Vulnerabilities > CVE-2016-5250 - Information Exposure vulnerability in Mozilla Firefox

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(92753);
  script_version("1.11");
  script_cvs_date("Date: 2019/11/14");

  script_cve_id(
    "CVE-2016-0718",
    "CVE-2016-2830",
    "CVE-2016-2835",
    "CVE-2016-2836",
    "CVE-2016-2837",
    "CVE-2016-2838",
    "CVE-2016-5250",
    "CVE-2016-5251",
    "CVE-2016-5252",
    "CVE-2016-5254",
    "CVE-2016-5255",
    "CVE-2016-5258",
    "CVE-2016-5259",
    "CVE-2016-5260",
    "CVE-2016-5261",
    "CVE-2016-5262",
    "CVE-2016-5263",
    "CVE-2016-5264",
    "CVE-2016-5265",
    "CVE-2016-5266",
    "CVE-2016-5268"
  );
  script_bugtraq_id(
    90729,
    92258,
    92260,
    92261
  );
  script_xref(name:"MFSA", value:"2016-62");
  script_xref(name:"MFSA", value:"2016-63");
  script_xref(name:"MFSA", value:"2016-64");
  script_xref(name:"MFSA", value:"2016-66");
  script_xref(name:"MFSA", value:"2016-67");
  script_xref(name:"MFSA", value:"2016-68");
  script_xref(name:"MFSA", value:"2016-69");
  script_xref(name:"MFSA", value:"2016-70");
  script_xref(name:"MFSA", value:"2016-71");
  script_xref(name:"MFSA", value:"2016-72");
  script_xref(name:"MFSA", value:"2016-73");
  script_xref(name:"MFSA", value:"2016-74");
  script_xref(name:"MFSA", value:"2016-75");
  script_xref(name:"MFSA", value:"2016-76");
  script_xref(name:"MFSA", value:"2016-77");
  script_xref(name:"MFSA", value:"2016-78");
  script_xref(name:"MFSA", value:"2016-79");
  script_xref(name:"MFSA", value:"2016-80");
  script_xref(name:"MFSA", value:"2016-81");
  script_xref(name:"MFSA", value:"2016-83");
  script_xref(name:"MFSA", value:"2016-84");

  script_name(english:"Firefox < 48 Multiple Vulnerabilities (Mac OS X)");
  script_summary(english:"Checks the version of Firefox.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Mac OS X host contains a web browser that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Firefox installed on the remote Mac OS X host is prior
to 48. It is, therefore, affected by multiple vulnerabilities :

  - An overflow condition exists in the expat XML parser due
    to improper validation of user-supplied input when
    handling malformed input documents. An attacker can
    exploit this to cause a buffer overflow, resulting in a
    denial of service condition or the execution of
    arbitrary code. (CVE-2016-0718)

  - An information disclosure vulnerability exists due to a
    failure to close connections after requesting favicons.
    An attacker can exploit this to continue to send
    requests to the user's browser and disclose sensitive
    information.(CVE-2016-2830)

  - Multiple memory corruption issues exist due to improper
    validation of user-supplied input. An attacker can
    exploit these issues to cause a denial of service
    condition or the execution of arbitrary code.
    (CVE-2016-2835, CVE-2016-2836)

  - An overflow condition exists in the ClearKey Content
    Decryption Module (CDM) used by the Encrypted Media
    Extensions (EME) API due to improper validation of
    user-supplied input. An attacker can exploit this to
    cause a buffer overflow, resulting in a denial of
    service condition or the execution of arbitrary code.
    (CVE-2016-2837)

  - An overflow condition exists in the ProcessPDI()
    function in layout/base/nsBidi.cpp due to improper
    validation of user-supplied input. An attacker can
    exploit this to cause a heap-based buffer overflow,
    resulting in a denial of service condition or the
    execution of arbitrary code. (CVE-2016-2838)

  - A flaw exists in the Resource Timing API during page
    navigation. An attacker can exploit this to disclose
    sensitive information. (CVE-2016-5250)

  - A flaw exists that is triggered when decoding
    url-encoded values in 'data:' URLs. An attacker can
    exploit this, via non-ASCII or emoji characters, to
    spoof the address in the address bar. (CVE-2016-5251)

  - An underflow condition exists in the BasePoint4d()
    function in gfx/2d/Matrix.h due to improper validation
    of user-supplied input when calculating clipping regions
    in 2D graphics. A remote attacker can exploit this to
    cause a stack-based buffer underflow, resulting in a
    denial of service condition or the execution of
    arbitrary code. (CVE-2016-5252)

  - A use-after-free error exists in the KeyDown() function
    in layout/xul/nsXULPopupManager.cpp when using the alt
    key in conjunction with top level menu items. An
    attacker can exploit this to dereference already freed
    memory, resulting in a denial of service condition or
    the execution of arbitrary code. (CVE-2016-5254)

  - A use-after-free error exists in the sweep() function
    that is triggered when handling objects and pointers
    during incremental garbage collection. An attacker can
    exploit this to dereference already freed memory,
    resulting in a denial of service condition or the
    execution of arbitrary code. (CVE-2016-5255)

  - A use-after-free error exists in WebRTC that is
    triggered when handling DTLS objects. An attacker can
    exploit this to dereference already freed memory,
    resulting in a denial of service condition or the
    execution of arbitrary code. (CVE-2016-5258)

  - A use-after-free error exists in the DestroySyncLoop()
    function in dom/workers/WorkerPrivate.cpp that is
    triggered when handling nested sync event loops in
    Service Workers. An attacker can exploit this to
    dereference already freed memory, resulting in a denial
    of service condition or the execution of arbitrary code.
    (CVE-2016-5259)

  - An information disclosure vulnerability exists in the
    restorableFormNodes() function in XPathGenerator.jsm due
    to persistently storing passwords in plaintext in
    session restore data. An attacker can exploit this to
    disclose password information. (CVE-2016-5260)

  - An integer overflow condition exists in the
    ProcessInput() function in WebSocketChannel.cpp due to
    improper validation of user-supplied input when handling
    specially crafted WebSocketChannel packets. An attacker
    can exploit this to cause a denial of service condition
    or the execution of arbitrary code. (CVE-2016-5261)

  - A security bypass vulnerability exists due to event
    handler attributes on a <marquee> tag being executed
    inside a sandboxed iframe that does not have the
    allow-scripts flag set. An attacker can exploit this to
    bypass cross-site scripting protection mechanisms.
    (CVE-2016-5262)

  - A type confusion flaw exists in the HitTest() function
    in nsDisplayList.cpp when handling display
    transformations. An attacker can exploit this to execute
    arbitrary code. (CVE-2016-5263)

  - A use-after-free error exists in the
    NativeAnonymousChildListChange() function when applying
    effects to SVG elements. An attacker can exploit this to
    dereference already freed memory, resulting in a denial
    of service condition or the execution of arbitrary code.
    (CVE-2016-5264)

  - A flaw exists in the Redirect() function in
    nsBaseChannel.cpp that is triggered when a malicious 
    shortcut is called from the same directory as a local
    HTML file. An attacker can exploit this to bypass the
    same-origin policy. (CVE-2016-5265)

  - A flaw exists due to a failure to properly filter file
    URIs dragged from a web page to a different piece of
    software. An attacker can exploit this to disclose
    sensitive information. (CVE-2016-5266)

  - A flaw exists that is triggered when handling certain
    specific 'about:' URLs that allows an attacker to spoof
    the contents of system information or error messages
    (CVE-2016-5268)

  - A flaw exists that is triggered when handling certain
    specific 'about:' URLs that allows an attacker to spoof
    the contents of system information or error messages
    (CVE-2016-5268)

  - A flaw exists in woff2 that is triggered during the
    handling of TTC detection. An attacker can exploit this
    to have an unspecified impact.

  - Multiple unspecified flaws exist in woff2 that allow an
    attacker to cause a denial of service condition.");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-71/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-74/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-75/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-83/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Firefox version 48 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5261");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/08/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_firefox_installed.nasl");
  script_require_keys("MacOSX/Firefox/Installed");

  exit(0);
}

include("mozilla_version.inc");

kb_base = "MacOSX/Firefox";
get_kb_item_or_exit(kb_base+"/Installed");

version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);

if (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');

mozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'48', severity:SECURITY_HOLE, xss:TRUE);

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3112-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(94352);
  script_version("2.7");
  script_cvs_date("Date: 2019/09/18 12:31:46");

  script_cve_id("CVE-2016-5250", "CVE-2016-5257", "CVE-2016-5270", "CVE-2016-5272", "CVE-2016-5274", "CVE-2016-5276", "CVE-2016-5277", "CVE-2016-5278", "CVE-2016-5280", "CVE-2016-5281", "CVE-2016-5284");
  script_xref(name:"USN", value:"3112-1");

  script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : thunderbird vulnerabilities (USN-3112-1)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Catalin Dumitru discovered that URLs of resources loaded after a
navigation start could be leaked to the following page via the
Resource Timing API. If a user were tricked in to opening a specially
crafted website in a browsing context, an attacker could potentially
exploit this to obtain sensitive information. (CVE-2016-5250)

Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon
Coppeard, Steve Fink, Tyson Smith, and Carsten Book discovered
multiple memory safety issues in Thunderbird. If a user were tricked
in to opening a specially crafted message, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-5257)

Atte Kettunen discovered a heap buffer overflow during text conversion
with some unicode characters. If a user were tricked in to opening a
specially crafted message, an attacker could potentially exploit this
to cause a denial of service via application crash, or execute
arbitrary code. (CVE-2016-5270)

Abhishek Arya discovered a bad cast when processing layout with input
elements in some circumstances. If a user were tricked in to opening a
specially crafted website in a browsing context, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-5272)

A use-after-free was discovered in web animations during restyling. If
a user were tricked in to opening a specially crafted website in a
browsing context, an attacker could potentially exploit this to cause
a denial of service via application crash, or execute arbitrary code.
(CVE-2016-5274)

A use-after-free was discovered in accessibility. If a user were
tricked in to opening a specially crafted website in a browsing
context, an attacker could potentially exploit this to cause a denial
of service via application crash, or execute arbitrary code.
(CVE-2016-5276)

A use-after-free was discovered in web animations when destroying a
timeline. If a user were tricked in to opening a specially crafted
website in a browsing context, an attacker could potentially exploit
this to cause a denial of service via application crash, or execute
arbitrary code. (CVE-2016-5277)

A buffer overflow was discovered when encoding image frames to images
in some circumstances. If a user were tricked in to opening a
specially crafted message, an attacker could potentially exploit this
to cause a denial of service via application crash, or execute
arbitrary code. (CVE-2016-5278)

Mei Wang discovered a use-after-free when changing text direction. If
a user were tricked in to opening a specially crafted website in a
browsing context, an attacker could potentially exploit this to cause
a denial of service via application crash, or execute arbitrary code.
(CVE-2016-5280)

Brian Carpenter discovered a use-after-free when manipulating SVG
content in some circumstances. If a user were tricked in to opening a
specially crafted website in a browsing context, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-5281)

An issue was discovered with the preloaded Public Key Pinning (HPKP).
If a man-in-the-middle (MITM) attacker was able to obtain a fraudulent
certificate for a Mozilla site, they could exploit this by providing
malicious addon updates. (CVE-2016-5284).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/3112-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected thunderbird package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:thunderbird");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/10/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/28");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(12\.04|14\.04|16\.04|16\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 16.04 / 16.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"12.04", pkgname:"thunderbird", pkgver:"1:45.4.0+build1-0ubuntu0.12.04.1")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"thunderbird", pkgver:"1:45.4.0+build1-0ubuntu0.14.04.1")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"thunderbird", pkgver:"1:45.4.0+build1-0ubuntu0.16.04.1")) flag++;
if (ubuntu_check(osver:"16.10", pkgname:"thunderbird", pkgver:"1:45.4.0+build1-0ubuntu0.16.10.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird");
}

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(99809);
  script_version("1.37");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/07");

  script_cve_id(
    "CVE-2016-5250",
    "CVE-2016-5257",
    "CVE-2016-5261",
    "CVE-2016-5270",
    "CVE-2016-5272",
    "CVE-2016-5274",
    "CVE-2016-5276",
    "CVE-2016-5277",
    "CVE-2016-5278",
    "CVE-2016-5280",
    "CVE-2016-5281",
    "CVE-2016-5284"
  );

  script_name(english:"EulerOS 2.0 SP1 : firefox (EulerOS-SA-2016-1046)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the firefox package installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - Mozilla Firefox before 48.0 allows remote attackers to
    obtain sensitive information about the previously
    retrieved page via Resource Timing API
    calls.(CVE-2016-5250)

  - Multiple unspecified vulnerabilities in the browser
    engine in Mozilla Firefox before 49.0 and Firefox ESR
    45.x before 45.4 allow remote attackers to cause a
    denial of service (memory corruption and application
    crash) or possibly execute arbitrary code via unknown
    vectors.(CVE-2016-5257)

  - Integer overflow in the WebSocketChannel class in the
    WebSockets subsystem in Mozilla Firefox before 48.0
    allows remote attackers to execute arbitrary code or
    cause a denial of service (memory corruption) via
    crafted packets that trigger incorrect buffer-resize
    operations during buffering.(CVE-2016-5261)

  - Heap-based buffer overflow in the
    nsCaseTransformTextRunFactory::TransformString function
    in Mozilla Firefox before 49.0 and Firefox ESR 45.x
    before 45.4 allows remote attackers to cause a denial
    of service (boolean out-of-bounds write) or possibly
    have unspecified other impact via Unicode characters
    that are mishandled during text
    conversion.(CVE-2016-5270)

  - The nsImageGeometryMixin class in Mozilla Firefox
    before 49.0 and Firefox ESR 45.x before 45.4 does not
    properly perform a cast of an unspecified variable
    during handling of INPUT elements, which allows remote
    attackers to execute arbitrary code via a crafted web
    site.(CVE-2016-5272)

  - Use-after-free vulnerability in the
    nsFrameManager::CaptureFrameState function in Mozilla
    Firefox before 49.0 and Firefox ESR 45.x before 45.4
    allows remote attackers to execute arbitrary code by
    leveraging improper interaction between restyling and
    the Web Animations model implementation.(CVE-2016-5274)

  - Use-after-free vulnerability in the
    mozilla::a11y::DocAccessible::ProcessInvalidationList
    function in Mozilla Firefox before 49.0 and Firefox ESR
    45.x before 45.4 allows remote attackers to execute
    arbitrary code or cause a denial of service (heap
    memory corruption) via an aria-owns
    attribute.(CVE-2016-5276)

  - Use-after-free vulnerability in the
    nsRefreshDriver::Tick function in Mozilla Firefox
    before 49.0 and Firefox ESR 45.x before 45.4 allows
    remote attackers to execute arbitrary code or cause a
    denial of service (heap memory corruption) by
    leveraging improper interaction between timeline
    destruction and the Web Animations model
    implementation.(CVE-2016-5277)

  - Heap-based buffer overflow in the
    nsBMPEncoder::AddImageFrame function in Mozilla Firefox
    before 49.0 and Firefox ESR 45.x before 45.4 allows
    remote attackers to execute arbitrary code via a
    crafted image data that is mishandled during the
    encoding of an image frame to an image.(CVE-2016-5278)

  - Use-after-free vulnerability in the
    mozilla::nsTextNodeDirectionalityMap::RemoveElementFrom
    Map function in Mozilla Firefox before 49.0 and Firefox
    ESR 45.x before 45.4 allows remote attackers to execute
    arbitrary code via bidirectional text.(CVE-2016-5280)

  - Use-after-free vulnerability in the DOMSVGLength class
    in Mozilla Firefox before 49.0 and Firefox ESR 45.x
    before 45.4 allows remote attackers to execute
    arbitrary code by leveraging improper interaction
    between JavaScript code and an SVG
    document.(CVE-2016-5281)

  - Mozilla Firefox before 49.0 and Firefox ESR 45.x before
    45.4 rely on unintended expiration dates for Preloaded
    Public Key Pinning, which allows man-in-the-middle
    attackers to spoof add-on updates by leveraging
    possession of an X.509 server certificate for
    addons.mozilla.org signed by an arbitrary built-in
    Certification Authority.(CVE-2016-5284)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1046
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?080de640");
  script_set_attribute(attribute:"solution", value:
"Update the affected firefox packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/09/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:firefox");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["firefox-45.4.0-1"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg, allowmaj:TRUE)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2016:1912 and 
# Oracle Linux Security Advisory ELSA-2016-1912 respectively.
#

include("compat.inc");

if (description)
{
  script_id(93641);
  script_version("2.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29");

  script_cve_id("CVE-2016-5250", "CVE-2016-5257", "CVE-2016-5261", "CVE-2016-5270", "CVE-2016-5272", "CVE-2016-5274", "CVE-2016-5276", "CVE-2016-5277", "CVE-2016-5278", "CVE-2016-5280", "CVE-2016-5281", "CVE-2016-5284");
  script_xref(name:"RHSA", value:"2016:1912");

  script_name(english:"Oracle Linux 5 / 6 / 7 : firefox (ELSA-2016-1912)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote Oracle Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description",
    value:
"From Red Hat Security Advisory 2016:1912 :

An update for firefox is now available for Red Hat Enterprise Linux 5,
Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Critical. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Mozilla Firefox is an open source web browser.

This update upgrades Firefox to version 45.4.0 ESR.

Security Fix(es) :

* Multiple flaws were found in the processing of malformed web
content. A web page containing malicious content could cause Firefox
to crash or, potentially, execute arbitrary code with the privileges
of the user running Firefox. (CVE-2016-5257, CVE-2016-5278,
CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276,
CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284,
CVE-2016-5250, CVE-2016-5261)

Red Hat would like to thank the Mozilla project for reporting these
issues. Upstream acknowledges Samuel Gross, Brian Carpenter, Mei Wang,
Ryan Duff, Catalin Dumitru, Mozilla developers, Christoph Diehl,
Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink,
Tyson Smith, Philipp, Carsten Book, Abhishek Arya, Atte Kettunen, and
Nils as the original reporters."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2016-September/006350.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2016-September/006351.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2016-September/006352.html"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Update the affected firefox package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:firefox");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/09/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/22");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^(5|6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6 / 7", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);

flag = 0;
if (rpm_check(release:"EL5", reference:"firefox-45.4.0-1.0.1.el5_11", allowmaj:TRUE)) flag++;

if (rpm_check(release:"EL6", reference:"firefox-45.4.0-1.0.1.el6_8", allowmaj:TRUE)) flag++;

if (rpm_check(release:"EL7", cpu:"x86_64", reference:"firefox-45.4.0-1.0.1.el7_2", allowmaj:TRUE)) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2016:1912 and 
# CentOS Errata and Security Advisory 2016:1912 respectively.
#

include("compat.inc");

if (description)
{
  script_id(93666);
  script_version("2.15");
  script_cvs_date("Date: 2020/02/18");

  script_cve_id("CVE-2016-5250", "CVE-2016-5257", "CVE-2016-5261", "CVE-2016-5270", "CVE-2016-5272", "CVE-2016-5274", "CVE-2016-5276", "CVE-2016-5277", "CVE-2016-5278", "CVE-2016-5280", "CVE-2016-5281", "CVE-2016-5284");
  script_xref(name:"RHSA", value:"2016:1912");

  script_name(english:"CentOS 5 / 6 / 7 : firefox (CESA-2016:1912)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote CentOS host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An update for firefox is now available for Red Hat Enterprise Linux 5,
Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Critical. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Mozilla Firefox is an open source web browser.

This update upgrades Firefox to version 45.4.0 ESR.

Security Fix(es) :

* Multiple flaws were found in the processing of malformed web
content. A web page containing malicious content could cause Firefox
to crash or, potentially, execute arbitrary code with the privileges
of the user running Firefox. (CVE-2016-5257, CVE-2016-5278,
CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276,
CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284,
CVE-2016-5250, CVE-2016-5261)

Red Hat would like to thank the Mozilla project for reporting these
issues. Upstream acknowledges Samuel Gross, Brian Carpenter, Mei Wang,
Ryan Duff, Catalin Dumitru, Mozilla developers, Christoph Diehl,
Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink,
Tyson Smith, Philipp, Carsten Book, Abhishek Arya, Atte Kettunen, and
Nils as the original reporters."
  );
  # https://lists.centos.org/pipermail/centos-announce/2016-September/022088.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?0c4c9bfd"
  );
  # https://lists.centos.org/pipermail/centos-announce/2016-September/022089.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?8f17ef0a"
  );
  # https://lists.centos.org/pipermail/centos-announce/2016-September/022090.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?257807c2"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected firefox package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5257");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:firefox");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/09/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/23");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"CentOS Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^(5|6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x / 6.x / 7.x", "CentOS " + os_ver);

if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);


flag = 0;
if (rpm_check(release:"CentOS-5", reference:"firefox-45.4.0-1.el5.centos", allowmaj:TRUE)) flag++;

if (rpm_check(release:"CentOS-6", reference:"firefox-45.4.0-1.el6.centos", allowmaj:TRUE)) flag++;

if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"firefox-45.4.0-1.el7.centos", allowmaj:TRUE)) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2016-937.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(92746);
  script_version("2.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2016-0718", "CVE-2016-2830", "CVE-2016-2835", "CVE-2016-2836", "CVE-2016-2837", "CVE-2016-2838", "CVE-2016-2839", "CVE-2016-5250", "CVE-2016-5251", "CVE-2016-5252", "CVE-2016-5254", "CVE-2016-5255", "CVE-2016-5258", "CVE-2016-5259", "CVE-2016-5260", "CVE-2016-5261", "CVE-2016-5262", "CVE-2016-5263", "CVE-2016-5264", "CVE-2016-5265", "CVE-2016-5266", "CVE-2016-5268");

  script_name(english:"openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-937)");
  script_summary(english:"Check for the openSUSE-2016-937 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and
deliver various improvements.

The following major changes are included :

  - Process separation (e10s) is enabled for some users

  - Add-ons that have not been verified and signed by
    Mozilla will not load

  - WebRTC enhancements

  - The media parser has been redeveloped using the Rust
    programming language

  - better Canvas performance with speedy Skia support

  - Now requires NSS 3.24

The following security issues were fixed: (boo#991809)

  - CVE-2016-2835/CVE-2016-2836: Miscellaneous memory safety
    hazards

  - CVE-2016-2830: Favicon network connection can persist
    when page is closed

  - CVE-2016-2838: Buffer overflow rendering SVG with
    bidirectional content

  - CVE-2016-2839: Cairo rendering crash due to memory
    allocation issue with FFmpeg 0.10

  - CVE-2016-5251: Location bar spoofing via data URLs with
    malformed/invalid mediatypes

  - CVE-2016-5252: Stack underflow during 2D graphics
    rendering

  - CVE-2016-0718: Out-of-bounds read during XML parsing in
    Expat library

  - CVE-2016-5254: Use-after-free when using alt key and
    toplevel menus

  - CVE-2016-5255: Crash in incremental garbage collection
    in JavaScript

  - CVE-2016-5258: Use-after-free in DTLS during WebRTC
    session shutdown

  - CVE-2016-5259: Use-after-free in service workers with
    nested sync events

  - CVE-2016-5260: Form input type change from password to
    text can store plain text password in session restore
    file

  - CVE-2016-5261: Integer overflow in WebSockets during
    data buffering

  - CVE-2016-5262: Scripts on marquee tag can execute in
    sandboxed iframes

  - CVE-2016-2837: Buffer overflow in ClearKey Content
    Decryption Module (CDM) during video playback

  - CVE-2016-5263: Type confusion in display transformation

  - CVE-2016-5264: Use-after-free when applying SVG effects

  - CVE-2016-5265: Same-origin policy violation using local
    HTML file and saved shortcut file

  - CVE-2016-5266: Information disclosure and local file
    manipulation through drag and drop

  - CVE-2016-5268: Spoofing attack through text injection
    into internal error pages

  - CVE-2016-5250: Information disclosure through Resource
    Timing API during page navigation

The following non-security changes are included :

  - The AppData description and screenshots were updated.

  - Fix Firefox crash on startup on i586 (boo#986541)

  - The Selenium WebDriver may have caused Firefox to crash
    at startup

  - fix build issues with gcc/binutils combination used in
    Leap 42.2 (boo#984637)

  - Fix running on 48bit va aarch64 (boo#984126)

  - fix XUL dialog button order under KDE session
    (boo#984403)

Mozilla NSS was updated to 3.24 as a dependency.

Changes in mozilla-nss :

  - NSS softoken updated with latest NIST guidance

  - NSS softoken updated to allow NSS to run in FIPS Level 1
    (no password)

  - Various added and deprecated functions 

  - Remove most code related to SSL v2, including the
    ability to actively send a SSLv2-compatible client
    hello.

  - Protect against the Cachebleed attack.

  - Disable support for DTLS compression.

  - Improve support for TLS 1.3. This includes support for
    DTLS 1.3. (experimental)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=984126"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=984403"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=984637"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=986541"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=991809"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected MozillaFirefox / mozilla-nss packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/08/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.2|SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2 / 42.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-48.0-74.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-branding-upstream-48.0-74.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-buildsymbols-48.0-74.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-debuginfo-48.0-74.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-debugsource-48.0-74.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-devel-48.0-74.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-translations-common-48.0-74.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-translations-other-48.0-74.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libfreebl3-3.24-37.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libfreebl3-debuginfo-3.24-37.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libsoftokn3-3.24-37.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libsoftokn3-debuginfo-3.24-37.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-3.24-37.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-certs-3.24-37.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-certs-debuginfo-3.24-37.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-debuginfo-3.24-37.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-debugsource-3.24-37.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-devel-3.24-37.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-sysinit-3.24-37.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-sysinit-debuginfo-3.24-37.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-tools-3.24-37.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-tools-debuginfo-3.24-37.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libfreebl3-32bit-3.24-37.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.24-37.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libsoftokn3-32bit-3.24-37.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.24-37.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"mozilla-nss-32bit-3.24-37.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.24-37.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.24-37.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.24-37.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.24-37.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.24-37.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"MozillaFirefox-48.0-27.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"MozillaFirefox-branding-upstream-48.0-27.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"MozillaFirefox-buildsymbols-48.0-27.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"MozillaFirefox-debuginfo-48.0-27.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"MozillaFirefox-debugsource-48.0-27.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"MozillaFirefox-devel-48.0-27.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"MozillaFirefox-translations-common-48.0-27.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"MozillaFirefox-translations-other-48.0-27.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libfreebl3-3.24-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libfreebl3-debuginfo-3.24-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libsoftokn3-3.24-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libsoftokn3-debuginfo-3.24-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"mozilla-nss-3.24-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"mozilla-nss-certs-3.24-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"mozilla-nss-certs-debuginfo-3.24-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"mozilla-nss-debuginfo-3.24-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"mozilla-nss-debugsource-3.24-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"mozilla-nss-devel-3.24-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"mozilla-nss-sysinit-3.24-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"mozilla-nss-sysinit-debuginfo-3.24-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"mozilla-nss-tools-3.24-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"mozilla-nss-tools-debuginfo-3.24-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libfreebl3-32bit-3.24-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.24-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libsoftokn3-32bit-3.24-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.24-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"mozilla-nss-32bit-3.24-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.24-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.24-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.24-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.24-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.24-21.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-upstream / etc");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2016-960.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(92853);
  script_version("2.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2016-0718", "CVE-2016-2830", "CVE-2016-2835", "CVE-2016-2836", "CVE-2016-2837", "CVE-2016-2838", "CVE-2016-2839", "CVE-2016-5250", "CVE-2016-5251", "CVE-2016-5252", "CVE-2016-5254", "CVE-2016-5255", "CVE-2016-5258", "CVE-2016-5259", "CVE-2016-5260", "CVE-2016-5261", "CVE-2016-5262", "CVE-2016-5263", "CVE-2016-5264", "CVE-2016-5265", "CVE-2016-5266", "CVE-2016-5268");

  script_name(english:"openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-960)");
  script_summary(english:"Check for the openSUSE-2016-960 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and
deliver various improvements.

The following major changes are included :

  - Process separation (e10s) is enabled for some users

  - Add-ons that have not been verified and signed by
    Mozilla will not load

  - WebRTC enhancements

  - The media parser has been redeveloped using the Rust
    programming language

  - better Canvas performance with speedy Skia support

  - Now requires NSS 3.24

The following security issues were fixed: (boo#991809)

  - CVE-2016-2835/CVE-2016-2836: Miscellaneous memory safety
    hazards

  - CVE-2016-2830: Favicon network connection can persist
    when page is closed

  - CVE-2016-2838: Buffer overflow rendering SVG with
    bidirectional content

  - CVE-2016-2839: Cairo rendering crash due to memory
    allocation issue with FFmpeg 0.10

  - CVE-2016-5251: Location bar spoofing via data URLs with
    malformed/invalid mediatypes

  - CVE-2016-5252: Stack underflow during 2D graphics
    rendering

  - CVE-2016-0718: Out-of-bounds read during XML parsing in
    Expat library

  - CVE-2016-5254: Use-after-free when using alt key and
    toplevel menus

  - CVE-2016-5255: Crash in incremental garbage collection
    in JavaScript

  - CVE-2016-5258: Use-after-free in DTLS during WebRTC
    session shutdown

  - CVE-2016-5259: Use-after-free in service workers with
    nested sync events

  - CVE-2016-5260: Form input type change from password to
    text can store plain text password in session restore
    file

  - CVE-2016-5261: Integer overflow in WebSockets during
    data buffering

  - CVE-2016-5262: Scripts on marquee tag can execute in
    sandboxed iframes

  - CVE-2016-2837: Buffer overflow in ClearKey Content
    Decryption Module (CDM) during video playback

  - CVE-2016-5263: Type confusion in display transformation

  - CVE-2016-5264: Use-after-free when applying SVG effects

  - CVE-2016-5265: Same-origin policy violation using local
    HTML file and saved shortcut file

  - CVE-2016-5266: Information disclosure and local file
    manipulation through drag and drop

  - CVE-2016-5268: Spoofing attack through text injection
    into internal error pages

  - CVE-2016-5250: Information disclosure through Resource
    Timing API during page navigation

The following non-security changes are included :

  - The AppData description and screenshots were updated.

  - Fix Firefox crash on startup on i586 (boo#986541)

  - The Selenium WebDriver may have caused Firefox to crash
    at startup

  - fix build issues with gcc/binutils combination used in
    Leap 42.2 (boo#984637)

  - Fix running on 48bit va aarch64 (boo#984126)

  - fix XUL dialog button order under KDE session
    (boo#984403)

Mozilla NSS was updated to 3.24 as a dependency.

Changes in mozilla-nss :

  - NSS softoken updated with latest NIST guidance

  - NSS softoken updated to allow NSS to run in FIPS Level 1
    (no password)

  - Various added and deprecated functions 

  - Remove most code related to SSL v2, including the
    ability to actively send a SSLv2-compatible client
    hello.

  - Protect against the Cachebleed attack.

  - Disable support for DTLS compression.

  - Improve support for TLS 1.3. This includes support for
    DTLS 1.3. (experimental)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=984126"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=984403"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=984637"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=986541"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=991809"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected MozillaFirefox / mozilla-nss packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/08/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/11");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-48.0-119.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-branding-upstream-48.0-119.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-buildsymbols-48.0-119.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-debuginfo-48.0-119.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-debugsource-48.0-119.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-devel-48.0-119.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-translations-common-48.0-119.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-translations-other-48.0-119.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libfreebl3-3.24-83.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libfreebl3-debuginfo-3.24-83.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libsoftokn3-3.24-83.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libsoftokn3-debuginfo-3.24-83.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-3.24-83.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-certs-3.24-83.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-certs-debuginfo-3.24-83.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-debuginfo-3.24-83.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-debugsource-3.24-83.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-devel-3.24-83.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-sysinit-3.24-83.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-sysinit-debuginfo-3.24-83.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-tools-3.24-83.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-tools-debuginfo-3.24-83.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libfreebl3-32bit-3.24-83.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.24-83.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsoftokn3-32bit-3.24-83.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.24-83.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-32bit-3.24-83.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.24-83.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.24-83.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.24-83.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.24-83.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.24-83.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-upstream / etc");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-658-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(94078);
  script_version("2.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2016-5250", "CVE-2016-5257", "CVE-2016-5261", "CVE-2016-5270", "CVE-2016-5272", "CVE-2016-5276", "CVE-2016-5277", "CVE-2016-5278", "CVE-2016-5280", "CVE-2016-5281", "CVE-2016-5284");

  script_name(english:"Debian DLA-658-1 : icedove security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple security issues have been found in Icedove, Debian's version
of the Mozilla Thunderbird mail client: Multiple memory safety errors
may lead to the execution of arbitrary code or denial of service.

For Debian 7 'Wheezy', these problems have been fixed in version
45.4.0-1~deb7u1.

We recommend that you upgrade your icedove packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2016/10/msg00014.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/wheezy/icedove"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:calendar-google-provider");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icedove");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icedove-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icedove-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceowl-extension");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/10/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/17");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"7.0", prefix:"calendar-google-provider", reference:"45.4.0-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"icedove", reference:"45.4.0-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"icedove-dbg", reference:"45.4.0-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"icedove-dev", reference:"45.4.0-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceowl-extension", reference:"45.4.0-1~deb7u1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2016:1912. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(93642);
  script_version("2.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29");

  script_cve_id("CVE-2016-5250", "CVE-2016-5257", "CVE-2016-5261", "CVE-2016-5270", "CVE-2016-5272", "CVE-2016-5274", "CVE-2016-5276", "CVE-2016-5277", "CVE-2016-5278", "CVE-2016-5280", "CVE-2016-5281", "CVE-2016-5284");
  script_xref(name:"RHSA", value:"2016:1912");

  script_name(english:"RHEL 5 / 6 / 7 : firefox (RHSA-2016:1912)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description",
    value:
"An update for firefox is now available for Red Hat Enterprise Linux 5,
Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Critical. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Mozilla Firefox is an open source web browser.

This update upgrades Firefox to version 45.4.0 ESR.

Security Fix(es) :

* Multiple flaws were found in the processing of malformed web
content. A web page containing malicious content could cause Firefox
to crash or, potentially, execute arbitrary code with the privileges
of the user running Firefox. (CVE-2016-5257, CVE-2016-5278,
CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276,
CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284,
CVE-2016-5250, CVE-2016-5261)

Red Hat would like to thank the Mozilla project for reporting these
issues. Upstream acknowledges Samuel Gross, Brian Carpenter, Mei Wang,
Ryan Duff, Catalin Dumitru, Mozilla developers, Christoph Diehl,
Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink,
Tyson Smith, Philipp, Carsten Book, Abhishek Arya, Atte Kettunen, and
Nils as the original reporters."
  );
  # https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?8b5eaff4"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2016:1912"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2016-5250"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2016-5257"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2016-5261"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2016-5270"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2016-5272"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2016-5274"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2016-5276"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2016-5277"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2016-5278"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2016-5280"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2016-5281"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2016-5284"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Update the affected firefox and / or firefox-debuginfo packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/09/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/22");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^(5|6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x / 7.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2016:1912";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL5", reference:"firefox-45.4.0-1.el5_11", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL5", reference:"firefox-debuginfo-45.4.0-1.el5_11", allowmaj:TRUE)) flag++;


  if (rpm_check(release:"RHEL6", reference:"firefox-45.4.0-1.el6_8", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL6", reference:"firefox-debuginfo-45.4.0-1.el6_8", allowmaj:TRUE)) flag++;


  if (rpm_check(release:"RHEL7", reference:"firefox-45.4.0-1.el7_2", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", reference:"firefox-debuginfo-45.4.0-1.el7_2", allowmaj:TRUE)) flag++;


  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / firefox-debuginfo");
  }
}

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(93661);
  script_version("1.7");
  script_cvs_date("Date: 2019/11/14");

  script_cve_id(
    "CVE-2016-5250",
    "CVE-2016-5257",
    "CVE-2016-5261",
    "CVE-2016-5270",
    "CVE-2016-5272",
    "CVE-2016-5274",
    "CVE-2016-5276",
    "CVE-2016-5277",
    "CVE-2016-5278",
    "CVE-2016-5280",
    "CVE-2016-5281",
    "CVE-2016-5284"
  );
  script_bugtraq_id(92260, 93049);
  script_xref(name:"MFSA", value:"2016-86");

  script_name(english:"Mozilla Firefox ESR 45.x < 45.4 Multiple Vulnerabilities");
  script_summary(english:"Checks the version of Firefox.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Mozilla Firefox ESR installed on the remote Windows
host is 45.x prior to 45.4. It is, therefore, affected by multiple
vulnerabilities :

  - A flaw exists in the HttpBaseChannel::GetPerformance()
    function in netwerk/protocol/http/HttpBaseChannel.cpp
    due to the program leaking potentially sensitive
    resources of URLs through the Resource Timing API
    during page navigation. An unauthenticated, remote
    attacker can exploit this to disclose sensitive
    information. (CVE-2016-5250)

  - Multiple memory safety issues exist that allow an
    unauthenticated, remote attacker to potentially execute
    arbitrary code. (CVE-2016-5257)

  - An integer overflow condition exists in the
    WebSocketChannel::ProcessInput() function within file
    netwerk/protocol/websocket/WebSocketChannel.cpp when
    handling specially crafted WebSocketChannel packets due
    to improper validation of user-supplied input. An
    unauthenticated, remote attacker can exploit this to
    execute arbitrary code. (CVE-2016-5261)

  - A heap buffer overflow condition exists in the
    nsCaseTransformTextRunFactory::TransformString()
    function in layout/generic/nsTextRunTransformations.cpp
    when converting text containing certain Unicode
    characters. An unauthenticated, remote attacker can
    exploit this to execute arbitrary code. (CVE-2016-5270)

  - A type confusion error exists within file
    layout/forms/nsRangeFrame.cpp when handling layout with
    input elements. An unauthenticated, remote attacker can
    exploit this to execute arbitrary code. (CVE-2016-5272)

  - A use-after-free error exists within file
    layout/style/nsRuleNode.cpp when handling web animations
    during restyling. An unauthenticated, remote attacker
    can exploit this to execute arbitrary code.
    (CVE-2016-5274)

  - A use-after-free error exists in the
    DocAccessible::ProcessInvalidationList() function within
    file accessible/generic/DocAccessible.cpp when setting
    an aria-owns attribute. An unauthenticated, remote
    attacker can exploit this to execute arbitrary code.
    (CVE-2016-5276)

  - A use-after-free error exists in the
    nsRefreshDriver::Tick() function when handling web
    animations destroying a timeline. An unauthenticated,
    remote attacker can exploit this to execute arbitrary
    code. (CVE-2016-5277)

  - A buffer overflow condition exists in the
    nsBMPEncoder::AddImageFrame() function within file
    dom/base/ImageEncoder.cpp when encoding image frames to
    images. An unauthenticated, remote attacker can exploit
    this to execute arbitrary code. (CVE-2016-5278)

  - A use-after-free error exists in the
    nsTextNodeDirectionalityMap::RemoveElementFromMap()
    function within file dom/base/DirectionalityUtils.cpp
    when handling changing of text direction. An
    unauthenticated, remote attacker can exploit this to
    execute arbitrary code. (CVE-2016-5280)

  - A use-after-free error exists when handling SVG format
    content that is being manipulated through script code.
    An unauthenticated, remote attacker can exploit this to
    execute arbitrary code. (CVE-2016-5281)

  - A flaw exists due to the certificate pinning policy for
    built-in sites (e.g., addons.mozilla.org) not being
    honored when pins have expired. A man-in-the-middle
    (MitM) attacker can exploit this to generate a trusted
    certificate, which could be used to conduct spoofing
    attacks. (CVE-2016-5284)");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Mozilla Firefox ESR version 45.4 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5281");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/09/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox_esr");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("Mozilla/Firefox/Version");

  exit(0);
}

include("mozilla_version.inc");

port = get_kb_item("SMB/transport");
if (!port) port = 445;

installs = get_kb_list("SMB/Mozilla/Firefox/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");

mozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'45.4', min:'45.0', severity:SECURITY_HOLE);

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(92755);
  script_version("1.11");
  script_cvs_date("Date: 2019/11/14");

  script_cve_id(
    "CVE-2016-0718",
    "CVE-2016-2830",
    "CVE-2016-2835",
    "CVE-2016-2836",
    "CVE-2016-2837",
    "CVE-2016-2838",
    "CVE-2016-5250",
    "CVE-2016-5251",
    "CVE-2016-5252",
    "CVE-2016-5253",
    "CVE-2016-5254",
    "CVE-2016-5255",
    "CVE-2016-5258",
    "CVE-2016-5259",
    "CVE-2016-5260",
    "CVE-2016-5261",
    "CVE-2016-5262",
    "CVE-2016-5263",
    "CVE-2016-5264",
    "CVE-2016-5265",
    "CVE-2016-5266",
    "CVE-2016-5268"
  );
  script_bugtraq_id(
    90729,
    92258,
    92260,
    92261
  );
  script_xref(name:"MFSA", value:"2016-62");
  script_xref(name:"MFSA", value:"2016-63");
  script_xref(name:"MFSA", value:"2016-64");
  script_xref(name:"MFSA", value:"2016-66");
  script_xref(name:"MFSA", value:"2016-67");
  script_xref(name:"MFSA", value:"2016-68");
  script_xref(name:"MFSA", value:"2016-69");
  script_xref(name:"MFSA", value:"2016-70");
  script_xref(name:"MFSA", value:"2016-71");
  script_xref(name:"MFSA", value:"2016-72");
  script_xref(name:"MFSA", value:"2016-73");
  script_xref(name:"MFSA", value:"2016-74");
  script_xref(name:"MFSA", value:"2016-75");
  script_xref(name:"MFSA", value:"2016-76");
  script_xref(name:"MFSA", value:"2016-77");
  script_xref(name:"MFSA", value:"2016-78");
  script_xref(name:"MFSA", value:"2016-79");
  script_xref(name:"MFSA", value:"2016-80");
  script_xref(name:"MFSA", value:"2016-81");
  script_xref(name:"MFSA", value:"2016-83");
  script_xref(name:"MFSA", value:"2016-84");

  script_name(english:"Firefox < 48 Multiple Vulnerabilities");
  script_summary(english:"Checks the version of Firefox.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Firefox installed on the remote Windows host is prior
to 48. It is, therefore, affected by multiple vulnerabilities :

  - An overflow condition exists in the expat XML parser due
    to improper validation of user-supplied input when
    handling malformed input documents. An attacker can
    exploit this to cause a buffer overflow, resulting in a
    denial of service condition or the execution of
    arbitrary code. (CVE-2016-0718)

  - An information disclosure vulnerability exists due to a
    failure to close connections after requesting favicons.
    An attacker can exploit this to continue to send
    requests to the user's browser and disclose sensitive
    information.(CVE-2016-2830)

  - Multiple memory corruption issues exist due to improper
    validation of user-supplied input. An attacker can
    exploit these issues to cause a denial of service
    condition or the execution of arbitrary code.
    (CVE-2016-2835, CVE-2016-2836)

  - An overflow condition exists in the ClearKey Content
    Decryption Module (CDM) used by the Encrypted Media
    Extensions (EME) API due to improper validation of
    user-supplied input. An attacker can exploit this to
    cause a buffer overflow, resulting in a denial of
    service condition or the execution of arbitrary code.
    (CVE-2016-2837)

  - An overflow condition exists in the ProcessPDI()
    function in layout/base/nsBidi.cpp due to improper
    validation of user-supplied input. An attacker can
    exploit this to cause a heap-based buffer overflow,
    resulting in a denial of service condition or the
    execution of arbitrary code. (CVE-2016-2838)

  - A flaw exists in the Resource Timing API during page
    navigation. An attacker can exploit this to disclose
    sensitive information. (CVE-2016-5250)

  - A flaw exists that is triggered when decoding
    url-encoded values in 'data:' URLs. An attacker can
    exploit this, via non-ASCII or emoji characters, to
    spoof the address in the address bar. (CVE-2016-5251)

  - An underflow condition exists in the BasePoint4d()
    function in gfx/2d/Matrix.h due to improper validation
    of user-supplied input when calculating clipping regions
    in 2D graphics. A remote attacker can exploit this to
    cause a stack-based buffer underflow, resulting in a
    denial of service condition or the execution of
    arbitrary code. (CVE-2016-5252)

  - A flaw in the updater service exists when launched using
    the callback application path parameter that allows an
    attacker to escalate privileges. (CVE-2016-5253)

  - A use-after-free error exists in the KeyDown() function
    in layout/xul/nsXULPopupManager.cpp when using the alt
    key in conjunction with top level menu items. An
    attacker can exploit this to dereference already freed
    memory, resulting in a denial of service condition or
    the execution of arbitrary code. (CVE-2016-5254)

  - A use-after-free error exists in the sweep() function
    that is triggered when handling objects and pointers
    during incremental garbage collection. An attacker can
    exploit this to dereference already freed memory,
    resulting in a denial of service condition or the
    execution of arbitrary code. (CVE-2016-5255)

  - A use-after-free error exists in WebRTC that is
    triggered when handling DTLS objects. An attacker can
    exploit this to dereference already freed memory,
    resulting in a denial of service condition or the
    execution of arbitrary code. (CVE-2016-5258)

  - A use-after-free error exists in the DestroySyncLoop()
    function in dom/workers/WorkerPrivate.cpp that is
    triggered when handling nested sync event loops in
    Service Workers. An attacker can exploit this to
    dereference already freed memory, resulting in a denial
    of service condition or the execution of arbitrary code.
    (CVE-2016-5259)

  - An information disclosure vulnerability exists in the
    restorableFormNodes() function in XPathGenerator.jsm due
    to persistently storing passwords in plaintext in
    session restore data. An attacker can exploit this to
    disclose password information. (CVE-2016-5260)

  - An integer overflow condition exists in the
    ProcessInput() function in WebSocketChannel.cpp due to
    improper validation of user-supplied input when handling
    specially crafted WebSocketChannel packets. An attacker
    can exploit this to cause a denial of service condition
    or the execution of arbitrary code. (CVE-2016-5261)

  - A security bypass vulnerability exists due to event
    handler attributes on a <marquee> tag being executed
    inside a sandboxed iframe that does not have the
    allow-scripts flag set. An attacker can exploit this to
    bypass cross-site scripting protection mechanisms.
    (CVE-2016-5262)

  - A type confusion flaw exists in the HitTest() function
    in nsDisplayList.cpp when handling display
    transformations. An attacker can exploit this to execute
    arbitrary code. (CVE-2016-5263)

  - A use-after-free error exists in the
    NativeAnonymousChildListChange() function when applying
    effects to SVG elements. An attacker can exploit this to
    dereference already freed memory, resulting in a denial
    of service condition or the execution of arbitrary code.
    (CVE-2016-5264)

  - A flaw exists in the Redirect() function in
    nsBaseChannel.cpp that is triggered when a malicious 
    shortcut is called from the same directory as a local
    HTML file. An attacker can exploit this to bypass the
    same-origin policy. (CVE-2016-5265)

  - A flaw exists due to a failure to properly filter file
    URIs dragged from a web page to a different piece of
    software. An attacker can exploit this to disclose
    sensitive information. (CVE-2016-5266)

  - A flaw exists that is triggered when handling certain
    specific 'about:' URLs that allows an attacker to spoof
    the contents of system information or error messages
    (CVE-2016-5268)

  - A flaw exists in woff2 that is triggered during the
    handling of TTC detection. An attacker can exploit this
    to have an unspecified impact.

  - Multiple unspecified flaws exist in woff2 that allow an
    attacker to cause a denial of service condition.");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-69/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-71/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-74/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-75/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-83/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Firefox version 48 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5261");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/08/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("Mozilla/Firefox/Version");

  exit(0);
}

include("mozilla_version.inc");

port = get_kb_item("SMB/transport");
if (!port) port = 445;

installs = get_kb_list("SMB/Mozilla/Firefox/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");

mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'48', severity:SECURITY_HOLE, xss:TRUE);

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include("compat.inc");

if (description)
{
  script_id(93643);
  script_version("2.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2016-5250", "CVE-2016-5257", "CVE-2016-5261", "CVE-2016-5270", "CVE-2016-5272", "CVE-2016-5274", "CVE-2016-5276", "CVE-2016-5277", "CVE-2016-5278", "CVE-2016-5280", "CVE-2016-5281", "CVE-2016-5284");

  script_name(english:"Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20160921)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update upgrades Firefox to version 45.4.0 ESR.

Security Fix(es) :

  - Multiple flaws were found in the processing of malformed
    web content. A web page containing malicious content
    could cause Firefox to crash or, potentially, execute
    arbitrary code with the privileges of the user running
    Firefox. (CVE-2016-5257, CVE-2016-5278, CVE-2016-5270,
    CVE-2016-5272, CVE-2016-5274, CVE-2016-5276,
    CVE-2016-5277, CVE-2016-5280, CVE-2016-5281,
    CVE-2016-5284, CVE-2016-5250, CVE-2016-5261)"
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1609&L=scientific-linux-errata&F=&S=&P=8155
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?1d7f8c68"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected firefox and / or firefox-debuginfo packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:firefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/09/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/22");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL5", reference:"firefox-45.4.0-1.el5_11")) flag++;
if (rpm_check(release:"SL5", reference:"firefox-debuginfo-45.4.0-1.el5_11")) flag++;

if (rpm_check(release:"SL6", reference:"firefox-45.4.0-1.el6_8")) flag++;
if (rpm_check(release:"SL6", reference:"firefox-debuginfo-45.4.0-1.el6_8")) flag++;

if (rpm_check(release:"SL7", cpu:"x86_64", reference:"firefox-45.4.0-1.el7_2")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"firefox-debuginfo-45.4.0-1.el7_2")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / firefox-debuginfo");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3044-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(92785);
  script_version("2.14");
  script_cvs_date("Date: 2019/09/18 12:31:46");

  script_cve_id("CVE-2016-0718", "CVE-2016-2830", "CVE-2016-2835", "CVE-2016-2836", "CVE-2016-2837", "CVE-2016-2838", "CVE-2016-2839", "CVE-2016-5250", "CVE-2016-5251", "CVE-2016-5252", "CVE-2016-5254", "CVE-2016-5255", "CVE-2016-5258", "CVE-2016-5259", "CVE-2016-5260", "CVE-2016-5261", "CVE-2016-5262", "CVE-2016-5263", "CVE-2016-5264", "CVE-2016-5265", "CVE-2016-5266", "CVE-2016-5268");
  script_xref(name:"USN", value:"3044-1");

  script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : firefox vulnerabilities (USN-3044-1)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Gustavo Grieco discovered an out-of-bounds read during XML parsing in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or obtain sensitive
information. (CVE-2016-0718)

Toni Huttunen discovered that once a favicon is requested from a site,
the remote server can keep the network connection open even after the
page is closed. A remote attacked could potentially exploit this to
track users, resulting in information disclosure. (CVE-2016-2830)

Christian Holler, Tyson Smith, Boris Zbarsky, Byron Campen, Julian
Seward, Carsten Book, Gary Kwong, Jesse Ruderman, Andrew McCreight,
and Phil Ringnalda discovered multiple memory safety issues in
Firefox. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit these to cause a denial
of service via application crash, or execute arbitrary code.
(CVE-2016-2835, CVE-2016-2836)

A buffer overflow was discovered in the ClearKey Content Decryption
Module (CDM) during video playback. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via plugin process crash,
or, in combination with another vulnerability to escape the GMP
sandbox, execute arbitrary code. (CVE-2016-2837)

Atte Kettunen discovered a buffer overflow when rendering SVG content
in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this
to cause a denial of service via application crash, or execute
arbitrary code. (CVE-2016-2838)

Bert Massop discovered a crash in Cairo with version 0.10 of FFmpeg.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to execute arbitrary code.
(CVE-2016-2839)

Catalin Dumitru discovered that URLs of resources loaded after a
navigation start could be leaked to the following page via the
Resource Timing API. An attacker could potentially exploit this to
obtain sensitive information. (CVE-2016-5250)

Firas Salem discovered an issue with non-ASCII and emoji characters in
data: URLs. An attacker could potentially exploit this to spoof the
addressbar contents. (CVE-2016-5251)

Georg Koppen discovered a stack buffer underflow during 2D graphics
rendering in some circumstances. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via application crash, or execute
arbitrary code. (CVE-2016-5252)

Abhishek Arya discovered a use-after-free when the alt key is used
with top-level menus. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code.
(CVE-2016-5254)

Jukka Jylanki discovered a crash during garbage collection. If a user
were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to execute arbitrary code.
(CVE-2016-5255)

Looben Yang discovered a use-after-free in WebRTC. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-5258)

Looben Yang discovered a use-after-free when working with nested sync
events in service workers. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this
to cause a denial of service via application crash, or execute
arbitrary code. (CVE-2016-5259)

Mike Kaply discovered that plain-text passwords can be stored in
session restore if an input field type is changed from 'password' to
'text' during a session, leading to information disclosure.
(CVE-2016-5260)

Samuel Gross discovered an integer overflow in WebSockets during data
buffering in some circumstances. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via application crash, or execute
arbitrary code. (CVE-2016-5261)

Nikita Arykov discovered that JavaScript event handlers on a <marquee>
element can execute in a sandboxed iframe without the allow-scripts
flag set. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to conduct
cross-site scripting (XSS) attacks. (CVE-2016-5262)

A type confusion bug was discovered in display transformation during
rendering. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial
of service via application crash, or execute arbitrary code.
(CVE-2016-5263)

A use-after-free was discovered when applying effects to SVG elements
in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this
to cause a denial of service via application crash, or execute
arbitrary code. (CVE-2016-5264)

Abdulrahman Alqabandi discovered a same-origin policy violation
relating to local HTML files and saved shortcut files. An attacker
could potentially exploit this to obtain sensitive information.
(CVE-2016-5265)

Rafael Gieschke discovered an information disclosure issue related to
drag and drop. An attacker could potentially exploit this to obtain
sensitive information. (CVE-2016-5266)

A text injection issue was discovered with about: URLs. An attacker
could potentially exploit this to spoof internal error pages.
(CVE-2016-5268).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/3044-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected firefox package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/08/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/08");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(12\.04|14\.04|16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 16.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"12.04", pkgname:"firefox", pkgver:"48.0+build2-0ubuntu0.12.04.1")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"firefox", pkgver:"48.0+build2-0ubuntu0.14.04.1")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"firefox", pkgver:"48.0+build2-0ubuntu0.16.04.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
}