 / 7 : gdk-pixbuf2 (ELSA-2015-1694)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1528-1.NASL
description	Mozilla Firefox is being updated to the current Firefox 38ESR branch (specifically the 38.2.0ESR release). Security issues fixed : - MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file stealing via PDF reader - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file - MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable JavaScript object properties - MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright - MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in JavaScript - MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489: Vulnerabilities found through code inspection - MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with shared workers This update also contains a lot of feature improvements and bug fixes from 31ESR to 38ESR. Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which is what Firefox 38ESR uses. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	85906
published	2015-09-11
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85906
title	SUSE SLED11 / SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1528-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-2195-1.NASL
description	The gdk pixbuf library was updated to fix three security issues. These security issues were fixed : - CVE-2015-7673: Fix some more overflows scaling a gif (bsc#948791) - CVE-2015-4491: Check for overflow before allocating memory when scaling (bsc#942801) - CVE-2015-7673: Fix an overflow and DoS when scaling TGA files (bsc#948790). - CVE-2015-7674: Fix overflow when scaling GIF files(bsc#948791). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	87215
published	2015-12-07
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87215
title	SUSE SLED12 / SLES12 Security Update : gdk-pixbuf (SUSE-SU-2015:2195-1)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3337.NASL
description	Gustavo Grieco discovered a heap overflow in the processing of BMP images which may result in the execution of arbitrary code if a malformed image is opened.
last seen	2020-06-01
modified	2020-06-02
plugin id	85517
published	2015-08-19
reporter	This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85517
title	Debian DSA-3337-1 : gdk-pixbuf - security update

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2015-14011.NASL
description	Security fix for CVE-2015-4491 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2015-09-08
plugin id	85819
published	2015-09-08
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/85819
title	Fedora 22 : mingw-gdk-pixbuf-2.31.6-1.fc22 (2015-14011)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2015-1682.NASL
description	An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message because JavaScript is disabled by default for mail messages. However, they could be exploited in other ways in Thunderbird (for example, by viewing the full remote content of an RSS feed). Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen, Gustavo Grieco, and Ronald Crane as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 38.2. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 38.2, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
last seen	2020-05-31
modified	2015-10-22
plugin id	86497
published	2015-10-22
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/86497
title	CentOS 5 / 6 / 7 : thunderbird (CESA-2015:1682)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-1586.NASL
description	Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478, CVE-2015-4479, CVE-2015-4480, CVE-2015-4493, CVE-2015-4484, CVE-2015-4491, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4492) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen, Aki Helin, Andre Bargull, Massimiliano Tomassoli, laf.intel, Massimiliano Tomassoli, Tyson Smith, Jukka Jylanki, Gustavo Grieco, Abhishek Arya, Ronald Crane, and Looben Yang as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.2 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
last seen	2020-05-31
modified	2015-08-12
plugin id	85342
published	2015-08-12
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85342
title	RHEL 5 / 6 / 7 : firefox (RHSA-2015:1586)

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2015-244-01.NASL
description	New gdk-pixbuf2 packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix a security issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	85725
published	2015-09-02
reporter	This script is Copyright (C) 2015 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/85725
title	Slackware 13.37 / 14.0 / 14.1 / current : gdk-pixbuf2 (SSA:2015-244-01)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1476-1.NASL
description	Mozilla Firefox was updated to version 38.2.1 ESR to fix several critical and non critical security vulnerabilities. - Firefox was updated to 38.2.1 ESR (bsc#943608) - MFSA 2015-94/CVE-2015-4497 (bsc#943557) Use-after-free when resizing canvas element during restyling - MFSA 2015-95/CVE-2015-4498 (bsc#943558) Add-on notification bypass through data URLs - Firefox was updated to 38.2.0 ESR (bsc#940806) - MFSA 2015-78/CVE-2015-4495 (bmo#1178058, bmo#1179262) Same origin violation and local file stealing via PDF reader - MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 (bmo#1143130, bmo#1161719, bmo#1177501, bmo#1181204, bmo#1184068, bmo#1188590, bmo#1146213, bmo#1178890, bmo#1182711) Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) - MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with malformed MP3 file - MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of non-configurable JavaScript object properties - MFSA 2015-83/CVE-2015-4479 (bmo#1185115, bmo#1144107, bmo#1170344, bmo#1186718) Overflow issues in libstagefright - MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared memory in JavaScript - MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 (bmo#1176270, bmo#1182723, bmo#1171603) Vulnerabilities found through code inspection - MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in XMLHttpRequest with shared workers Mozilla NSS switched the CKBI ABI from 1.98 to 2.4, which is what Firefox 38ESR uses. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	85763
published	2015-09-03
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85763
title	SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1476-1)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-1682.NASL
description	An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message because JavaScript is disabled by default for mail messages. However, they could be exploited in other ways in Thunderbird (for example, by viewing the full remote content of an RSS feed). Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen, Gustavo Grieco, and Ronald Crane as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 38.2. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 38.2, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
last seen	2020-05-31
modified	2015-08-26
plugin id	85645
published	2015-08-26
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85645
title	RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:1682)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201605-06.NASL
description	The remote host is affected by the vulnerability described in GLSA-201605-06 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impacts. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	91379
published	2016-05-31
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91379
title	GLSA-201605-06 : Mozilla Products: Multiple vulnerabilities (Logjam) (SLOTH)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-1694.NASL
description	Updated gdk-pixbuf2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bitmap format images. An attacker could use a specially crafted BMP image file that, when processed by an application compiled against the gdk-pixbuf library, would cause that application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2015-4491) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gustavo Grieco as the original reporter. All gdk-pixbuf2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	85717
published	2015-09-01
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85717
title	RHEL 6 / 7 : gdk-pixbuf2 (RHSA-2015:1694)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2722-1.NASL
description	Gustavo Grieco discovered that GDK-PixBuf incorrectly handled scaling bitmap images. If a user or automated system were tricked into opening a BMP image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	85660
published	2015-08-27
reporter	Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85660
title	Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : gdk-pixbuf vulnerability (USN-2722-1)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2015-548.NASL
description	- update to Firefox 40.0 (bnc#940806) - Added protection against unwanted software downloads - Suggested Tiles show sites of interest, based on categories from your recent browsing history - Hello allows adding a link to conversations to provide context on what the conversation will be about - New style for add-on manager based on the in-content preferences style - Improved scrolling, graphics, and video playback performance with off main thread compositing (GNU/Linux only) - Graphic blocklist mechanism improved: Firefox version ranges can be specified, limiting the number of devices blocked security fixes : - MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety hazards - MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with malformed MP3 file - MFSA 2015-81/CVE-2015-4477 (bmo#1179484) Use-after-free in MediaStream playback - MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of non-configurable JavaScript object properties - MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues in libstagefright - MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting through Mozilla Maintenance Service with hard links (only affected Windows) - MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with Updater and malicious MAR file (does not affect openSUSE RPM packages which do not ship the updater) - MFSA 2015-86/CVE-2015-4483 (bmo#1148732) Feed protocol with POST bypasses mixed content protections - MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared memory in JavaScript - MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection - MFSA 2015-91/CVE-2015-4490 (bmo#1086999) Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification - MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in XMLHttpRequest with shared workers - added mozilla-no-stdcxx-check.patch - removed obsolete patches - mozilla-add-glibcxx_use_cxx11_abi.patch - firefox-multilocale-chrome.patch - rebased patches - requires version 40 of the branding package - removed browser/searchplugins/ location as it
last seen	2020-06-05
modified	2015-08-17
plugin id	85437
published	2015-08-17
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/85437
title	openSUSE Security Update : MozillaFirefox (openSUSE-2015-548)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-2195-2.NASL
description	The gdk pixbuf library was updated to fix three security issues. These security issues were fixed : - CVE-2015-7673: Fix some more overflows scaling a gif (bsc#948791) - CVE-2015-4491: Check for overflow before allocating memory when scaling (bsc#942801) - CVE-2015-7673: Fix an overflow and DoS when scaling TGA files (bsc#948790). - CVE-2015-7674: Fix overflow when scaling GIF files(bsc#948791). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	87646
published	2015-12-29
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87646
title	SUSE SLED12 / SLES12 Security Update : gdk-pixbuf (SUSE-SU-2015:2195-2)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_C66A5632708A47278236D65B2D5B2739.NASL
description	The Mozilla Project reports : MFSA 2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) MFSA 2015-80 Out-of-bounds read with malformed MP3 file MFSA 2015-81 Use-after-free in MediaStream playback MFSA 2015-82 Redefinition of non-configurable JavaScript object properties MFSA 2015-83 Overflow issues in libstagefright MFSA 2015-84 Arbitrary file overwriting through Mozilla Maintenance Service with hard links MFSA 2015-85 Out-of-bounds write with Updater and malicious MAR file MFSA 2015-86 Feed protocol with POST bypasses mixed content protections MFSA 2015-87 Crash when using shared memory in JavaScript MFSA 2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images MFSA 2015-90 Vulnerabilities found through code inspection MFSA 2015-91 Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification MFSA 2015-92 Use-after-free in XMLHttpRequest with shared workers
last seen	2020-06-01
modified	2020-06-02
plugin id	85338
published	2015-08-12
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85338
title	FreeBSD : mozilla -- multiple vulnerabilities (c66a5632-708a-4727-8236-d65b2d5b2739)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2015-570.NASL
description	gdk-pixbuf was updated to version 2.31.6 to fix a secuirty vulnerability and several bugs. - Update to version 2.31.6 (boo#942801) : + Really fix bgo#752297. This is CVE-2015-4491. + Updated translations. - Update to version 2.31.5 : + Add support for g_autoptr for all object types (bgo#750497). + Avoid a possible divide-by-zero in the pixbuf loader (bgo#750440). + Remove gettext .pot file hack (bgo#743574). + Be more careful about integer overflow (bgo#752297). + Updated translations. - Drop README from docs as it is now empty. - Add generic www.gnome.org URL to silence a few lint warnings. - Update to version 2.31.4 : + SVGZ icons in notification GNOME3 (bgo#648815). + gdk_pixbuf_apply_embedded_orientation is not working (bgo#725582). + Updated translations. - Update to version 2.31.3 : + API changes: Revert an annotation change that broke bindings. + Build fixes : - Clean up configure - Fix Visual Studio build - Define MAP_ANONYMOUS when needed - Include gi18n-lib.h where needed + Updated translations. - Update to version 2.31.2 : + API changes : - Deprecate GdkPixdata. - Add gdk_pixbuf_get_options() helper to list set options. - Annotations fixes for various functions. - Remove incorrect info about area-prepared signal. + Image format support changes : - Flag multi-page TIFF files. - Fix memory usage for GIF animations, add note about minimum frame length. - Return an error for truncated PNG files. - Add density (DPI) support for JPEG, PNG and TIFF. - Fix reading CMYK JPEG files generated by Photoshop. - Allow saving 1-bit mono TIFF files as used in faxes. - Simplify loader names. - Fix loading GIF files when the first write is short. - Add progressive loading to ICNS files. - Add support for 256x256 ICO files. - Fix reading MS AMCap2 BMP files. + Other : - Honour requested depth in Xlib. - Special-case compositing/copying with no scaling. - Add relocation support to OSX and Linux. - Prefer gdk-pixbuf
last seen	2020-06-05
modified	2015-09-08
plugin id	85839
published	2015-09-08
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/85839
title	openSUSE Security Update : gdk-pixbuf (openSUSE-2015-570)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2015-1586.NASL
description	Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478, CVE-2015-4479, CVE-2015-4480, CVE-2015-4493, CVE-2015-4484, CVE-2015-4491, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4492) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen, Aki Helin, Andre Bargull, Massimiliano Tomassoli, laf.intel, Massimiliano Tomassoli, Tyson Smith, Jukka Jylanki, Gustavo Grieco, Abhishek Arya, Ronald Crane, and Looben Yang as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.2 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	85336
published	2015-08-12
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85336
title	CentOS 5 / 6 / 7 : firefox (CESA-2015:1586)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2015-1586.NASL
description	From Red Hat Security Advisory 2015:1586 : Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478, CVE-2015-4479, CVE-2015-4480, CVE-2015-4493, CVE-2015-4484, CVE-2015-4491, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4492) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen, Aki Helin, Andre Bargull, Massimiliano Tomassoli, laf.intel, Massimiliano Tomassoli, Tyson Smith, Jukka Jylanki, Gustavo Grieco, Abhishek Arya, Ronald Crane, and Looben Yang as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.2 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
last seen	2020-05-31
modified	2015-08-12
plugin id	85339
published	2015-08-12
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85339
title	Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-1586)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2015-13926.NASL
description	Security fix for CVE-2015-4491 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2015-09-08
plugin id	85817
published	2015-09-08
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/85817
title	Fedora 21 : gdk-pixbuf2-2.31.6-1.fc21 (2015-13926)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2018-846.NASL
description	This update for gdk-pixbuf fixes the following issues : Security issue fixed : - CVE-2015-4491: Fix integer multiplication overflow that allows for DoS or potentially RCE (bsc#1053417). This update was imported from the SUSE:SLE-12-SP2:Update update project.
last seen	2020-06-05
modified	2018-08-10
plugin id	111627
published	2018-08-10
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/111627
title	openSUSE Security Update : gdk-pixbuf (openSUSE-2018-846)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-2081-1.NASL
description	MozillaFirefox ESR was updated to version 38.4.0ESR to fix multiple security issues. MFSA 2015-116/CVE-2015-4513 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4) MFSA 2015-122/CVE-2015-7188 Trailing whitespace in IP address hostnames can bypass same-origin policy MFSA 2015-123/CVE-2015-7189 Buffer overflow during image interactions in canvas MFSA 2015-127/CVE-2015-7193 CORS preflight is bypassed when non-standard Content-Type headers are received MFSA 2015-128/CVE-2015-7194 Memory corruption in libjar through zip files MFSA 2015-130/CVE-2015-7196 JavaScript garbage collection crash with Java applet MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 Vulnerabilities found through code inspection MFSA 2015-132/CVE-2015-7197 Mixed content WebSocket policy bypass through workers MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 NSS and NSPR memory corruption issues It also includes fixes from 38.3.0ESR : MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection It also includes fixes from the Firefox 38.2.1ESR release : MFSA 2015-94/CVE-2015-4497 (bsc#943557) Use-after-free when resizing canvas element during restyling MFSA 2015-95/CVE-2015-4498 (bsc#943558) Add-on notification bypass through data URLs It also includes fixes from the Firefox 38.2.0ESR release : MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) MFSA 2015-80/CVE-2015-4475 Out-of-bounds read with malformed MP3 file MFSA 2015-82/CVE-2015-4478 Redefinition of non-configurable JavaScript object properties MFSA 2015-83/CVE-2015-4479 Overflow issues in libstagefright MFSA 2015-87/CVE-2015-4484 Crash when using shared memory in JavaScript MFSA 2015-88/CVE-2015-4491 Heap overflow in gdk-pixbuf when scaling bitmap images MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 Buffer overflows on Libvpx when decoding WebM video MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection MFSA 2015-92/CVE-2015-4492 Use-after-free in XMLHttpRequest with shared workers Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	87063
published	2015-11-25
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87063
title	SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2015:2081-1)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2015-14010.NASL
description	Security fix for CVE-2015-4491 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2015-09-08
plugin id	85818
published	2015-09-08
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/85818
title	Fedora 21 : mingw-gdk-pixbuf-2.31.6-1.fc21 (2015-14010)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201512-05.NASL
description	The remote host is affected by the vulnerability described in GLSA-201512-05 (gdk-pixbuf: Multiple Vulnerabilities) Three heap-based buffer overflow vulnerabilities have been discovered in gdk-pixbuf. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted image file with an application linked against gdk-pixbuf, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	87546
published	2015-12-22
reporter	This script is Copyright (C) 2015 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/87546
title	GLSA-201512-05 : gdk-pixbuf: Multiple Vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-2145-1.NASL
description	This update for gdk-pixbuf fixes the following issues: Security issue fixed : - CVE-2015-4491: Fix integer multiplication overflow that allows for DoS or potentially RCE (bsc#1053417). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	111506
published	2018-08-02
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/111506
title	SUSE SLED12 / SLES12 Security Update : gdk-pixbuf (SUSE-SU-2018:2145-1)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2015-13925.NASL
description	Security fix for CVE-2015-4491 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2015-09-08
plugin id	85816
published	2015-09-08
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/85816
title	Fedora 22 : gdk-pixbuf2-2.31.6-1.fc22 (2015-13925)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2015-558.NASL
description	This update to Thunderbird 38.2.0 fixes the following issues (bnc#940806) : - MFSA 2015-79/CVE-2015-4473 Miscellaneous memory safety hazards - MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with malformed MP3 file - MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of non-configurable JavaScript object properties - MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues in libstagefright - MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting through Mozilla Maintenance Service with hard links (only affected Windows) - MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with Updater and malicious MAR file (does not affect openSUSE RPM packages which do not ship the updater) - MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared memory in JavaScript - MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection - MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in XMLHttpRequest with shared workers
last seen	2020-06-05
modified	2015-08-31
plugin id	85702
published	2015-08-31
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/85702
title	openSUSE Security Update : MozillaThunderbird (openSUSE-2015-558)

Redhat

advisories

bugzilla

id	1252293
title	CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-90)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005
comment thunderbird is earlier than 0:38.2.0-4.el5_11
oval oval:com.redhat.rhsa:tst:20151682001
comment thunderbird is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070108002

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003
comment thunderbird is earlier than 0:38.2.0-4.el6_7
oval oval:com.redhat.rhsa:tst:20151682004
comment thunderbird is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100896002

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027
comment thunderbird is earlier than 0:38.2.0-1.el7_1
oval oval:com.redhat.rhsa:tst:20151682007
comment thunderbird is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100896002

rhsa

id	RHSA-2015:1682
released	2015-08-25
severity	Important
title	RHSA-2015:1682: thunderbird security update (Important)

bugzilla

id	1252290
title	CVE-2015-4491 Mozilla: Heap overflow in gdk-pixbuf when scaling bitmap images (MFSA 2015-88)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment gdk-pixbuf2-devel is earlier than 0:2.24.1-6.el6_7
oval oval:com.redhat.rhsa:tst:20151694001
comment gdk-pixbuf2-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152116100

AND
comment gdk-pixbuf2 is earlier than 0:2.24.1-6.el6_7
oval oval:com.redhat.rhsa:tst:20151694003
comment gdk-pixbuf2 is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152116098

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment gdk-pixbuf2-devel is earlier than 0:2.28.2-5.el7_1
oval oval:com.redhat.rhsa:tst:20151694006
comment gdk-pixbuf2-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152116100

AND
comment gdk-pixbuf2 is earlier than 0:2.28.2-5.el7_1
oval oval:com.redhat.rhsa:tst:20151694007
comment gdk-pixbuf2 is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152116098

rhsa

id	RHSA-2015:1694
released	2015-08-31
severity	Moderate
title	RHSA-2015:1694: gdk-pixbuf2 security update (Moderate)

rhsa
id RHSA-2015:1586

rpms

firefox-0:38.2.0-4.ael7b_1
firefox-0:38.2.0-4.el5_11
firefox-0:38.2.0-4.el6_7
firefox-0:38.2.0-4.el7_1
firefox-debuginfo-0:38.2.0-4.ael7b_1
firefox-debuginfo-0:38.2.0-4.el5_11
firefox-debuginfo-0:38.2.0-4.el6_7
firefox-debuginfo-0:38.2.0-4.el7_1
thunderbird-0:38.2.0-1.ael7b_1
thunderbird-0:38.2.0-1.el7_1
thunderbird-0:38.2.0-4.el5_11
thunderbird-0:38.2.0-4.el6_7
thunderbird-debuginfo-0:38.2.0-1.ael7b_1
thunderbird-debuginfo-0:38.2.0-1.el7_1
thunderbird-debuginfo-0:38.2.0-4.el5_11
thunderbird-debuginfo-0:38.2.0-4.el6_7
gdk-pixbuf2-0:2.24.1-6.el6_7
gdk-pixbuf2-0:2.28.2-5.ael7b_1
gdk-pixbuf2-0:2.28.2-5.el7_1
gdk-pixbuf2-debuginfo-0:2.24.1-6.el6_7
gdk-pixbuf2-debuginfo-0:2.28.2-5.ael7b_1
gdk-pixbuf2-debuginfo-0:2.28.2-5.el7_1
gdk-pixbuf2-devel-0:2.24.1-6.el6_7
gdk-pixbuf2-devel-0:2.28.2-5.ael7b_1
gdk-pixbuf2-devel-0:2.28.2-5.el7_1

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Redhat

References