Vulnerabilities > CVE-2015-4511 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1680-1.NASL description Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. - MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) - MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video - MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video - MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content - MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects - MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers - MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection More details can be found on https://www.mozilla.org/en-US/security/advisories/ The Mozilla NSPR library was updated to version 4.10.9, fixing various bugs. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 86307 published 2015-10-07 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86307 title SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr (SUSE-SU-2015:1680-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2015:1680-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(86307); script_version("2.10"); script_cvs_date("Date: 2019/09/11 11:22:12"); script_cve_id("CVE-2015-4500", "CVE-2015-4501", "CVE-2015-4506", "CVE-2015-4509", "CVE-2015-4511", "CVE-2015-4517", "CVE-2015-4519", "CVE-2015-4520", "CVE-2015-4521", "CVE-2015-4522", "CVE-2015-7174", "CVE-2015-7175", "CVE-2015-7176", "CVE-2015-7177", "CVE-2015-7180"); script_name(english:"SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr (SUSE-SU-2015:1680-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. - MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) - MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video - MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video - MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content - MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects - MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers - MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection More details can be found on https://www.mozilla.org/en-US/security/advisories/ The Mozilla NSPR library was updated to version 4.10.9, fixing various bugs. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=947003" ); script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4500/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4501/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4506/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4509/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4511/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4517/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4519/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4520/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4521/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4522/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-7174/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-7175/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-7176/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-7177/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-7180/" ); # https://www.suse.com/support/update/announcement/2015/suse-su-20151680-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?21beff97" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12 : zypper in -t patch SUSE-SLE-SDK-12-2015-640=1 SUSE Linux Enterprise Server 12 : zypper in -t patch SUSE-SLE-SERVER-12-2015-640=1 SUSE Linux Enterprise Desktop 12 : zypper in -t patch SUSE-SLE-DESKTOP-12-2015-640=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nspr-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nspr-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/24"); script_set_attribute(attribute:"patch_publication_date", value:"2015/09/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-38.3.0esr-48.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-debuginfo-38.3.0esr-48.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-debugsource-38.3.0esr-48.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-translations-38.3.0esr-48.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nspr-4.10.9-6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nspr-debuginfo-4.10.9-6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nspr-debugsource-4.10.9-6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nspr-32bit-4.10.9-6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nspr-debuginfo-32bit-4.10.9-6.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"MozillaFirefox-38.3.0esr-48.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"MozillaFirefox-debuginfo-38.3.0esr-48.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"MozillaFirefox-debugsource-38.3.0esr-48.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"MozillaFirefox-translations-38.3.0esr-48.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mozilla-nspr-32bit-4.10.9-6.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mozilla-nspr-4.10.9-6.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mozilla-nspr-debuginfo-32bit-4.10.9-6.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mozilla-nspr-debuginfo-4.10.9-6.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mozilla-nspr-debugsource-4.10.9-6.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / mozilla-nspr"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-619.NASL description MozillaFirefox was updated to Firefox 41.0 (bnc#947003) Security issues fixed : - MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards - MFSA 2015-97/CVE-2015-4503 (bmo#994337) Memory leak in mozTCPSocket to servers - MFSA 2015-98/CVE-2015-4504 (bmo#1132467) Out of bounds read in QCMS library with ICC V4 profile attributes - MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only) Site attribute spoofing on Android by pasting URL with unknown scheme - MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only) Arbitrary file manipulation by local user through Mozilla updater - MFSA 2015-101/CVE-2015-4506 (bmo#1192226) Buffer overflow in libvpx while parsing vp9 format video - MFSA 2015-102/CVE-2015-4507 (bmo#1192401) Crash when using debugger with SavedStacks in JavaScript - MFSA 2015-103/CVE-2015-4508 (bmo#1195976) URL spoofing in reader mode - MFSA 2015-104/CVE-2015-4510 (bmo#1200004) Use-after-free with shared workers and IndexedDB - MFSA 2015-105/CVE-2015-4511 (bmo#1200148) Buffer overflow while decoding WebM video - MFSA 2015-106/CVE-2015-4509 (bmo#1198435) Use-after-free while manipulating HTML media content - MFSA 2015-107/CVE-2015-4512 (bmo#1170390) Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems - MFSA 2015-108/CVE-2015-4502 (bmo#1105045) Scripted proxies can access inner window - MFSA 2015-109/CVE-2015-4516 (bmo#904886) JavaScript immutable property enforcement can be bypassed - MFSA 2015-110/CVE-2015-4519 (bmo#1189814) Dragging and dropping images exposes final URL after redirects - MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869) Errors in the handling of CORS preflight request headers - MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/ CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/ CVE-2015-7180 Vulnerabilities found through code inspection - MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860, bmo#1190526) (Windows only) Memory safety errors in libGLES in the ANGLE graphics library - MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only) Information disclosure via the High Resolution Time API last seen 2020-06-05 modified 2015-10-02 plugin id 86238 published 2015-10-02 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86238 title openSUSE Security Update : MozillaFirefox (openSUSE-2015-619) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2015-619. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(86238); script_version("2.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-4476", "CVE-2015-4500", "CVE-2015-4501", "CVE-2015-4502", "CVE-2015-4503", "CVE-2015-4504", "CVE-2015-4505", "CVE-2015-4506", "CVE-2015-4507", "CVE-2015-4508", "CVE-2015-4509", "CVE-2015-4510", "CVE-2015-4511", "CVE-2015-4512", "CVE-2015-4516", "CVE-2015-4517", "CVE-2015-4519", "CVE-2015-4520", "CVE-2015-4521", "CVE-2015-4522", "CVE-2015-7174", "CVE-2015-7175", "CVE-2015-7176", "CVE-2015-7177", "CVE-2015-7178", "CVE-2015-7179", "CVE-2015-7180"); script_name(english:"openSUSE Security Update : MozillaFirefox (openSUSE-2015-619)"); script_summary(english:"Check for the openSUSE-2015-619 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "MozillaFirefox was updated to Firefox 41.0 (bnc#947003) Security issues fixed : - MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards - MFSA 2015-97/CVE-2015-4503 (bmo#994337) Memory leak in mozTCPSocket to servers - MFSA 2015-98/CVE-2015-4504 (bmo#1132467) Out of bounds read in QCMS library with ICC V4 profile attributes - MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only) Site attribute spoofing on Android by pasting URL with unknown scheme - MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only) Arbitrary file manipulation by local user through Mozilla updater - MFSA 2015-101/CVE-2015-4506 (bmo#1192226) Buffer overflow in libvpx while parsing vp9 format video - MFSA 2015-102/CVE-2015-4507 (bmo#1192401) Crash when using debugger with SavedStacks in JavaScript - MFSA 2015-103/CVE-2015-4508 (bmo#1195976) URL spoofing in reader mode - MFSA 2015-104/CVE-2015-4510 (bmo#1200004) Use-after-free with shared workers and IndexedDB - MFSA 2015-105/CVE-2015-4511 (bmo#1200148) Buffer overflow while decoding WebM video - MFSA 2015-106/CVE-2015-4509 (bmo#1198435) Use-after-free while manipulating HTML media content - MFSA 2015-107/CVE-2015-4512 (bmo#1170390) Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems - MFSA 2015-108/CVE-2015-4502 (bmo#1105045) Scripted proxies can access inner window - MFSA 2015-109/CVE-2015-4516 (bmo#904886) JavaScript immutable property enforcement can be bypassed - MFSA 2015-110/CVE-2015-4519 (bmo#1189814) Dragging and dropping images exposes final URL after redirects - MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869) Errors in the handling of CORS preflight request headers - MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/ CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/ CVE-2015-7180 Vulnerabilities found through code inspection - MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860, bmo#1190526) (Windows only) Memory safety errors in libGLES in the ANGLE graphics library - MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only) Information disclosure via the High Resolution Time API" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=947003" ); script_set_attribute( attribute:"solution", value:"Update the affected MozillaFirefox packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"patch_publication_date", value:"2015/09/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-41.0-88.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-branding-upstream-41.0-88.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-buildsymbols-41.0-88.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-debuginfo-41.0-88.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-debugsource-41.0-88.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-devel-41.0-88.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-translations-common-41.0-88.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-translations-other-41.0-88.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-41.0-44.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-branding-upstream-41.0-44.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-buildsymbols-41.0-44.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-debuginfo-41.0-44.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-debugsource-41.0-44.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-devel-41.0-44.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-translations-common-41.0-44.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-translations-other-41.0-44.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-upstream / etc"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3365.NASL description Multiple security issues have been found in Iceweasel, Debian last seen 2020-06-01 modified 2020-06-02 plugin id 86107 published 2015-09-24 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86107 title Debian DSA-3365-1 : iceweasel - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-3365. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(86107); script_version("2.6"); script_cvs_date("Date: 2018/11/10 11:49:37"); script_cve_id("CVE-2015-4500", "CVE-2015-4506", "CVE-2015-4509", "CVE-2015-4511", "CVE-2015-4517", "CVE-2015-4519", "CVE-2015-4520", "CVE-2015-4521", "CVE-2015-4522", "CVE-2015-7174", "CVE-2015-7175", "CVE-2015-7176", "CVE-2015-7177", "CVE-2015-7180"); script_xref(name:"DSA", value:"3365"); script_name(english:"Debian DSA-3365-1 : iceweasel - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, integer overflows, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service." ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/iceweasel" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/iceweasel" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2015/dsa-3365" ); script_set_attribute( attribute:"solution", value: "Upgrade the iceweasel packages. For the oldstable distribution (wheezy), these problems have been fixed in version 38.3.0esr-1~deb7u1. For the stable distribution (jessie), these problems have been fixed in version 38.3.0esr-1~deb8u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"patch_publication_date", value:"2015/09/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"iceweasel", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-dbg", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-dev", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ach", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-af", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-all", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-an", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ar", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-as", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ast", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-be", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-bg", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-bn-bd", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-bn-in", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-br", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-bs", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ca", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-cs", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-csb", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-cy", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-da", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-de", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-el", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-en-gb", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-en-za", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-eo", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-es-ar", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-es-cl", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-es-es", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-es-mx", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-et", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-eu", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-fa", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ff", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-fi", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-fr", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-fy-nl", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ga-ie", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-gd", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-gl", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-gu-in", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-he", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-hi-in", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-hr", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-hsb", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-hu", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-hy-am", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-id", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-is", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-it", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ja", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-kk", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-km", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-kn", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ko", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ku", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-lij", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-lt", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-lv", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-mai", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-mk", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ml", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-mr", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ms", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-nb-no", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-nl", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-nn-no", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-or", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-pa-in", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-pl", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-pt-br", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-pt-pt", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-rm", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ro", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ru", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-si", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-sk", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-sl", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-son", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-sq", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-sr", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-sv-se", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-ta", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-te", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-th", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-tr", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-uk", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-vi", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-xh", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-zh-cn", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-zh-tw", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"iceweasel-l10n-zu", reference:"38.3.0esr-1~deb7u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-dbg", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-dev", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ach", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-af", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-all", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-an", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ar", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-as", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ast", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-be", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-bg", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-bn-bd", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-bn-in", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-br", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-bs", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ca", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-cs", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-csb", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-cy", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-da", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-de", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-el", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-en-gb", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-en-za", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-eo", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-es-ar", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-es-cl", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-es-es", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-es-mx", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-et", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-eu", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-fa", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ff", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-fi", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-fr", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-fy-nl", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ga-ie", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-gd", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-gl", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-gu-in", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-he", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-hi-in", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-hr", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-hsb", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-hu", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-hy-am", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-id", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-is", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-it", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ja", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-kk", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-km", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-kn", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ko", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ku", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-lij", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-lt", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-lv", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-mai", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-mk", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ml", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-mr", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ms", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-nb-no", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-nl", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-nn-no", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-or", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-pa-in", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-pl", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-pt-br", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-pt-pt", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-rm", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ro", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ru", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-si", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-sk", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-sl", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-son", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-sq", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-sr", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-sv-se", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ta", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-te", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-th", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-tr", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-uk", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-vi", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-xh", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-zh-cn", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-zh-tw", reference:"38.3.0esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-zu", reference:"38.3.0esr-1~deb8u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-1834.NASL description From Red Hat Security Advisory 2015:1834 : Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Updated 25 August 2014] This erratum previously included an incorrect list of fixed issues. The issue list has been updated to reflect the CVEs that were fixed in this update. The firefox packages provided by this advisory have not been modified in any way. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-4500, CVE-2015-4506, CVE-2015-4509, CVE-2015-4511, CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180) Two information leak flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to disclose sensitive information or, in certain cases, crash. (CVE-2015-4519, CVE-2015-4520) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Khalil Zhani, Atte Kettunen, Ronald Crane, Mario Gomes, and Ehsan Akhgari as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.3.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-05-31 modified 2015-09-23 plugin id 86096 published 2015-09-23 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86096 title Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-1834) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:1834 and # Oracle Linux Security Advisory ELSA-2015-1834 respectively. # include("compat.inc"); if (description) { script_id(86096); script_version("2.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29"); script_cve_id("CVE-2015-4500", "CVE-2015-4506", "CVE-2015-4509", "CVE-2015-4511", "CVE-2015-4517", "CVE-2015-4519", "CVE-2015-4520", "CVE-2015-4521", "CVE-2015-4522", "CVE-2015-7174", "CVE-2015-7175", "CVE-2015-7176", "CVE-2015-7177", "CVE-2015-7180"); script_xref(name:"RHSA", value:"2015:1834"); script_name(english:"Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-1834)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2015:1834 : Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Updated 25 August 2014] This erratum previously included an incorrect list of fixed issues. The issue list has been updated to reflect the CVEs that were fixed in this update. The firefox packages provided by this advisory have not been modified in any way. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-4500, CVE-2015-4506, CVE-2015-4509, CVE-2015-4511, CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180) Two information leak flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to disclose sensitive information or, in certain cases, crash. (CVE-2015-4519, CVE-2015-4520) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Khalil Zhani, Atte Kettunen, Ronald Crane, Mario Gomes, and Ehsan Akhgari as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.3.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2015-September/005412.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2015-September/005413.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2015-September/005433.html" ); script_set_attribute( attribute:"solution", value:"Update the affected firefox package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:firefox"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/24"); script_set_attribute(attribute:"patch_publication_date", value:"2015/09/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6 / 7", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"firefox-38.3.0-2.0.1.el5_11", allowmaj:TRUE)) flag++; if (rpm_check(release:"EL6", reference:"firefox-38.3.0-2.0.1.el6_7", allowmaj:TRUE)) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"firefox-38.3.0-2.0.1.el7_1", allowmaj:TRUE)) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-632.NASL description seamonkey was updated to fix 25 security issues. These security issues were fixed : - CVE-2015-4520: Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header (bsc#947003). - CVE-2015-4521: The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003). - CVE-2015-4522: The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an last seen 2020-06-05 modified 2015-10-06 plugin id 86282 published 2015-10-06 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86282 title openSUSE Security Update : seamonkey (openSUSE-2015-632) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2015-632. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(86282); script_version("2.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-4500", "CVE-2015-4501", "CVE-2015-4502", "CVE-2015-4503", "CVE-2015-4504", "CVE-2015-4505", "CVE-2015-4506", "CVE-2015-4507", "CVE-2015-4509", "CVE-2015-4510", "CVE-2015-4511", "CVE-2015-4512", "CVE-2015-4516", "CVE-2015-4517", "CVE-2015-4519", "CVE-2015-4520", "CVE-2015-4521", "CVE-2015-4522", "CVE-2015-7174", "CVE-2015-7175", "CVE-2015-7176", "CVE-2015-7177", "CVE-2015-7178", "CVE-2015-7179", "CVE-2015-7180"); script_name(english:"openSUSE Security Update : seamonkey (openSUSE-2015-632)"); script_summary(english:"Check for the openSUSE-2015-632 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "seamonkey was updated to fix 25 security issues. These security issues were fixed : - CVE-2015-4520: Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header (bsc#947003). - CVE-2015-4521: The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003). - CVE-2015-4522: The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an 'overflow (bsc#947003). - CVE-2015-4502: js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandled certain receiver arguments, which allowed remote attackers to bypass intended window access restrictions via a crafted website (bsc#947003). - CVE-2015-4503: The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandled array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allowed remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application (bsc#947003). - CVE-2015-4500: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bsc#947003). - CVE-2015-4501: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bsc#947003). - CVE-2015-4506: Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allowed remote attackers to execute arbitrary code via a crafted VP9 file (bsc#947003). - CVE-2015-4507: The SavedStacks class in the JavaScript implementation in Mozilla Firefox before 41.0, when the Debugger API is enabled, allowed remote attackers to cause a denial of service (getSlotRef assertion failure and application exit) or possibly execute arbitrary code via a crafted website (bsc#947003). - CVE-2015-4504: The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allowed remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image (bsc#947003). - CVE-2015-4505: updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allowed local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service (bsc#947003). - CVE-2015-7180: The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003). - CVE-2015-4509: Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176 (bsc#947003). - CVE-2015-7178: The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content (bsc#947003). - CVE-2015-7179: The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted (1) OpenGL or (2) WebGL content (bsc#947003). - CVE-2015-7176: The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 used an incorrect argument to the sscanf function, which might allowed remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003). - CVE-2015-7177: The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003). - CVE-2015-7174: The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an 'overflow (bsc#947003). - CVE-2015-7175: The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an 'overflow (bsc#947003). - CVE-2015-4511: Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to execute arbitrary code via a crafted header in a WebM video (bsc#947003). - CVE-2015-4510: Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) by leveraging improper interaction between shared workers and the IndexedDB implementation (bsc#947003). - CVE-2015-4512: gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the Cairo library with 32-bit color-depth surface creation followed by 16-bit color-depth surface display, which allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) by using a CANVAS element to trigger 2D rendering (bsc#947003). - CVE-2015-4517: NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003). - CVE-2015-4516: Mozilla Firefox before 41.0 allowed remote attackers to bypass certain ECMAScript 5 (aka ES5) API protection mechanisms and modify immutable properties, and consequently execute arbitrary JavaScript code with chrome privileges, via a crafted web page that did not use ES5 APIs (bsc#947003). - CVE-2015-4519: Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element (bsc#947003)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=935979" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=947003" ); script_set_attribute( attribute:"solution", value:"Update the affected seamonkey packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-irc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-other"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"patch_publication_date", value:"2015/10/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-2.38-56.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-debuginfo-2.38-56.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-debugsource-2.38-56.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-dom-inspector-2.38-56.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-irc-2.38-56.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-translations-common-2.38-56.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"seamonkey-translations-other-2.38-56.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-2.38-20.2") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-debuginfo-2.38-20.2") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-debugsource-2.38-20.2") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-dom-inspector-2.38-20.2") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-irc-2.38-20.2") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-translations-common-2.38-20.2") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"seamonkey-translations-other-2.38-20.2") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey / seamonkey-debuginfo / seamonkey-debugsource / etc"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1834.NASL description Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Updated 25 August 2014] This erratum previously included an incorrect list of fixed issues. The issue list has been updated to reflect the CVEs that were fixed in this update. The firefox packages provided by this advisory have not been modified in any way. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-4500, CVE-2015-4506, CVE-2015-4509, CVE-2015-4511, CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180) Two information leak flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to disclose sensitive information or, in certain cases, crash. (CVE-2015-4519, CVE-2015-4520) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Khalil Zhani, Atte Kettunen, Ronald Crane, Mario Gomes, and Ehsan Akhgari as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.3.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-05-31 modified 2015-09-23 plugin id 86099 published 2015-09-23 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86099 title RHEL 5 / 6 / 7 : firefox (RHSA-2015:1834) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:1834. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(86099); script_version("2.23"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29"); script_cve_id("CVE-2015-4500", "CVE-2015-4506", "CVE-2015-4509", "CVE-2015-4511", "CVE-2015-4517", "CVE-2015-4519", "CVE-2015-4520", "CVE-2015-4521", "CVE-2015-4522", "CVE-2015-7174", "CVE-2015-7175", "CVE-2015-7176", "CVE-2015-7177", "CVE-2015-7180"); script_xref(name:"RHSA", value:"2015:1834"); script_name(english:"RHEL 5 / 6 / 7 : firefox (RHSA-2015:1834)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Updated 25 August 2014] This erratum previously included an incorrect list of fixed issues. The issue list has been updated to reflect the CVEs that were fixed in this update. The firefox packages provided by this advisory have not been modified in any way. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-4500, CVE-2015-4506, CVE-2015-4509, CVE-2015-4511, CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180) Two information leak flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to disclose sensitive information or, in certain cases, crash. (CVE-2015-4519, CVE-2015-4520) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Khalil Zhani, Atte Kettunen, Ronald Crane, Mario Gomes, and Ehsan Akhgari as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.3.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect." ); # https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/# script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8b5eaff4" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2015:1834" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-4500" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-4509" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-7180" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-4520" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-4521" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-4522" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-4511" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-4506" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-4517" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-4519" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-7176" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-7177" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-7174" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-7175" ); script_set_attribute( attribute:"solution", value:"Update the affected firefox and / or firefox-debuginfo packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/24"); script_set_attribute(attribute:"patch_publication_date", value:"2015/09/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x / 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2015:1834"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", reference:"firefox-38.3.0-2.el5_11", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL5", reference:"firefox-debuginfo-38.3.0-2.el5_11", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL6", reference:"firefox-38.3.0-2.el6_7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL6", reference:"firefox-debuginfo-38.3.0-2.el6_7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", reference:"firefox-38.3.0-2.el7_1", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", reference:"firefox-debuginfo-38.3.0-2.el7_1", allowmaj:TRUE)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / firefox-debuginfo"); } }
NASL family Windows NASL id MOZILLA_FIREFOX_41_0_0.NASL description The version of Firefox installed on the remote Windows host is prior to 41. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues to corrupt memory and execute arbitrary code. (CVE-2015-4500) - Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues to corrupt memory and execute arbitrary code. (CVE-2015-4501) - A flaw exists that allows scripted proxies to access the inner window. (CVE-2015-4502) - An out-of-bounds read issue exists in TCPSocket.js related to the sending of strings over TCPSocket. A remote attacker can exploit this disclose memory contents. (CVE-2015-4503) - An out-of-bounds read error exists in the QCMS color management library that is triggered when manipulating an image with specific attributes in its ICC V4 profile. A remote attacker can exploit this to cause a denial of service condition or to disclose sensitive information. (CVE-2015-4504) - A flaw exists in the Mozilla updater that allows a local attacker to replace arbitrary files on the system, resulting in the execution of arbitrary code. (CVE-2015-4505) - A buffer overflow condition exists in the libvpx component when parsing vp9 format video. A remote attacker can exploit this, via a specially crafted vp9 format video, to execute arbitrary code. (CVE-2015-4506) - A flaw exists in the debugger API that is triggered when using the debugger with SavedStacks in JavaScript. An attacker can exploit this to cause a denial of service condition. (CVE-2015-4507) - A flaw exists in reader mode that allows an attacker to spoof the URL displayed in the address bar. (CVE-2015-4508) - A user-after-free error exists when manipulating HTML media elements on a page during script manipulation of the URI table of these elements. An attacker can exploit this to cause a denial of service condition. (CVE-2015-4509) - A use-after-free error exists when using a shared worker with IndexedDB due to a race condition with the worker. A remote attacker can exploit this, via specially crafted content, to cause a denial of service condition. (CVE-2015-4510) - A buffer overflow condition exists in the nestegg library when decoding a WebM format video with maliciously formatted headers. An attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4511) - An out-of-bounds read error exists during 2D canvas rendering due to an issue in the cairo graphics library. An attacker can exploit this to read random memory, resulting in the disclosure of sensitive information. (CVE-2015-4512) - A security bypass vulnerability exists due to a flaw in Gecko last seen 2020-06-01 modified 2020-06-02 plugin id 86071 published 2015-09-22 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86071 title Firefox < 41 Multiple Vulnerabilities NASL family Windows NASL id MOZILLA_FIREFOX_38_3_ESR.NASL description The version of Firefox ESR installed on the remote Windows host is prior to 38.3. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues to corrupt memory and execute arbitrary code. (CVE-2015-4500) - Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues to corrupt memory and execute arbitrary code. (CVE-2015-4501) - A flaw exists in the Mozilla updater that allows a local attacker to replace arbitrary files on the system, resulting in the execution of arbitrary code. (CVE-2015-4505) - A buffer overflow condition exists in the libvpx component when parsing vp9 format video. A remote attacker can exploit this, via a specially crafted vp9 format video, to execute arbitrary code. (CVE-2015-4506) - A user-after-free error exists when manipulating HTML media elements on a page during script manipulation of the URI table of these elements. An attacker can exploit this to cause a denial of service condition. (CVE-2015-4509) - A buffer overflow condition exists in the nestegg library when decoding a WebM format video with maliciously formatted headers. An attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4511) - A memory corruption issue exists in NetworkUtils.cpp. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-4517) - An information disclosure vulnerability exists due to a flaw that occurs when a previously loaded image on a page is dropped into content after a redirect, resulting in the redirected URL being available to scripts. (CVE-2015-4519) - Multiple security bypass vulnerabilities exist due to errors in the handling of CORS preflight request headers. (CVE-2015-4520) - A memory corruption issue exists in the ConvertDialogOptions() function. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-4521) - An overflow condition exists in the GetMaxLength() function. An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-4522) - An overflow condition exists in the GrowBy() function. An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7174) - An overflow condition exists in the AddText() function. An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7175) - A stack overflow condition exists in the AnimationThread() function due to a bad sscanf argument. An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7176) - A memory corruption issue exists in the InitTextures() function. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7177) - An out-of-bounds memory error exists in the linkAttributes() function when manipulating shaders. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7178) - An overflow condition exists in the reserveVertexSpace() function due to an insufficient allocation of memory for a shader attribute array. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7179) - A memory corruption issue exists in ReadbackResultWriterD3D11::Run due to mishandling of the return status. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7180) last seen 2020-06-01 modified 2020-06-02 plugin id 86070 published 2015-09-22 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86070 title Firefox ESR < 38.3 Multiple Vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2754-1.NASL description Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, and Cameron McCormack discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-4500) Khalil Zhani discovered a buffer overflow when parsing VP9 content in some circumstances. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-4506) A use-after-free was discovered when manipulating HTML media content in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-4509) Atte Kettunen discovered a buffer overflow in the nestegg library when decoding WebM format video in some circumstances. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-4511) Ronald Crane reported multiple vulnerabilities. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180) Mario Gomes discovered that dragging and dropping an image after a redirect exposes the redirected URL to scripts. An attacker could potentially exploit this to obtain sensitive information. (CVE-2015-4519) Ehsan Akhgari discovered 2 issues with CORS preflight requests. An attacker could potentially exploit these to bypass CORS restrictions. (CVE-2015-4520). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 86293 published 2015-10-06 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86293 title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : thunderbird vulnerabilities (USN-2754-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-631.NASL description MozillaThunderbird was updated to fix 17 security issues. These security issues were fixed : - CVE-2015-4509: Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176 (bsc#947003). - CVE-2015-4520: Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header (bsc#947003). - CVE-2015-4521: The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003). - CVE-2015-4522: The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an last seen 2020-06-05 modified 2015-10-06 plugin id 86281 published 2015-10-06 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86281 title openSUSE Security Update : MozillaThunderbird (openSUSE-2015-631) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-1834.NASL description Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Updated 25 August 2014] This erratum previously included an incorrect list of fixed issues. The issue list has been updated to reflect the CVEs that were fixed in this update. The firefox packages provided by this advisory have not been modified in any way. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-4500, CVE-2015-4506, CVE-2015-4509, CVE-2015-4511, CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180) Two information leak flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to disclose sensitive information or, in certain cases, crash. (CVE-2015-4519, CVE-2015-4520) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Khalil Zhani, Atte Kettunen, Ronald Crane, Mario Gomes, and Ehsan Akhgari as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.3.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 86514 published 2015-10-22 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86514 title CentOS 5 / 6 / 7 : firefox (CESA-2015:1834) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-2081-1.NASL description MozillaFirefox ESR was updated to version 38.4.0ESR to fix multiple security issues. MFSA 2015-116/CVE-2015-4513 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4) MFSA 2015-122/CVE-2015-7188 Trailing whitespace in IP address hostnames can bypass same-origin policy MFSA 2015-123/CVE-2015-7189 Buffer overflow during image interactions in canvas MFSA 2015-127/CVE-2015-7193 CORS preflight is bypassed when non-standard Content-Type headers are received MFSA 2015-128/CVE-2015-7194 Memory corruption in libjar through zip files MFSA 2015-130/CVE-2015-7196 JavaScript garbage collection crash with Java applet MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 Vulnerabilities found through code inspection MFSA 2015-132/CVE-2015-7197 Mixed content WebSocket policy bypass through workers MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 NSS and NSPR memory corruption issues It also includes fixes from 38.3.0ESR : MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection It also includes fixes from the Firefox 38.2.1ESR release : MFSA 2015-94/CVE-2015-4497 (bsc#943557) Use-after-free when resizing canvas element during restyling MFSA 2015-95/CVE-2015-4498 (bsc#943558) Add-on notification bypass through data URLs It also includes fixes from the Firefox 38.2.0ESR release : MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) MFSA 2015-80/CVE-2015-4475 Out-of-bounds read with malformed MP3 file MFSA 2015-82/CVE-2015-4478 Redefinition of non-configurable JavaScript object properties MFSA 2015-83/CVE-2015-4479 Overflow issues in libstagefright MFSA 2015-87/CVE-2015-4484 Crash when using shared memory in JavaScript MFSA 2015-88/CVE-2015-4491 Heap overflow in gdk-pixbuf when scaling bitmap images MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 Buffer overflows on Libvpx when decoding WebM video MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection MFSA 2015-92/CVE-2015-4492 Use-after-free in XMLHttpRequest with shared workers Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 87063 published 2015-11-25 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87063 title SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2015:2081-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1703-1.NASL description Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. - MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) - MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video - MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video - MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content - MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects - MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers - MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection More details can be found on https://www.mozilla.org/en-US/security/advisories/ Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 86341 published 2015-10-12 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86341 title SUSE SLED11 / SLES11 Security Update : MozillaFirefox (SUSE-SU-2015:1703-1)
Redhat
advisories |
| ||||
rpms |
|
References
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
- http://rhn.redhat.com/errata/RHSA-2015-1834.html
- http://rhn.redhat.com/errata/RHSA-2015-1834.html
- http://www.debian.org/security/2015/dsa-3365
- http://www.debian.org/security/2015/dsa-3365
- http://www.mozilla.org/security/announce/2015/mfsa2015-105.html
- http://www.mozilla.org/security/announce/2015/mfsa2015-105.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securityfocus.com/bid/76816
- http://www.securityfocus.com/bid/76816
- http://www.securitytracker.com/id/1033640
- http://www.securitytracker.com/id/1033640
- http://www.ubuntu.com/usn/USN-2754-1
- http://www.ubuntu.com/usn/USN-2754-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1200148
- https://bugzilla.mozilla.org/show_bug.cgi?id=1200148