Vulnerabilities > CVE-2016-1930 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
mozilla
oracle
opensuse
CWE-119
critical
nessus

Summary

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Vulnerable Configurations

Part Description Count
Application
Mozilla
309
OS
Oracle
3
OS
Opensuse
3

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2880-1.NASL
    descriptionBob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, Nicolas Pierron, Eric Rescorla, Tyson Smith, and Gabor Krizsanits discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1930, CVE-2016-1931) Gustavo Grieco discovered an out-of-memory crash when loading GIF images in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service. (CVE-2016-1933) Aki Helin discovered a buffer overflow when rendering WebGL content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1935) It was discovered that a delay was missing when focusing the protocol handler dialog. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct clickjacking attacks. (CVE-2016-1937) Hanno Bock discovered that calculations with mp_div and mp_exptmod in NSS produce incorrect results in some circumstances, resulting in cryptographic weaknesses. (CVE-2016-1938) Nicholas Hurley discovered that Firefox allows for control characters to be set in cookie names. An attacker could potentially exploit this to conduct cookie injection attacks on some web servers. (CVE-2016-1939) It was discovered that when certain invalid URLs are pasted in to the addressbar, the addressbar contents may be manipulated to show the location of arbitrary websites. An attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1942) Ronald Crane discovered three vulnerabilities through code inspection. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1944, CVE-2016-1945, CVE-2016-1946) Francois Marier discovered that Application Reputation lookups didn
    last seen2020-06-01
    modified2020-06-02
    plugin id88456
    published2016-01-28
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88456
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : firefox vulnerabilities (USN-2880-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2880-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(88456);
      script_version("1.16");
      script_cvs_date("Date: 2019/09/18 12:31:45");
    
      script_cve_id("CVE-2016-1930", "CVE-2016-1931", "CVE-2016-1933", "CVE-2016-1935", "CVE-2016-1937", "CVE-2016-1938", "CVE-2016-1939", "CVE-2016-1942", "CVE-2016-1944", "CVE-2016-1945", "CVE-2016-1946", "CVE-2016-1947");
      script_xref(name:"USN", value:"2880-1");
    
      script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : firefox vulnerabilities (USN-2880-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse
    Ruderman, Carsten Book, Randell Jesup, Nicolas Pierron, Eric Rescorla,
    Tyson Smith, and Gabor Krizsanits discovered multiple memory safety
    issues in Firefox. If a user were tricked in to opening a specially
    crafted website, an attacker could potentially exploit these to cause
    a denial of service via application crash, or execute arbitrary code
    with the privileges of the user invoking Firefox. (CVE-2016-1930,
    CVE-2016-1931)
    
    Gustavo Grieco discovered an out-of-memory crash when loading GIF
    images in some circumstances. If a user were tricked in to opening a
    specially crafted website, an attacker could exploit this to cause a
    denial of service. (CVE-2016-1933)
    
    Aki Helin discovered a buffer overflow when rendering WebGL content in
    some circumstances. If a user were tricked in to opening a specially
    crafted website, an attacker could potentially exploit this to cause a
    denial of service via application crash, or execute arbitrary code
    with the privileges of the user invoking Firefox. (CVE-2016-1935)
    
    It was discovered that a delay was missing when focusing the protocol
    handler dialog. If a user were tricked in to opening a specially
    crafted website, an attacker could potentially exploit this to conduct
    clickjacking attacks. (CVE-2016-1937)
    
    Hanno Bock discovered that calculations with mp_div and mp_exptmod in
    NSS produce incorrect results in some circumstances, resulting in
    cryptographic weaknesses. (CVE-2016-1938)
    
    Nicholas Hurley discovered that Firefox allows for control characters
    to be set in cookie names. An attacker could potentially exploit this
    to conduct cookie injection attacks on some web servers.
    (CVE-2016-1939)
    
    It was discovered that when certain invalid URLs are pasted in to the
    addressbar, the addressbar contents may be manipulated to show the
    location of arbitrary websites. An attacker could potentially exploit
    this to conduct URL spoofing attacks. (CVE-2016-1942)
    
    Ronald Crane discovered three vulnerabilities through code inspection.
    If a user were tricked in to opening a specially crafted website, an
    attacker could potentially exploit these to cause a denial of service
    via application crash, or execute arbitrary code with the privileges
    of the user invoking Firefox. (CVE-2016-1944, CVE-2016-1945,
    CVE-2016-1946)
    
    Francois Marier discovered that Application Reputation lookups didn't
    work correctly, disabling warnings for potentially malicious
    downloads. An attacker could potentially exploit this by tricking a
    user in to downloading a malicious file. Other parts of the Safe
    Browsing feature were unaffected by this. (CVE-2016-1947).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2880-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/01/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04|14\.04|15\.04|15\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 15.04 / 15.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"firefox", pkgver:"44.0+build3-0ubuntu0.12.04.1")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"firefox", pkgver:"44.0+build3-0ubuntu0.14.04.1")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"firefox", pkgver:"44.0+build3-0ubuntu0.15.04.1")) flag++;
    if (ubuntu_check(osver:"15.10", pkgname:"firefox", pkgver:"44.0+build3-0ubuntu0.15.10.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2880-2.NASL
    descriptionUSN-2880-1 fixed vulnerabilities in Firefox. This update introduced a regression which caused Firefox to crash on startup with some configurations. This update fixes the problem. We apologize for the inconvenience. Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, Nicolas Pierron, Eric Rescorla, Tyson Smith, and Gabor Krizsanits discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1930, CVE-2016-1931) Gustavo Grieco discovered an out-of-memory crash when loading GIF images in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service. (CVE-2016-1933) Aki Helin discovered a buffer overflow when rendering WebGL content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1935) It was discovered that a delay was missing when focusing the protocol handler dialog. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct clickjacking attacks. (CVE-2016-1937) Hanno Bock discovered that calculations with mp_div and mp_exptmod in NSS produce incorrect results in some circumstances, resulting in cryptographic weaknesses. (CVE-2016-1938) Nicholas Hurley discovered that Firefox allows for control characters to be set in cookie names. An attacker could potentially exploit this to conduct cookie injection attacks on some web servers. (CVE-2016-1939) It was discovered that when certain invalid URLs are pasted in to the addressbar, the addressbar contents may be manipulated to show the location of arbitrary websites. An attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1942) Ronald Crane discovered three vulnerabilities through code inspection. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1944, CVE-2016-1945, CVE-2016-1946) Francois Marier discovered that Application Reputation lookups didn
    last seen2020-06-01
    modified2020-06-02
    plugin id88637
    published2016-02-09
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88637
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.10 : firefox regression (USN-2880-2)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0584-1.NASL
    descriptionThis update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues : Firefox 38.6.1 ESR (bsc#967087) The following vulnerabilities were fixed : - CVE-2016-1523: Fixed denial of service in Graphite 2 library (MFSA 2016-14/bmo#1246093) Firefox 38.6.0 ESR + Mozilla NSS 3.20.2. (bsc#963520) The following vulnerabilities were fixed : - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632) - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (bsc#963635) - CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results (bsc#963731) - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (bsc#959888) The following improvements were added : - bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites - Tracking protection is now enabled by default Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id89021
    published2016-02-29
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89021
    titleSUSE SLES11 Security Update : MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-SLES-for-VMware, mozilla-nss (SUSE-SU-2016:0584-1) (SLOTH)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_38_6_ESR.NASL
    descriptionThe version of Firefox ESR installed on the remote Mac OS X host is prior to 38.6. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory corruption issues exist that allow a remote attacker to execute arbitrary code. (CVE-2016-1930) - A buffer overflow condition exists in WebGL that is triggered when handling cache out-of-memory error conditions. A remote attacker can exploit this to execute arbitrary code. (CVE-2016-1935)
    last seen2020-06-01
    modified2020-06-02
    plugin id88458
    published2016-01-28
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88458
    titleFirefox ESR < 38.6 Multiple Vulnerabilities (Mac OS X)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0334-1.NASL
    descriptionThis update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues: (bsc#963520) Mozilla Firefox was updated to 38.6.0 ESR. Mozilla NSS was updated to 3.20.2. The following vulnerabilities were fixed : - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632) - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (bsc#963635) - CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results (bsc#963731) The following improvements were added : - bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites - Tracking protection is now enabled by default Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id88619
    published2016-02-08
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88619
    titleSUSE SLED11 / SLES11 Security Update : MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nss (SUSE-SU-2016:0334-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3457.NASL
    descriptionMultiple security issues have been found in Iceweasel, Debian
    last seen2020-06-01
    modified2020-06-02
    plugin id88426
    published2016-01-28
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88426
    titleDebian DSA-3457-1 : iceweasel - security update (SLOTH)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-128.NASL
    descriptionThis update to MozillaFirefox fixes several security issues and bugs. Mozilla Firefox was updated to 44.0. Mozilla NSS was updated to 3.21 Mozilla NSPR was updated to 4.11. The following vulnerabilities were fixed : - CVE-2016-1930/CVE-2016-1931: Miscellaneous memory safety hazards (boo#963633) - CVE-2016-1933: Out of Memory crash when parsing GIF format images (boo#963634) - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (boo#963635) - CVE-2015-7208/CVE-2016-1939: Firefox allows for control characters to be set in cookie names (boo#963637) - CVE-2016-1937: Missing delay following user click events in protocol handler dialog (boo#963641) - CVE-2016-1938: Errors in mp_div and mp_exptmod cryptographic functions in NSS (boo#963731) - CVE-2016-1942/CVE-2016-1943: Addressbar spoofing attacks (boo#963643) - CVE-2016-1944/CVE-2016-1945/CVE-2016-1946: Unsafe memory manipulation found through code inspection (boo#963644) - CVE-2016-1947: Application Reputation service disabled in Firefox 43 (boo#963645) The following change from Mozilla Firefox 43.0.4 is included : - Re-enable SHA-1 certificates to prevent outdated man-in-the-middle security devices from interfering with properly secured SSL/TLS connections
    last seen2020-06-05
    modified2016-02-03
    plugin id88549
    published2016-02-03
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/88549
    titleopenSUSE Security Update : the MozillaFirefox / mozilla-nss and mozilla-nspr (openSUSE-2016-128)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0071.NASL
    descriptionUpdated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1930, CVE-2016-1935) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.6.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id88419
    published2016-01-28
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88419
    titleCentOS 5 / 6 / 7 : firefox (CESA-2016:0071)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0338-1.NASL
    descriptionThis update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues: (bsc#963520) Mozilla Firefox was updated to 38.6.0 ESR. Mozilla NSS was updated to 3.20.2. The following vulnerabilities were fixed : - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632) - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (bsc#963635) - CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results (bsc#963731) The following improvements were added : - bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites - Tracking protection is now enabled by default - bsc#964332: Fixed leaking file descriptors inside FIPS selfcheck code Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id88620
    published2016-02-08
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88620
    titleSUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss (SUSE-SU-2016:0338-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0258.NASL
    descriptionAn updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-1930, CVE-2016-1935) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 38.6.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 38.6.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2016-02-19
    plugin id88859
    published2016-02-19
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88859
    titleRHEL 5 / 6 / 7 : thunderbird (RHSA-2016:0258)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_44.NASL
    descriptionThe version of Firefox installed on the remote Mac OS X host is prior to 44. It is, therefore, affected by the following vulnerabilities : - A cookie injection vulnerability exists due to illegal control characters being stored as cookie values in violation of RFC6265. A remote attacker can exploit this to inject cookies. (CVE-2015-7208) - Multiple unspecified memory corruption issues exist that allow a remote attacker to execute arbitrary code. (CVE-2016-1930, CVE-2016-1931) - An integer overflow condition exists due to improper parsing of GIF images during deinterlacing. A remote attacker can exploit this, via a specially crafted GIF image, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1933) - A buffer overflow condition exists in WebGL that is triggered when handling cache out-of-memory error conditions. A remote attacker can exploit this to execute arbitrary code. (CVE-2016-1935) - A content spoofing vulnerability exists due to the protocol handler dialog treating double click events as two single click events. A remote attacker can exploit this to spoof content, allowing the attacker to trick a user into performing malicious actions. (CVE-2016-1937) - A cryptographic weakness exists in Network Security Services (NSS) due to incorrect calculations with
    last seen2020-06-01
    modified2020-06-02
    plugin id88459
    published2016-01-28
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88459
    titleFirefox < 44 Multiple Vulnerabilities (Mac OS X)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_4F00DAC01E18448195AF7AAAD63FD303.NASL
    descriptionMozilla Foundation reports : MFSA 2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6) MFSA 2016-02 Out of Memory crash when parsing GIF format images MFSA 2016-03 Buffer overflow in WebGL after out of memory allocation MFSA 2016-04 Firefox allows for control characters to be set in cookie names MFSA 2016-06 Missing delay following user click events in protocol handler dialog MFSA 2016-09 Addressbar spoofing attacks MFSA 2016-10 Unsafe memory manipulation found through code inspection MFSA 2016-11 Application Reputation service disabled in Firefox 43
    last seen2020-06-01
    modified2020-06-02
    plugin id88512
    published2016-02-02
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88512
    titleFreeBSD : mozilla -- multiple vulnerabilities (4f00dac0-1e18-4481-95af-7aaad63fd303)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-131.NASL
    descriptionThis update fixes the following security related issues by updating packages to a more recent version : Update of NSPR to 4.11 Update of NSS to 3.21 Update of Firefox to 44.0 - MFSA 2016-01/CVE-2016-1930/CVE-2016-1931 Miscellaneous memory safety hazards - MFSA 2016-02/CVE-2016-1933 (bmo#1231761) Out of Memory crash when parsing GIF format images - MFSA 2016-03/CVE-2016-1935 (bmo#1220450) Buffer overflow in WebGL after out of memory allocation - MFSA 2016-04/CVE-2015-7208/CVE-2016-1939 (bmo#1191423, bmo#1233784) Firefox allows for control characters to be set in cookie names - MFSA 2016-06/CVE-2016-1937 (bmo#724353) Missing delay following user click events in protocol handler dialog - MFSA 2016-07/CVE-2016-1938 (bmo#1190248) Errors in mp_div and mp_exptmod cryptographic functions in NSS (fixed by requiring NSS 3.21) - MFSA 2016-09/CVE-2016-1942/CVE-2016-1943 (bmo#1189082, bmo#1228590) Addressbar spoofing attacks - MFSA 2016-10/CVE-2016-1944/CVE-2016-1945/CVE-2016-1946 (bmo#1186621, bmo#1214782, bmo#1232096) Unsafe memory manipulation found through code inspection - MFSA 2016-11/CVE-2016-1947 (bmo#1237103) Application Reputation service disabled in Firefox 43
    last seen2020-06-05
    modified2016-02-03
    plugin id88552
    published2016-02-03
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/88552
    titleopenSUSE Security Update : Mozilla Firefox (openSUSE-2016-131)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3491.NASL
    descriptionMultiple security issues have been found in Icedove, Debian
    last seen2020-06-01
    modified2020-06-02
    plugin id88943
    published2016-02-25
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88943
    titleDebian DSA-3491-1 : icedove - security update (SLOTH)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-127.NASL
    descriptionXULRunner was updated to 38.6.0 to fix two security issues. The following vulnerabilities were fixed : - CVE-2016-1930: Miscellaneous memory safety hazards (boo#963632) - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (boo#963635)
    last seen2020-06-05
    modified2016-02-03
    plugin id88548
    published2016-02-03
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/88548
    titleopenSUSE Security Update : xulrunner (openSUSE-2016-127)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_38_6_ESR.NASL
    descriptionThe version of Firefox ESR installed on the remote Windows host is prior to 38.6. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory corruption issues exist that allow a remote attacker to execute arbitrary code. (CVE-2016-1930) - A buffer overflow condition exists in WebGL that is triggered when handling cache out-of-memory error conditions. A remote attacker can exploit this to execute arbitrary code. (CVE-2016-1935)
    last seen2020-06-01
    modified2020-06-02
    plugin id88460
    published2016-01-28
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88460
    titleFirefox ESR < 38.6 Multiple Vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201605-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201605-06 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impacts. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id91379
    published2016-05-31
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91379
    titleGLSA-201605-06 : Mozilla Products: Multiple vulnerabilities (Logjam) (SLOTH)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0258.NASL
    descriptionAn updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-1930, CVE-2016-1935) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 38.6.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 38.6.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2016-02-19
    plugin id88844
    published2016-02-19
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88844
    titleCentOS 5 / 6 / 7 : thunderbird (CESA-2016:0258)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-222.NASL
    descriptionThis update Mozilla Thunderbird 38.6.0 fixes the following issues(boo#963520) : - CVE-2016-1930: Miscellaneous memory safety hazards (boo#963632) - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (boo#963635) The following upstream fixes are included : - Filters ran on a different folder than selected
    last seen2020-06-05
    modified2016-02-18
    plugin id88827
    published2016-02-18
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/88827
    titleopenSUSE Security Update : MozillaThunderbird (openSUSE-2016-222)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0071.NASL
    descriptionFrom Red Hat Security Advisory 2016:0071 : Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1930, CVE-2016-1935) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.6.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2016-01-28
    plugin id88443
    published2016-01-28
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88443
    titleOracle Linux 5 / 6 / 7 : firefox (ELSA-2016-0071)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-225.NASL
    descriptionThis update to 38.6.0 fixes the following issues : - MFSA 2016-01/CVE-2016-1930 Miscellaneous memory safety hazards - MFSA 2016-03/CVE-2016-1935 (bmo#1220450) Buffer overflow in WebGL after out of memory allocation
    last seen2020-06-05
    modified2016-02-18
    plugin id88830
    published2016-02-18
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/88830
    titleopenSUSE Security Update : Thunderbird (openSUSE-2016-225) (SLOTH)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2904-1.NASL
    descriptionKarthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2015-7575) Yves Younan discovered that graphite2 incorrectly handled certain malformed fonts. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitary code with the privileges of the user invoking Thunderbird. (CVE-2016-1523) Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1930) Aki Helin discovered a buffer overflow when rendering WebGL content in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1935). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id89776
    published2016-03-09
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89776
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.10 : thunderbird vulnerabilities (USN-2904-1) (SLOTH)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0258.NASL
    descriptionFrom Red Hat Security Advisory 2016:0258 : An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-1930, CVE-2016-1935) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 38.6.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 38.6.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2016-02-19
    plugin id88856
    published2016-02-19
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88856
    titleOracle Linux 6 / 7 : thunderbird (ELSA-2016-0258)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_44.NASL
    descriptionThe version of Firefox installed on the remote Windows host is prior to 44. It is, therefore, affected by the following vulnerabilities : - A cookie injection vulnerability exists due to illegal control characters being stored as cookie values in violation of RFC6265. A remote attacker can exploit this to inject cookies. (CVE-2015-7208) - Multiple unspecified memory corruption issues exist that allow a remote attacker to execute arbitrary code. (CVE-2016-1930, CVE-2016-1931) - An integer overflow condition exists due to improper parsing of GIF images during deinterlacing. A remote attacker can exploit this, via a specially crafted GIF image, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1933) - A buffer overflow condition exists in WebGL that is triggered when handling cache out-of-memory error conditions. A remote attacker can exploit this to execute arbitrary code. (CVE-2016-1935) - A content spoofing vulnerability exists due to the protocol handler dialog treating double click events as two single click events. A remote attacker can exploit this to spoof content, allowing the attacker to trick a user into performing malicious actions. (CVE-2016-1937) - A cryptographic weakness exists in Network Security Services (NSS) due to incorrect calculations with
    last seen2020-06-01
    modified2020-06-02
    plugin id88461
    published2016-01-28
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88461
    titleFirefox < 44 Multiple Vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160127_FIREFOX_ON_SL5_X.NASL
    descriptionSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1930, CVE-2016-1935) After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-03-18
    modified2016-01-28
    plugin id88452
    published2016-01-28
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88452
    titleScientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20160127)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0071.NASL
    descriptionUpdated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1930, CVE-2016-1935) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.6.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2016-01-27
    plugin id88406
    published2016-01-27
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88406
    titleRHEL 5 / 6 / 7 : firefox (RHSA-2016:0071)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160218_THUNDERBIRD_ON_SL5_X.NASL
    descriptionSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-1930, CVE-2016-1935) After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-03-18
    modified2016-02-19
    plugin id88860
    published2016-02-19
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88860
    titleScientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20160218)

Redhat

advisories
  • rhsa
    idRHSA-2016:0071
  • rhsa
    idRHSA-2016:0258
rpms
  • firefox-0:38.6.0-1.el5_11
  • firefox-0:38.6.0-1.el6_7
  • firefox-0:38.6.0-1.el7_2
  • firefox-debuginfo-0:38.6.0-1.el5_11
  • firefox-debuginfo-0:38.6.0-1.el6_7
  • firefox-debuginfo-0:38.6.0-1.el7_2
  • thunderbird-0:38.6.0-1.el5_11
  • thunderbird-0:38.6.0-1.el6_7
  • thunderbird-0:38.6.0-1.el7_2
  • thunderbird-debuginfo-0:38.6.0-1.el5_11
  • thunderbird-debuginfo-0:38.6.0-1.el6_7
  • thunderbird-debuginfo-0:38.6.0-1.el7_2

References