Vulnerabilities > CVE-2015-4511 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Firefox ESR

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
mozilla
CWE-119
nessus

Summary

Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video.

Vulnerable Configurations

Part Description Count
Application
Mozilla
300

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1680-1.NASL
    descriptionMozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. - MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) - MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video - MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video - MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content - MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects - MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers - MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection More details can be found on https://www.mozilla.org/en-US/security/advisories/ The Mozilla NSPR library was updated to version 4.10.9, fixing various bugs. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86307
    published2015-10-07
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86307
    titleSUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr (SUSE-SU-2015:1680-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2015:1680-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86307);
      script_version("2.10");
      script_cvs_date("Date: 2019/09/11 11:22:12");
    
      script_cve_id("CVE-2015-4500", "CVE-2015-4501", "CVE-2015-4506", "CVE-2015-4509", "CVE-2015-4511", "CVE-2015-4517", "CVE-2015-4519", "CVE-2015-4520", "CVE-2015-4521", "CVE-2015-4522", "CVE-2015-7174", "CVE-2015-7175", "CVE-2015-7176", "CVE-2015-7177", "CVE-2015-7180");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr (SUSE-SU-2015:1680-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing
    bugs and security issues.
    
      - MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous
        memory safety hazards (rv:41.0 / rv:38.3)
    
      - MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx
        while parsing vp9 format video
    
      - MFSA 2015-105/CVE-2015-4511 Buffer overflow while
        decoding WebM video
    
      - MFSA 2015-106/CVE-2015-4509 Use-after-free while
        manipulating HTML media content
    
      - MFSA 2015-110/CVE-2015-4519 Dragging and dropping images
        exposes final URL after redirects
    
      - MFSA 2015-111/CVE-2015-4520 Errors in the handling of
        CORS preflight request headers
    
      - MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522
        CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177
        CVE-2015-7180 Vulnerabilities found through code
        inspection
    
    More details can be found on
    https://www.mozilla.org/en-US/security/advisories/
    
    The Mozilla NSPR library was updated to version 4.10.9, fixing various
    bugs.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=947003"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4500/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4501/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4506/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4509/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4511/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4517/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4519/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4520/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4521/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4522/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7174/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7175/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7176/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7177/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7180/"
      );
      # https://www.suse.com/support/update/announcement/2015/suse-su-20151680-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?21beff97"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12 :
    
    zypper in -t patch SUSE-SLE-SDK-12-2015-640=1
    
    SUSE Linux Enterprise Server 12 :
    
    zypper in -t patch SUSE-SLE-SERVER-12-2015-640=1
    
    SUSE Linux Enterprise Desktop 12 :
    
    zypper in -t patch SUSE-SLE-DESKTOP-12-2015-640=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nspr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nspr-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nspr-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/09/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-38.3.0esr-48.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-debuginfo-38.3.0esr-48.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-debugsource-38.3.0esr-48.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-translations-38.3.0esr-48.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nspr-4.10.9-6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nspr-debuginfo-4.10.9-6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nspr-debugsource-4.10.9-6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nspr-32bit-4.10.9-6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nspr-debuginfo-32bit-4.10.9-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"MozillaFirefox-38.3.0esr-48.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"MozillaFirefox-debuginfo-38.3.0esr-48.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"MozillaFirefox-debugsource-38.3.0esr-48.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"MozillaFirefox-translations-38.3.0esr-48.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mozilla-nspr-32bit-4.10.9-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mozilla-nspr-4.10.9-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mozilla-nspr-debuginfo-32bit-4.10.9-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mozilla-nspr-debuginfo-4.10.9-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mozilla-nspr-debugsource-4.10.9-6.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / mozilla-nspr");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-619.NASL
    descriptionMozillaFirefox was updated to Firefox 41.0 (bnc#947003) Security issues fixed : - MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards - MFSA 2015-97/CVE-2015-4503 (bmo#994337) Memory leak in mozTCPSocket to servers - MFSA 2015-98/CVE-2015-4504 (bmo#1132467) Out of bounds read in QCMS library with ICC V4 profile attributes - MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only) Site attribute spoofing on Android by pasting URL with unknown scheme - MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only) Arbitrary file manipulation by local user through Mozilla updater - MFSA 2015-101/CVE-2015-4506 (bmo#1192226) Buffer overflow in libvpx while parsing vp9 format video - MFSA 2015-102/CVE-2015-4507 (bmo#1192401) Crash when using debugger with SavedStacks in JavaScript - MFSA 2015-103/CVE-2015-4508 (bmo#1195976) URL spoofing in reader mode - MFSA 2015-104/CVE-2015-4510 (bmo#1200004) Use-after-free with shared workers and IndexedDB - MFSA 2015-105/CVE-2015-4511 (bmo#1200148) Buffer overflow while decoding WebM video - MFSA 2015-106/CVE-2015-4509 (bmo#1198435) Use-after-free while manipulating HTML media content - MFSA 2015-107/CVE-2015-4512 (bmo#1170390) Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems - MFSA 2015-108/CVE-2015-4502 (bmo#1105045) Scripted proxies can access inner window - MFSA 2015-109/CVE-2015-4516 (bmo#904886) JavaScript immutable property enforcement can be bypassed - MFSA 2015-110/CVE-2015-4519 (bmo#1189814) Dragging and dropping images exposes final URL after redirects - MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869) Errors in the handling of CORS preflight request headers - MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/ CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/ CVE-2015-7180 Vulnerabilities found through code inspection - MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860, bmo#1190526) (Windows only) Memory safety errors in libGLES in the ANGLE graphics library - MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only) Information disclosure via the High Resolution Time API
    last seen2020-06-05
    modified2015-10-02
    plugin id86238
    published2015-10-02
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86238
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-2015-619)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2015-619.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86238);
      script_version("2.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-4476", "CVE-2015-4500", "CVE-2015-4501", "CVE-2015-4502", "CVE-2015-4503", "CVE-2015-4504", "CVE-2015-4505", "CVE-2015-4506", "CVE-2015-4507", "CVE-2015-4508", "CVE-2015-4509", "CVE-2015-4510", "CVE-2015-4511", "CVE-2015-4512", "CVE-2015-4516", "CVE-2015-4517", "CVE-2015-4519", "CVE-2015-4520", "CVE-2015-4521", "CVE-2015-4522", "CVE-2015-7174", "CVE-2015-7175", "CVE-2015-7176", "CVE-2015-7177", "CVE-2015-7178", "CVE-2015-7179", "CVE-2015-7180");
    
      script_name(english:"openSUSE Security Update : MozillaFirefox (openSUSE-2015-619)");
      script_summary(english:"Check for the openSUSE-2015-619 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "MozillaFirefox was updated to Firefox 41.0 (bnc#947003)
    
    Security issues fixed :
    
      - MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous
        memory safety hazards
    
      - MFSA 2015-97/CVE-2015-4503 (bmo#994337) Memory leak in
        mozTCPSocket to servers
    
      - MFSA 2015-98/CVE-2015-4504 (bmo#1132467) Out of bounds
        read in QCMS library with ICC V4 profile attributes
    
      - MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only)
        Site attribute spoofing on Android by pasting URL with
        unknown scheme
    
      - MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
        Arbitrary file manipulation by local user through
        Mozilla updater
    
      - MFSA 2015-101/CVE-2015-4506 (bmo#1192226) Buffer
        overflow in libvpx while parsing vp9 format video
    
      - MFSA 2015-102/CVE-2015-4507 (bmo#1192401) Crash when
        using debugger with SavedStacks in JavaScript
    
      - MFSA 2015-103/CVE-2015-4508 (bmo#1195976) URL spoofing
        in reader mode
    
      - MFSA 2015-104/CVE-2015-4510 (bmo#1200004) Use-after-free
        with shared workers and IndexedDB
    
      - MFSA 2015-105/CVE-2015-4511 (bmo#1200148) Buffer
        overflow while decoding WebM video
    
      - MFSA 2015-106/CVE-2015-4509 (bmo#1198435) Use-after-free
        while manipulating HTML media content
    
      - MFSA 2015-107/CVE-2015-4512 (bmo#1170390) Out-of-bounds
        read during 2D canvas display on Linux 16-bit color
        depth systems
    
      - MFSA 2015-108/CVE-2015-4502 (bmo#1105045) Scripted
        proxies can access inner window
    
      - MFSA 2015-109/CVE-2015-4516 (bmo#904886) JavaScript
        immutable property enforcement can be bypassed
    
      - MFSA 2015-110/CVE-2015-4519 (bmo#1189814) Dragging and
        dropping images exposes final URL after redirects
    
      - MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
        Errors in the handling of CORS preflight request headers
    
      - MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
        CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
        CVE-2015-7180 Vulnerabilities found through code
        inspection
    
      - MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
        bmo#1190526) (Windows only) Memory safety errors in
        libGLES in the ANGLE graphics library
    
      - MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only)
        Information disclosure via the High Resolution Time API"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=947003"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected MozillaFirefox packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/09/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-41.0-88.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-branding-upstream-41.0-88.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-buildsymbols-41.0-88.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-debuginfo-41.0-88.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-debugsource-41.0-88.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-devel-41.0-88.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-translations-common-41.0-88.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-translations-other-41.0-88.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-41.0-44.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-branding-upstream-41.0-44.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-buildsymbols-41.0-44.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-debuginfo-41.0-44.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-debugsource-41.0-44.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-devel-41.0-44.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-translations-common-41.0-44.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-translations-other-41.0-44.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-upstream / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3365.NASL
    descriptionMultiple security issues have been found in Iceweasel, Debian
    last seen2020-06-01
    modified2020-06-02
    plugin id86107
    published2015-09-24
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86107
    titleDebian DSA-3365-1 : iceweasel - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-3365. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86107);
      script_version("2.6");
      script_cvs_date("Date: 2018/11/10 11:49:37");
    
      script_cve_id("CVE-2015-4500", "CVE-2015-4506", "CVE-2015-4509", "CVE-2015-4511", "CVE-2015-4517", "CVE-2015-4519", "CVE-2015-4520", "CVE-2015-4521", "CVE-2015-4522", "CVE-2015-7174", "CVE-2015-7175", "CVE-2015-7176", "CVE-2015-7177", "CVE-2015-7180");
      script_xref(name:"DSA", value:"3365");
    
      script_name(english:"Debian DSA-3365-1 : iceweasel - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple security issues have been found in Iceweasel, Debian's
    version of the Mozilla Firefox web browser: Multiple memory safety
    errors, integer overflows, buffer overflows, use-after-frees and other
    implementation errors may lead to the execution of arbitrary code,
    information disclosure or denial of service."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/iceweasel"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/iceweasel"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2015/dsa-3365"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the iceweasel packages.
    
    For the oldstable distribution (wheezy), these problems have been
    fixed in version 38.3.0esr-1~deb7u1.
    
    For the stable distribution (jessie), these problems have been fixed
    in version 38.3.0esr-1~deb8u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/09/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"iceweasel", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-dbg", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-dev", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ach", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-af", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-all", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-an", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ar", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-as", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ast", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-be", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-bg", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-bn-bd", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-bn-in", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-br", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-bs", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ca", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-cs", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-csb", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-cy", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-da", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-de", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-el", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-en-gb", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-en-za", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-eo", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-es-ar", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-es-cl", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-es-es", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-es-mx", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-et", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-eu", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-fa", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ff", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-fi", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-fr", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-fy-nl", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ga-ie", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-gd", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-gl", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-gu-in", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-he", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-hi-in", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-hr", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-hsb", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-hu", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-hy-am", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-id", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-is", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-it", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ja", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-kk", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-km", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-kn", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ko", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ku", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-lij", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-lt", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-lv", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-mai", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-mk", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ml", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-mr", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ms", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-nb-no", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-nl", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-nn-no", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-or", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-pa-in", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-pl", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-pt-br", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-pt-pt", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-rm", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ro", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ru", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-si", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-sk", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-sl", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-son", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-sq", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-sr", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-sv-se", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ta", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-te", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-th", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-tr", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-uk", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-vi", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-xh", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-zh-cn", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-zh-tw", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"iceweasel-l10n-zu", reference:"38.3.0esr-1~deb7u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-dbg", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-dev", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ach", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-af", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-all", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-an", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ar", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-as", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ast", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-be", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-bg", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-bn-bd", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-bn-in", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-br", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-bs", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ca", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-cs", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-csb", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-cy", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-da", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-de", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-el", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-en-gb", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-en-za", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-eo", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-es-ar", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-es-cl", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-es-es", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-es-mx", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-et", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-eu", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-fa", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ff", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-fi", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-fr", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-fy-nl", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ga-ie", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-gd", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-gl", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-gu-in", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-he", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-hi-in", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-hr", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-hsb", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-hu", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-hy-am", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-id", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-is", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-it", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ja", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-kk", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-km", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-kn", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ko", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ku", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-lij", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-lt", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-lv", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-mai", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-mk", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ml", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-mr", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ms", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-nb-no", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-nl", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-nn-no", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-or", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-pa-in", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-pl", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-pt-br", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-pt-pt", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-rm", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ro", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ru", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-si", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-sk", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-sl", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-son", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-sq", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-sr", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-sv-se", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ta", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-te", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-th", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-tr", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-uk", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-vi", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-xh", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-zh-cn", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-zh-tw", reference:"38.3.0esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-zu", reference:"38.3.0esr-1~deb8u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-1834.NASL
    descriptionFrom Red Hat Security Advisory 2015:1834 : Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Updated 25 August 2014] This erratum previously included an incorrect list of fixed issues. The issue list has been updated to reflect the CVEs that were fixed in this update. The firefox packages provided by this advisory have not been modified in any way. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-4500, CVE-2015-4506, CVE-2015-4509, CVE-2015-4511, CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180) Two information leak flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to disclose sensitive information or, in certain cases, crash. (CVE-2015-4519, CVE-2015-4520) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Khalil Zhani, Atte Kettunen, Ronald Crane, Mario Gomes, and Ehsan Akhgari as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.3.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2015-09-23
    plugin id86096
    published2015-09-23
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86096
    titleOracle Linux 5 / 6 / 7 : firefox (ELSA-2015-1834)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2015:1834 and 
    # Oracle Linux Security Advisory ELSA-2015-1834 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86096);
      script_version("2.9");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29");
    
      script_cve_id("CVE-2015-4500", "CVE-2015-4506", "CVE-2015-4509", "CVE-2015-4511", "CVE-2015-4517", "CVE-2015-4519", "CVE-2015-4520", "CVE-2015-4521", "CVE-2015-4522", "CVE-2015-7174", "CVE-2015-7175", "CVE-2015-7176", "CVE-2015-7177", "CVE-2015-7180");
      script_xref(name:"RHSA", value:"2015:1834");
    
      script_name(english:"Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-1834)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Oracle Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "From Red Hat Security Advisory 2015:1834 :
    
    Updated firefox packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 5, 6, and 7.
    
    Red Hat Product Security has rated this update as having Critical
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    [Updated 25 August 2014] This erratum previously included an incorrect
    list of fixed issues. The issue list has been updated to reflect the
    CVEs that were fixed in this update. The firefox packages provided by
    this advisory have not been modified in any way.
    
    Mozilla Firefox is an open source web browser. XULRunner provides the
    XUL Runtime environment for Mozilla Firefox.
    
    Several flaws were found in the processing of malformed web content. A
    web page containing malicious content could cause Firefox to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running Firefox. (CVE-2015-4500, CVE-2015-4506, CVE-2015-4509,
    CVE-2015-4511, CVE-2015-4517, CVE-2015-4521, CVE-2015-4522,
    CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177,
    CVE-2015-7180)
    
    Two information leak flaws were found in the processing of malformed
    web content. A web page containing malicious content could cause
    Firefox to disclose sensitive information or, in certain cases, crash.
    (CVE-2015-4519, CVE-2015-4520)
    
    Red Hat would like to thank the Mozilla project for reporting these
    issues. Upstream acknowledges Andrew Osmond, Olli Pettay, Andrew
    Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron
    McCormack, Khalil Zhani, Atte Kettunen, Ronald Crane, Mario Gomes, and
    Ehsan Akhgari as the original reporters of these issues.
    
    All Firefox users should upgrade to these updated packages, which
    contain Firefox version 38.3.0 ESR, which corrects these issues. After
    installing the update, Firefox must be restarted for the changes to
    take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2015-September/005412.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2015-September/005413.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2015-September/005433.html"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected firefox package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:firefox");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/09/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6 / 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL5", reference:"firefox-38.3.0-2.0.1.el5_11", allowmaj:TRUE)) flag++;
    
    if (rpm_check(release:"EL6", reference:"firefox-38.3.0-2.0.1.el6_7", allowmaj:TRUE)) flag++;
    
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"firefox-38.3.0-2.0.1.el7_1", allowmaj:TRUE)) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-632.NASL
    descriptionseamonkey was updated to fix 25 security issues. These security issues were fixed : - CVE-2015-4520: Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header (bsc#947003). - CVE-2015-4521: The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003). - CVE-2015-4522: The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an
    last seen2020-06-05
    modified2015-10-06
    plugin id86282
    published2015-10-06
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86282
    titleopenSUSE Security Update : seamonkey (openSUSE-2015-632)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2015-632.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86282);
      script_version("2.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-4500", "CVE-2015-4501", "CVE-2015-4502", "CVE-2015-4503", "CVE-2015-4504", "CVE-2015-4505", "CVE-2015-4506", "CVE-2015-4507", "CVE-2015-4509", "CVE-2015-4510", "CVE-2015-4511", "CVE-2015-4512", "CVE-2015-4516", "CVE-2015-4517", "CVE-2015-4519", "CVE-2015-4520", "CVE-2015-4521", "CVE-2015-4522", "CVE-2015-7174", "CVE-2015-7175", "CVE-2015-7176", "CVE-2015-7177", "CVE-2015-7178", "CVE-2015-7179", "CVE-2015-7180");
    
      script_name(english:"openSUSE Security Update : seamonkey (openSUSE-2015-632)");
      script_summary(english:"Check for the openSUSE-2015-632 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "seamonkey was updated to fix 25 security issues.
    
    These security issues were fixed :
    
      - CVE-2015-4520: Mozilla Firefox before 41.0 and Firefox
        ESR 38.x before 38.3 allowed remote attackers to bypass
        CORS preflight protection mechanisms by leveraging (1)
        duplicate cache-key generation or (2) retrieval of a
        value from an incorrect HTTP Access-Control-* response
        header (bsc#947003).
    
      - CVE-2015-4521: The ConvertDialogOptions function in
        Mozilla Firefox before 41.0 and Firefox ESR 38.x before
        38.3 might allowed remote attackers to cause a denial of
        service (memory corruption and application crash) or
        possibly have unspecified other impact via unknown
        vectors (bsc#947003).
    
      - CVE-2015-4522: The nsUnicodeToUTF8::GetMaxLength
        function in Mozilla Firefox before 41.0 and Firefox ESR
        38.x before 38.3 might allowed remote attackers to cause
        a denial of service (memory corruption and application
        crash) or possibly have unspecified other impact via
        unknown vectors, related to an 'overflow (bsc#947003).
    
      - CVE-2015-4502: js/src/proxy/Proxy.cpp in Mozilla Firefox
        before 41.0 mishandled certain receiver arguments, which
        allowed remote attackers to bypass intended window
        access restrictions via a crafted website (bsc#947003).
    
      - CVE-2015-4503: The TCP Socket API implementation in
        Mozilla Firefox before 41.0 mishandled array boundaries
        that were established with a navigator.mozTCPSocket.open
        method call and send method calls, which allowed remote
        TCP servers to obtain sensitive information from process
        memory by reading packet data, as demonstrated by
        availability of this API in a Firefox OS application
        (bsc#947003).
    
      - CVE-2015-4500: Multiple unspecified vulnerabilities in
        the browser engine in Mozilla Firefox before 41.0 and
        Firefox ESR 38.x before 38.3 allowed remote attackers to
        cause a denial of service (memory corruption and
        application crash) or possibly execute arbitrary code
        via unknown vectors (bsc#947003).
    
      - CVE-2015-4501: Multiple unspecified vulnerabilities in
        the browser engine in Mozilla Firefox before 41.0
        allowed remote attackers to cause a denial of service
        (memory corruption and application crash) or possibly
        execute arbitrary code via unknown vectors (bsc#947003).
    
      - CVE-2015-4506: Buffer overflow in the
        vp9_init_context_buffers function in libvpx, as used in
        Mozilla Firefox before 41.0 and Firefox ESR 38.x before
        38.3, allowed remote attackers to execute arbitrary code
        via a crafted VP9 file (bsc#947003).
    
      - CVE-2015-4507: The SavedStacks class in the JavaScript
        implementation in Mozilla Firefox before 41.0, when the
        Debugger API is enabled, allowed remote attackers to
        cause a denial of service (getSlotRef assertion failure
        and application exit) or possibly execute arbitrary code
        via a crafted website (bsc#947003).
    
      - CVE-2015-4504: The lut_inverse_interp16 function in the
        QCMS library in Mozilla Firefox before 41.0 allowed
        remote attackers to obtain sensitive information or
        cause a denial of service (buffer over-read and
        application crash) via crafted attributes in the ICC 4
        profile of an image (bsc#947003).
    
      - CVE-2015-4505: updater.exe in Mozilla Firefox before
        41.0 and Firefox ESR 38.x before 38.3 on Windows allowed
        local users to write to arbitrary files by conducting a
        junction attack and waiting for an update operation by
        the Mozilla Maintenance Service (bsc#947003).
    
      - CVE-2015-7180: The ReadbackResultWriterD3D11::Run
        function in Mozilla Firefox before 41.0 and Firefox ESR
        38.x before 38.3 misinterprets the return value of a
        function call, which might allowed remote attackers to
        cause a denial of service (memory corruption and
        application crash) or possibly have unspecified other
        impact via unknown vectors (bsc#947003).
    
      - CVE-2015-4509: Use-after-free vulnerability in the
        HTMLVideoElement interface in Mozilla Firefox before
        41.0 and Firefox ESR 38.x before 38.3 allowed remote
        attackers to execute arbitrary code via crafted
        JavaScript code that modifies the URI table of a media
        element, aka ZDI-CAN-3176 (bsc#947003).
    
      - CVE-2015-7178: The ProgramBinary::linkAttributes
        function in libGLES in ANGLE, as used in Mozilla Firefox
        before 41.0 and Firefox ESR 38.x before 38.3 on Windows,
        mishandles shader access, which allowed remote attackers
        to execute arbitrary code or cause a denial of service
        (memory corruption and application crash) via crafted
        (1) OpenGL or (2) WebGL content (bsc#947003).
    
      - CVE-2015-7179: The
        VertexBufferInterface::reserveVertexSpace function in
        libGLES in ANGLE, as used in Mozilla Firefox before 41.0
        and Firefox ESR 38.x before 38.3 on Windows, incorrectly
        allocates memory for shader attribute arrays, which
        allowed remote attackers to execute arbitrary code or
        cause a denial of service (buffer overflow and
        application crash) via crafted (1) OpenGL or (2) WebGL
        content (bsc#947003).
    
      - CVE-2015-7176: The AnimationThread function in Mozilla
        Firefox before 41.0 and Firefox ESR 38.x before 38.3
        used an incorrect argument to the sscanf function, which
        might allowed remote attackers to cause a denial of
        service (stack-based buffer overflow and application
        crash) or possibly have unspecified other impact via
        unknown vectors (bsc#947003).
    
      - CVE-2015-7177: The InitTextures function in Mozilla
        Firefox before 41.0 and Firefox ESR 38.x before 38.3
        might allowed remote attackers to cause a denial of
        service (memory corruption and application crash) or
        possibly have unspecified other impact via unknown
        vectors (bsc#947003).
    
      - CVE-2015-7174: The nsAttrAndChildArray::GrowBy function
        in Mozilla Firefox before 41.0 and Firefox ESR 38.x
        before 38.3 might allowed remote attackers to cause a
        denial of service (memory corruption and application
        crash) or possibly have unspecified other impact via
        unknown vectors, related to an 'overflow (bsc#947003).
    
      - CVE-2015-7175: The XULContentSinkImpl::AddText function
        in Mozilla Firefox before 41.0 and Firefox ESR 38.x
        before 38.3 might allowed remote attackers to cause a
        denial of service (memory corruption and application
        crash) or possibly have unspecified other impact via
        unknown vectors, related to an 'overflow (bsc#947003).
    
      - CVE-2015-4511: Heap-based buffer overflow in the
        nestegg_track_codec_data function in Mozilla Firefox
        before 41.0 and Firefox ESR 38.x before 38.3 allowed
        remote attackers to execute arbitrary code via a crafted
        header in a WebM video (bsc#947003).
    
      - CVE-2015-4510: Race condition in the
        WorkerPrivate::NotifyFeatures function in Mozilla
        Firefox before 41.0 allowed remote attackers to execute
        arbitrary code or cause a denial of service
        (use-after-free and application crash) by leveraging
        improper interaction between shared workers and the
        IndexedDB implementation (bsc#947003).
    
      - CVE-2015-4512: gfx/2d/DataSurfaceHelpers.cpp in Mozilla
        Firefox before 41.0 on Linux improperly attempts to use
        the Cairo library with 32-bit color-depth surface
        creation followed by 16-bit color-depth surface display,
        which allowed remote attackers to obtain sensitive
        information from process memory or cause a denial of
        service (out-of-bounds read) by using a CANVAS element
        to trigger 2D rendering (bsc#947003).
    
      - CVE-2015-4517: NetworkUtils.cpp in Mozilla Firefox
        before 41.0 and Firefox ESR 38.x before 38.3 might
        allowed remote attackers to cause a denial of service
        (memory corruption and application crash) or possibly
        have unspecified other impact via unknown vectors
        (bsc#947003).
    
      - CVE-2015-4516: Mozilla Firefox before 41.0 allowed
        remote attackers to bypass certain ECMAScript 5 (aka
        ES5) API protection mechanisms and modify immutable
        properties, and consequently execute arbitrary
        JavaScript code with chrome privileges, via a crafted
        web page that did not use ES5 APIs (bsc#947003).
    
      - CVE-2015-4519: Mozilla Firefox before 41.0 and Firefox
        ESR 38.x before 38.3 allowed user-assisted remote
        attackers to bypass intended access restrictions and
        discover a redirect's target URL via crafted JavaScript
        code that executes after a drag-and-drop action of an
        image into a TEXTBOX element (bsc#947003)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=935979"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=947003"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected seamonkey packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-irc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-other");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/10/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-2.38-56.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-debuginfo-2.38-56.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-debugsource-2.38-56.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-dom-inspector-2.38-56.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-irc-2.38-56.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-translations-common-2.38-56.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-translations-other-2.38-56.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-2.38-20.2") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-debuginfo-2.38-20.2") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-debugsource-2.38-20.2") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-dom-inspector-2.38-20.2") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-irc-2.38-20.2") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-translations-common-2.38-20.2") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-translations-other-2.38-20.2") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey / seamonkey-debuginfo / seamonkey-debugsource / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1834.NASL
    descriptionUpdated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Updated 25 August 2014] This erratum previously included an incorrect list of fixed issues. The issue list has been updated to reflect the CVEs that were fixed in this update. The firefox packages provided by this advisory have not been modified in any way. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-4500, CVE-2015-4506, CVE-2015-4509, CVE-2015-4511, CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180) Two information leak flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to disclose sensitive information or, in certain cases, crash. (CVE-2015-4519, CVE-2015-4520) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Khalil Zhani, Atte Kettunen, Ronald Crane, Mario Gomes, and Ehsan Akhgari as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.3.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2015-09-23
    plugin id86099
    published2015-09-23
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86099
    titleRHEL 5 / 6 / 7 : firefox (RHSA-2015:1834)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2015:1834. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86099);
      script_version("2.23");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29");
    
      script_cve_id("CVE-2015-4500", "CVE-2015-4506", "CVE-2015-4509", "CVE-2015-4511", "CVE-2015-4517", "CVE-2015-4519", "CVE-2015-4520", "CVE-2015-4521", "CVE-2015-4522", "CVE-2015-7174", "CVE-2015-7175", "CVE-2015-7176", "CVE-2015-7177", "CVE-2015-7180");
      script_xref(name:"RHSA", value:"2015:1834");
    
      script_name(english:"RHEL 5 / 6 / 7 : firefox (RHSA-2015:1834)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Updated firefox packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 5, 6, and 7.
    
    Red Hat Product Security has rated this update as having Critical
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    [Updated 25 August 2014] This erratum previously included an incorrect
    list of fixed issues. The issue list has been updated to reflect the
    CVEs that were fixed in this update. The firefox packages provided by
    this advisory have not been modified in any way.
    
    Mozilla Firefox is an open source web browser. XULRunner provides the
    XUL Runtime environment for Mozilla Firefox.
    
    Several flaws were found in the processing of malformed web content. A
    web page containing malicious content could cause Firefox to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running Firefox. (CVE-2015-4500, CVE-2015-4506, CVE-2015-4509,
    CVE-2015-4511, CVE-2015-4517, CVE-2015-4521, CVE-2015-4522,
    CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177,
    CVE-2015-7180)
    
    Two information leak flaws were found in the processing of malformed
    web content. A web page containing malicious content could cause
    Firefox to disclose sensitive information or, in certain cases, crash.
    (CVE-2015-4519, CVE-2015-4520)
    
    Red Hat would like to thank the Mozilla project for reporting these
    issues. Upstream acknowledges Andrew Osmond, Olli Pettay, Andrew
    Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron
    McCormack, Khalil Zhani, Atte Kettunen, Ronald Crane, Mario Gomes, and
    Ehsan Akhgari as the original reporters of these issues.
    
    All Firefox users should upgrade to these updated packages, which
    contain Firefox version 38.3.0 ESR, which corrects these issues. After
    installing the update, Firefox must be restarted for the changes to
    take effect."
      );
      # https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8b5eaff4"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2015:1834"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4500"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4509"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-7180"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4520"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4521"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4522"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4511"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4506"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4517"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-4519"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-7176"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-7177"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-7174"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-7175"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected firefox and / or firefox-debuginfo packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/09/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x / 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2015:1834";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", reference:"firefox-38.3.0-2.el5_11", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"firefox-debuginfo-38.3.0-2.el5_11", allowmaj:TRUE)) flag++;
    
    
      if (rpm_check(release:"RHEL6", reference:"firefox-38.3.0-2.el6_7", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL6", reference:"firefox-debuginfo-38.3.0-2.el6_7", allowmaj:TRUE)) flag++;
    
    
      if (rpm_check(release:"RHEL7", reference:"firefox-38.3.0-2.el7_1", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"firefox-debuginfo-38.3.0-2.el7_1", allowmaj:TRUE)) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / firefox-debuginfo");
      }
    }
    
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_41_0_0.NASL
    descriptionThe version of Firefox installed on the remote Windows host is prior to 41. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues to corrupt memory and execute arbitrary code. (CVE-2015-4500) - Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues to corrupt memory and execute arbitrary code. (CVE-2015-4501) - A flaw exists that allows scripted proxies to access the inner window. (CVE-2015-4502) - An out-of-bounds read issue exists in TCPSocket.js related to the sending of strings over TCPSocket. A remote attacker can exploit this disclose memory contents. (CVE-2015-4503) - An out-of-bounds read error exists in the QCMS color management library that is triggered when manipulating an image with specific attributes in its ICC V4 profile. A remote attacker can exploit this to cause a denial of service condition or to disclose sensitive information. (CVE-2015-4504) - A flaw exists in the Mozilla updater that allows a local attacker to replace arbitrary files on the system, resulting in the execution of arbitrary code. (CVE-2015-4505) - A buffer overflow condition exists in the libvpx component when parsing vp9 format video. A remote attacker can exploit this, via a specially crafted vp9 format video, to execute arbitrary code. (CVE-2015-4506) - A flaw exists in the debugger API that is triggered when using the debugger with SavedStacks in JavaScript. An attacker can exploit this to cause a denial of service condition. (CVE-2015-4507) - A flaw exists in reader mode that allows an attacker to spoof the URL displayed in the address bar. (CVE-2015-4508) - A user-after-free error exists when manipulating HTML media elements on a page during script manipulation of the URI table of these elements. An attacker can exploit this to cause a denial of service condition. (CVE-2015-4509) - A use-after-free error exists when using a shared worker with IndexedDB due to a race condition with the worker. A remote attacker can exploit this, via specially crafted content, to cause a denial of service condition. (CVE-2015-4510) - A buffer overflow condition exists in the nestegg library when decoding a WebM format video with maliciously formatted headers. An attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4511) - An out-of-bounds read error exists during 2D canvas rendering due to an issue in the cairo graphics library. An attacker can exploit this to read random memory, resulting in the disclosure of sensitive information. (CVE-2015-4512) - A security bypass vulnerability exists due to a flaw in Gecko
    last seen2020-06-01
    modified2020-06-02
    plugin id86071
    published2015-09-22
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86071
    titleFirefox < 41 Multiple Vulnerabilities
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_38_3_ESR.NASL
    descriptionThe version of Firefox ESR installed on the remote Windows host is prior to 38.3. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues to corrupt memory and execute arbitrary code. (CVE-2015-4500) - Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues to corrupt memory and execute arbitrary code. (CVE-2015-4501) - A flaw exists in the Mozilla updater that allows a local attacker to replace arbitrary files on the system, resulting in the execution of arbitrary code. (CVE-2015-4505) - A buffer overflow condition exists in the libvpx component when parsing vp9 format video. A remote attacker can exploit this, via a specially crafted vp9 format video, to execute arbitrary code. (CVE-2015-4506) - A user-after-free error exists when manipulating HTML media elements on a page during script manipulation of the URI table of these elements. An attacker can exploit this to cause a denial of service condition. (CVE-2015-4509) - A buffer overflow condition exists in the nestegg library when decoding a WebM format video with maliciously formatted headers. An attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4511) - A memory corruption issue exists in NetworkUtils.cpp. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-4517) - An information disclosure vulnerability exists due to a flaw that occurs when a previously loaded image on a page is dropped into content after a redirect, resulting in the redirected URL being available to scripts. (CVE-2015-4519) - Multiple security bypass vulnerabilities exist due to errors in the handling of CORS preflight request headers. (CVE-2015-4520) - A memory corruption issue exists in the ConvertDialogOptions() function. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-4521) - An overflow condition exists in the GetMaxLength() function. An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-4522) - An overflow condition exists in the GrowBy() function. An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7174) - An overflow condition exists in the AddText() function. An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7175) - A stack overflow condition exists in the AnimationThread() function due to a bad sscanf argument. An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7176) - A memory corruption issue exists in the InitTextures() function. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7177) - An out-of-bounds memory error exists in the linkAttributes() function when manipulating shaders. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7178) - An overflow condition exists in the reserveVertexSpace() function due to an insufficient allocation of memory for a shader attribute array. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7179) - A memory corruption issue exists in ReadbackResultWriterD3D11::Run due to mishandling of the return status. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7180)
    last seen2020-06-01
    modified2020-06-02
    plugin id86070
    published2015-09-22
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86070
    titleFirefox ESR < 38.3 Multiple Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2754-1.NASL
    descriptionAndrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, and Cameron McCormack discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-4500) Khalil Zhani discovered a buffer overflow when parsing VP9 content in some circumstances. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-4506) A use-after-free was discovered when manipulating HTML media content in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-4509) Atte Kettunen discovered a buffer overflow in the nestegg library when decoding WebM format video in some circumstances. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-4511) Ronald Crane reported multiple vulnerabilities. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180) Mario Gomes discovered that dragging and dropping an image after a redirect exposes the redirected URL to scripts. An attacker could potentially exploit this to obtain sensitive information. (CVE-2015-4519) Ehsan Akhgari discovered 2 issues with CORS preflight requests. An attacker could potentially exploit these to bypass CORS restrictions. (CVE-2015-4520). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86293
    published2015-10-06
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86293
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.04 : thunderbird vulnerabilities (USN-2754-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-631.NASL
    descriptionMozillaThunderbird was updated to fix 17 security issues. These security issues were fixed : - CVE-2015-4509: Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176 (bsc#947003). - CVE-2015-4520: Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header (bsc#947003). - CVE-2015-4521: The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003). - CVE-2015-4522: The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an
    last seen2020-06-05
    modified2015-10-06
    plugin id86281
    published2015-10-06
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86281
    titleopenSUSE Security Update : MozillaThunderbird (openSUSE-2015-631)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-1834.NASL
    descriptionUpdated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Updated 25 August 2014] This erratum previously included an incorrect list of fixed issues. The issue list has been updated to reflect the CVEs that were fixed in this update. The firefox packages provided by this advisory have not been modified in any way. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-4500, CVE-2015-4506, CVE-2015-4509, CVE-2015-4511, CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180) Two information leak flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to disclose sensitive information or, in certain cases, crash. (CVE-2015-4519, CVE-2015-4520) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Khalil Zhani, Atte Kettunen, Ronald Crane, Mario Gomes, and Ehsan Akhgari as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.3.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id86514
    published2015-10-22
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86514
    titleCentOS 5 / 6 / 7 : firefox (CESA-2015:1834)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-2081-1.NASL
    descriptionMozillaFirefox ESR was updated to version 38.4.0ESR to fix multiple security issues. MFSA 2015-116/CVE-2015-4513 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4) MFSA 2015-122/CVE-2015-7188 Trailing whitespace in IP address hostnames can bypass same-origin policy MFSA 2015-123/CVE-2015-7189 Buffer overflow during image interactions in canvas MFSA 2015-127/CVE-2015-7193 CORS preflight is bypassed when non-standard Content-Type headers are received MFSA 2015-128/CVE-2015-7194 Memory corruption in libjar through zip files MFSA 2015-130/CVE-2015-7196 JavaScript garbage collection crash with Java applet MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 Vulnerabilities found through code inspection MFSA 2015-132/CVE-2015-7197 Mixed content WebSocket policy bypass through workers MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 NSS and NSPR memory corruption issues It also includes fixes from 38.3.0ESR : MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection It also includes fixes from the Firefox 38.2.1ESR release : MFSA 2015-94/CVE-2015-4497 (bsc#943557) Use-after-free when resizing canvas element during restyling MFSA 2015-95/CVE-2015-4498 (bsc#943558) Add-on notification bypass through data URLs It also includes fixes from the Firefox 38.2.0ESR release : MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) MFSA 2015-80/CVE-2015-4475 Out-of-bounds read with malformed MP3 file MFSA 2015-82/CVE-2015-4478 Redefinition of non-configurable JavaScript object properties MFSA 2015-83/CVE-2015-4479 Overflow issues in libstagefright MFSA 2015-87/CVE-2015-4484 Crash when using shared memory in JavaScript MFSA 2015-88/CVE-2015-4491 Heap overflow in gdk-pixbuf when scaling bitmap images MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 Buffer overflows on Libvpx when decoding WebM video MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection MFSA 2015-92/CVE-2015-4492 Use-after-free in XMLHttpRequest with shared workers Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id87063
    published2015-11-25
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87063
    titleSUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2015:2081-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1703-1.NASL
    descriptionMozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. - MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) - MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video - MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video - MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content - MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects - MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers - MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection More details can be found on https://www.mozilla.org/en-US/security/advisories/ Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86341
    published2015-10-12
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86341
    titleSUSE SLED11 / SLES11 Security Update : MozillaFirefox (SUSE-SU-2015:1703-1)

Redhat

advisories
rhsa
idRHSA-2015:1834
rpms
  • firefox-0:38.3.0-2.ael7b_1
  • firefox-0:38.3.0-2.el5_11
  • firefox-0:38.3.0-2.el6_7
  • firefox-0:38.3.0-2.el7_1
  • firefox-debuginfo-0:38.3.0-2.ael7b_1
  • firefox-debuginfo-0:38.3.0-2.el5_11
  • firefox-debuginfo-0:38.3.0-2.el6_7
  • firefox-debuginfo-0:38.3.0-2.el7_1