Vulnerabilities > CVE-2016-5274 - Use After Free vulnerability in Mozilla Firefox

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
mozilla
CWE-416
critical
nessus

Summary

Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation.

Vulnerable Configurations

Part Description Count
Application
Mozilla
459

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1119.NASL
    descriptionThis update for MozillaFirefox and mozilla-nss fixes the following issues : MozillaFirefox was updated to version 49.0 (boo#999701) - New features - Updated Firefox Login Manager to allow HTTPS pages to use saved HTTP logins. - Added features to Reader Mode that make it easier on the eyes and the ears - Improved video performance for users on systems that support SSE3 without hardware acceleration - Added context menu controls to HTML5 audio and video that let users loops files or play files at 1.25x speed - Improvements in about:memory reports for tracking font memory usage - Security related fixes - MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in PropertyProvider::GetSpacingInternal CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin CVE-2016-5273 (bmo#1280387) - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList CVE-2016-5274 (bmo#1282076) - use-after-free in nsFrameManager::CaptureFrameState CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame CVE-2016-5279 (bmo#1249522) - Full local path of files is available to web pages after drag and drop CVE-2016-5280 (bmo#1289970) - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromM ap CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength CVE-2016-5282 (bmo#932335) - Don
    last seen2020-06-05
    modified2016-09-26
    plugin id93705
    published2016-09-26
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/93705
    titleopenSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-1119)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2016-1119.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93705);
      script_version("2.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-2827", "CVE-2016-5256", "CVE-2016-5257", "CVE-2016-5270", "CVE-2016-5271", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5274", "CVE-2016-5275", "CVE-2016-5276", "CVE-2016-5277", "CVE-2016-5278", "CVE-2016-5279", "CVE-2016-5280", "CVE-2016-5281", "CVE-2016-5282", "CVE-2016-5283", "CVE-2016-5284");
    
      script_name(english:"openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-1119)");
      script_summary(english:"Check for the openSUSE-2016-1119 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for MozillaFirefox and mozilla-nss fixes the following
    issues :
    
    MozillaFirefox was updated to version 49.0 (boo#999701)
    
      - New features
    
      - Updated Firefox Login Manager to allow HTTPS pages to
        use saved HTTP logins.
    
      - Added features to Reader Mode that make it easier on the
        eyes and the ears
    
      - Improved video performance for users on systems that
        support SSE3 without hardware acceleration
    
      - Added context menu controls to HTML5 audio and video
        that let users loops files or play files at 1.25x speed
    
      - Improvements in about:memory reports for tracking font
        memory usage
    
      - Security related fixes
    
      - MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds
        read in mozilla::net::IsValidReferrerPolicy
        CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in
        nsCaseTransformTextRunFactory::TransformString
        CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in
        PropertyProvider::GetSpacingInternal CVE-2016-5272
        (bmo#1297934) - Bad cast in nsImageGeometryMixin
        CVE-2016-5273 (bmo#1280387) - crash in
        mozilla::a11y::HyperTextAccessible::GetChildOffset
        CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in
        mozilla::a11y::DocAccessible::ProcessInvalidationList
        CVE-2016-5274 (bmo#1282076) - use-after-free in
        nsFrameManager::CaptureFrameState CVE-2016-5277
        (bmo#1291665) - Heap-use-after-free in
        nsRefreshDriver::Tick CVE-2016-5275 (bmo#1287316) -
        global-buffer-overflow in
        mozilla::gfx::FilterSupport::ComputeSourceNeededRegions
        CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in
        nsBMPEncoder::AddImageFrame CVE-2016-5279 (bmo#1249522)
        - Full local path of files is available to web pages
        after drag and drop CVE-2016-5280 (bmo#1289970) -
        Use-after-free in
        mozilla::nsTextNodeDirectionalityMap::RemoveElementFromM
        ap CVE-2016-5281 (bmo#1284690) - use-after-free in
        DOMSVGLength CVE-2016-5282 (bmo#932335) - Don't allow
        content to request favicons from non-whitelisted schemes
        CVE-2016-5283 (bmo#928187) - <iframe src> fragment
        timing attack can reveal cross-origin data CVE-2016-5284
        (bmo#1303127) - Add-on update site certificate pin
        expiration CVE-2016-5256 - Memory safety bugs fixed in
        Firefox 49 CVE-2016-5257 - Memory safety bugs fixed in
        Firefox 49 and Firefox ESR 45.4
    
      - requires NSS 3.25
    
      - Mozilla Firefox 48.0.2 :
    
      - Mitigate a startup crash issue caused on Windows
        (bmo#1291738)
    
    mozilla-nss was updated to NSS 3.25. New functionality :
    
      - Implemented DHE key agreement for TLS 1.3
    
      - Added support for ChaCha with TLS 1.3
    
      - Added support for TLS 1.2 ciphersuites that use SHA384
        as the PRF
    
      - In previous versions, when using client authentication
        with TLS 1.2, NSS only supported certificate_verify
        messages that used the same signature hash algorithm as
        used by the PRF. This limitation has been removed.
    
      - Several functions have been added to the public API of
        the NSS Cryptoki Framework. New functions :
    
      - NSSCKFWSlot_GetSlotID
    
      - NSSCKFWSession_GetFWSlot
    
      - NSSCKFWInstance_DestroySessionHandle
    
      - NSSCKFWInstance_FindSessionHandle Notable changes :
    
      - An SSL socket can no longer be configured to allow both
        TLS 1.3 and SSLv3
    
      - Regression fix: NSS no longer reports a failure if an
        application attempts to disable the SSLv2 protocol.
    
      - The list of trusted CA certificates has been updated to
        version 2.8
    
      - The following CA certificate was Removed Sonera Class1
        CA
    
      - The following CA certificates were Added Hellenic
        Academic and Research Institutions RootCA 2015 Hellenic
        Academic and Research Institutions ECC RootCA 2015
        Certplus Root CA G1 Certplus Root CA G2 OpenTrust Root
        CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=999701"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected MozillaFirefox / mozilla-nss packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/09/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.2|SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2 / 42.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-49.0-80.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-branding-upstream-49.0-80.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-buildsymbols-49.0-80.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-debuginfo-49.0-80.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-debugsource-49.0-80.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-devel-49.0-80.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-translations-common-49.0-80.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-translations-other-49.0-80.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libfreebl3-3.25-46.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libfreebl3-debuginfo-3.25-46.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libsoftokn3-3.25-46.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libsoftokn3-debuginfo-3.25-46.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-3.25-46.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-certs-3.25-46.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-certs-debuginfo-3.25-46.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-debuginfo-3.25-46.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-debugsource-3.25-46.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-devel-3.25-46.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-sysinit-3.25-46.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-sysinit-debuginfo-3.25-46.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-tools-3.25-46.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"mozilla-nss-tools-debuginfo-3.25-46.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libfreebl3-32bit-3.25-46.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.25-46.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libsoftokn3-32bit-3.25-46.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.25-46.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"mozilla-nss-32bit-3.25-46.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.25-46.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.25-46.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.25-46.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.25-46.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.25-46.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"MozillaFirefox-49.0-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"MozillaFirefox-branding-upstream-49.0-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"MozillaFirefox-buildsymbols-49.0-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"MozillaFirefox-debuginfo-49.0-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"MozillaFirefox-debugsource-49.0-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"MozillaFirefox-devel-49.0-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"MozillaFirefox-translations-common-49.0-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"MozillaFirefox-translations-other-49.0-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"libfreebl3-3.25-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"libfreebl3-debuginfo-3.25-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"libsoftokn3-3.25-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"libsoftokn3-debuginfo-3.25-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"mozilla-nss-3.25-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"mozilla-nss-certs-3.25-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"mozilla-nss-certs-debuginfo-3.25-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"mozilla-nss-debuginfo-3.25-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"mozilla-nss-debugsource-3.25-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"mozilla-nss-devel-3.25-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"mozilla-nss-sysinit-3.25-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"mozilla-nss-sysinit-debuginfo-3.25-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"mozilla-nss-tools-3.25-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"mozilla-nss-tools-debuginfo-3.25-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libfreebl3-32bit-3.25-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.25-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libsoftokn3-32bit-3.25-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.25-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"mozilla-nss-32bit-3.25-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.25-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.25-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.25-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.25-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.25-29.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-upstream / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3112-1.NASL
    descriptionCatalin Dumitru discovered that URLs of resources loaded after a navigation start could be leaked to the following page via the Resource Timing API. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5250) Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, and Carsten Book discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5257) Atte Kettunen discovered a heap buffer overflow during text conversion with some unicode characters. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5270) Abhishek Arya discovered a bad cast when processing layout with input elements in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5272) A use-after-free was discovered in web animations during restyling. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5274) A use-after-free was discovered in accessibility. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5276) A use-after-free was discovered in web animations when destroying a timeline. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5277) A buffer overflow was discovered when encoding image frames to images in some circumstances. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5278) Mei Wang discovered a use-after-free when changing text direction. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5280) Brian Carpenter discovered a use-after-free when manipulating SVG content in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5281) An issue was discovered with the preloaded Public Key Pinning (HPKP). If a man-in-the-middle (MITM) attacker was able to obtain a fraudulent certificate for a Mozilla site, they could exploit this by providing malicious addon updates. (CVE-2016-5284). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id94352
    published2016-10-28
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94352
    titleUbuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : thunderbird vulnerabilities (USN-3112-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3112-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94352);
      script_version("2.7");
      script_cvs_date("Date: 2019/09/18 12:31:46");
    
      script_cve_id("CVE-2016-5250", "CVE-2016-5257", "CVE-2016-5270", "CVE-2016-5272", "CVE-2016-5274", "CVE-2016-5276", "CVE-2016-5277", "CVE-2016-5278", "CVE-2016-5280", "CVE-2016-5281", "CVE-2016-5284");
      script_xref(name:"USN", value:"3112-1");
    
      script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : thunderbird vulnerabilities (USN-3112-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Catalin Dumitru discovered that URLs of resources loaded after a
    navigation start could be leaked to the following page via the
    Resource Timing API. If a user were tricked in to opening a specially
    crafted website in a browsing context, an attacker could potentially
    exploit this to obtain sensitive information. (CVE-2016-5250)
    
    Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon
    Coppeard, Steve Fink, Tyson Smith, and Carsten Book discovered
    multiple memory safety issues in Thunderbird. If a user were tricked
    in to opening a specially crafted message, an attacker could
    potentially exploit these to cause a denial of service via application
    crash, or execute arbitrary code. (CVE-2016-5257)
    
    Atte Kettunen discovered a heap buffer overflow during text conversion
    with some unicode characters. If a user were tricked in to opening a
    specially crafted message, an attacker could potentially exploit this
    to cause a denial of service via application crash, or execute
    arbitrary code. (CVE-2016-5270)
    
    Abhishek Arya discovered a bad cast when processing layout with input
    elements in some circumstances. If a user were tricked in to opening a
    specially crafted website in a browsing context, an attacker could
    potentially exploit this to cause a denial of service via application
    crash, or execute arbitrary code. (CVE-2016-5272)
    
    A use-after-free was discovered in web animations during restyling. If
    a user were tricked in to opening a specially crafted website in a
    browsing context, an attacker could potentially exploit this to cause
    a denial of service via application crash, or execute arbitrary code.
    (CVE-2016-5274)
    
    A use-after-free was discovered in accessibility. If a user were
    tricked in to opening a specially crafted website in a browsing
    context, an attacker could potentially exploit this to cause a denial
    of service via application crash, or execute arbitrary code.
    (CVE-2016-5276)
    
    A use-after-free was discovered in web animations when destroying a
    timeline. If a user were tricked in to opening a specially crafted
    website in a browsing context, an attacker could potentially exploit
    this to cause a denial of service via application crash, or execute
    arbitrary code. (CVE-2016-5277)
    
    A buffer overflow was discovered when encoding image frames to images
    in some circumstances. If a user were tricked in to opening a
    specially crafted message, an attacker could potentially exploit this
    to cause a denial of service via application crash, or execute
    arbitrary code. (CVE-2016-5278)
    
    Mei Wang discovered a use-after-free when changing text direction. If
    a user were tricked in to opening a specially crafted website in a
    browsing context, an attacker could potentially exploit this to cause
    a denial of service via application crash, or execute arbitrary code.
    (CVE-2016-5280)
    
    Brian Carpenter discovered a use-after-free when manipulating SVG
    content in some circumstances. If a user were tricked in to opening a
    specially crafted website in a browsing context, an attacker could
    potentially exploit this to cause a denial of service via application
    crash, or execute arbitrary code. (CVE-2016-5281)
    
    An issue was discovered with the preloaded Public Key Pinning (HPKP).
    If a man-in-the-middle (MITM) attacker was able to obtain a fraudulent
    certificate for a Mozilla site, they could exploit this by providing
    malicious addon updates. (CVE-2016-5284).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3112-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected thunderbird package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:thunderbird");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/10/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04|14\.04|16\.04|16\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 16.04 / 16.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"thunderbird", pkgver:"1:45.4.0+build1-0ubuntu0.12.04.1")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"thunderbird", pkgver:"1:45.4.0+build1-0ubuntu0.14.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"thunderbird", pkgver:"1:45.4.0+build1-0ubuntu0.16.04.1")) flag++;
    if (ubuntu_check(osver:"16.10", pkgname:"thunderbird", pkgver:"1:45.4.0+build1-0ubuntu0.16.10.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2016-1046.NASL
    descriptionAccording to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Mozilla Firefox before 48.0 allows remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.(CVE-2016-5250) - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.(CVE-2016-5257) - Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering.(CVE-2016-5261) - Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion.(CVE-2016-5270) - The nsImageGeometryMixin class in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site.(CVE-2016-5272) - Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation.(CVE-2016-5274) - Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute.(CVE-2016-5276) - Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation.(CVE-2016-5277) - Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image.(CVE-2016-5278) - Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFrom Map function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code via bidirectional text.(CVE-2016-5280) - Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.(CVE-2016-5281) - Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.(CVE-2016-5284) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-01
    plugin id99809
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99809
    titleEulerOS 2.0 SP1 : firefox (EulerOS-SA-2016-1046)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99809);
      script_version("1.37");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/07");
    
      script_cve_id(
        "CVE-2016-5250",
        "CVE-2016-5257",
        "CVE-2016-5261",
        "CVE-2016-5270",
        "CVE-2016-5272",
        "CVE-2016-5274",
        "CVE-2016-5276",
        "CVE-2016-5277",
        "CVE-2016-5278",
        "CVE-2016-5280",
        "CVE-2016-5281",
        "CVE-2016-5284"
      );
    
      script_name(english:"EulerOS 2.0 SP1 : firefox (EulerOS-SA-2016-1046)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the firefox package installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - Mozilla Firefox before 48.0 allows remote attackers to
        obtain sensitive information about the previously
        retrieved page via Resource Timing API
        calls.(CVE-2016-5250)
    
      - Multiple unspecified vulnerabilities in the browser
        engine in Mozilla Firefox before 49.0 and Firefox ESR
        45.x before 45.4 allow remote attackers to cause a
        denial of service (memory corruption and application
        crash) or possibly execute arbitrary code via unknown
        vectors.(CVE-2016-5257)
    
      - Integer overflow in the WebSocketChannel class in the
        WebSockets subsystem in Mozilla Firefox before 48.0
        allows remote attackers to execute arbitrary code or
        cause a denial of service (memory corruption) via
        crafted packets that trigger incorrect buffer-resize
        operations during buffering.(CVE-2016-5261)
    
      - Heap-based buffer overflow in the
        nsCaseTransformTextRunFactory::TransformString function
        in Mozilla Firefox before 49.0 and Firefox ESR 45.x
        before 45.4 allows remote attackers to cause a denial
        of service (boolean out-of-bounds write) or possibly
        have unspecified other impact via Unicode characters
        that are mishandled during text
        conversion.(CVE-2016-5270)
    
      - The nsImageGeometryMixin class in Mozilla Firefox
        before 49.0 and Firefox ESR 45.x before 45.4 does not
        properly perform a cast of an unspecified variable
        during handling of INPUT elements, which allows remote
        attackers to execute arbitrary code via a crafted web
        site.(CVE-2016-5272)
    
      - Use-after-free vulnerability in the
        nsFrameManager::CaptureFrameState function in Mozilla
        Firefox before 49.0 and Firefox ESR 45.x before 45.4
        allows remote attackers to execute arbitrary code by
        leveraging improper interaction between restyling and
        the Web Animations model implementation.(CVE-2016-5274)
    
      - Use-after-free vulnerability in the
        mozilla::a11y::DocAccessible::ProcessInvalidationList
        function in Mozilla Firefox before 49.0 and Firefox ESR
        45.x before 45.4 allows remote attackers to execute
        arbitrary code or cause a denial of service (heap
        memory corruption) via an aria-owns
        attribute.(CVE-2016-5276)
    
      - Use-after-free vulnerability in the
        nsRefreshDriver::Tick function in Mozilla Firefox
        before 49.0 and Firefox ESR 45.x before 45.4 allows
        remote attackers to execute arbitrary code or cause a
        denial of service (heap memory corruption) by
        leveraging improper interaction between timeline
        destruction and the Web Animations model
        implementation.(CVE-2016-5277)
    
      - Heap-based buffer overflow in the
        nsBMPEncoder::AddImageFrame function in Mozilla Firefox
        before 49.0 and Firefox ESR 45.x before 45.4 allows
        remote attackers to execute arbitrary code via a
        crafted image data that is mishandled during the
        encoding of an image frame to an image.(CVE-2016-5278)
    
      - Use-after-free vulnerability in the
        mozilla::nsTextNodeDirectionalityMap::RemoveElementFrom
        Map function in Mozilla Firefox before 49.0 and Firefox
        ESR 45.x before 45.4 allows remote attackers to execute
        arbitrary code via bidirectional text.(CVE-2016-5280)
    
      - Use-after-free vulnerability in the DOMSVGLength class
        in Mozilla Firefox before 49.0 and Firefox ESR 45.x
        before 45.4 allows remote attackers to execute
        arbitrary code by leveraging improper interaction
        between JavaScript code and an SVG
        document.(CVE-2016-5281)
    
      - Mozilla Firefox before 49.0 and Firefox ESR 45.x before
        45.4 rely on unintended expiration dates for Preloaded
        Public Key Pinning, which allows man-in-the-middle
        attackers to spoof add-on updates by leveraging
        possession of an X.509 server certificate for
        addons.mozilla.org signed by an arbitrary built-in
        Certification Authority.(CVE-2016-5284)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1046
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?080de640");
      script_set_attribute(attribute:"solution", value:
    "Update the affected firefox packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/09/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/01");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:firefox");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["firefox-45.4.0-1"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg, allowmaj:TRUE)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1128.NASL
    descriptionMozillaFirefox was updated to version 49.0 (boo#999701) - New features - Updated Firefox Login Manager to allow HTTPS pages to use saved HTTP logins. - Added features to Reader Mode that make it easier on the eyes and the ears - Improved video performance for users on systems that support SSE3 without hardware acceleration - Added context menu controls to HTML5 audio and video that let users loops files or play files at 1.25x speed - Improvements in about:memory reports for tracking font memory usage - Security related fixes - MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in PropertyProvider::GetSpacingInternal CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin CVE-2016-5273 (bmo#1280387) - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList CVE-2016-5274 (bmo#1282076) - use-after-free in nsFrameManager::CaptureFrameState CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame CVE-2016-5279 (bmo#1249522) - Full local path of files is available to web pages after drag and drop CVE-2016-5280 (bmo#1289970) - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromM ap CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength CVE-2016-5282 (bmo#932335) - Don
    last seen2020-06-05
    modified2016-09-27
    plugin id93732
    published2016-09-27
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/93732
    titleopenSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-1128)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2016-1128.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93732);
      script_version("2.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-2827", "CVE-2016-5256", "CVE-2016-5257", "CVE-2016-5270", "CVE-2016-5271", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5274", "CVE-2016-5275", "CVE-2016-5276", "CVE-2016-5277", "CVE-2016-5278", "CVE-2016-5279", "CVE-2016-5280", "CVE-2016-5281", "CVE-2016-5282", "CVE-2016-5283", "CVE-2016-5284");
    
      script_name(english:"openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-1128)");
      script_summary(english:"Check for the openSUSE-2016-1128 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "MozillaFirefox was updated to version 49.0 (boo#999701)
    
      - New features
    
      - Updated Firefox Login Manager to allow HTTPS pages to
        use saved HTTP logins.
    
      - Added features to Reader Mode that make it easier on the
        eyes and the ears
    
      - Improved video performance for users on systems that
        support SSE3 without hardware acceleration
    
      - Added context menu controls to HTML5 audio and video
        that let users loops files or play files at 1.25x speed
    
      - Improvements in about:memory reports for tracking font
        memory usage
    
      - Security related fixes
    
      - MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds
        read in mozilla::net::IsValidReferrerPolicy
        CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in
        nsCaseTransformTextRunFactory::TransformString
        CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in
        PropertyProvider::GetSpacingInternal CVE-2016-5272
        (bmo#1297934) - Bad cast in nsImageGeometryMixin
        CVE-2016-5273 (bmo#1280387) - crash in
        mozilla::a11y::HyperTextAccessible::GetChildOffset
        CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in
        mozilla::a11y::DocAccessible::ProcessInvalidationList
        CVE-2016-5274 (bmo#1282076) - use-after-free in
        nsFrameManager::CaptureFrameState CVE-2016-5277
        (bmo#1291665) - Heap-use-after-free in
        nsRefreshDriver::Tick CVE-2016-5275 (bmo#1287316) -
        global-buffer-overflow in
        mozilla::gfx::FilterSupport::ComputeSourceNeededRegions
        CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in
        nsBMPEncoder::AddImageFrame CVE-2016-5279 (bmo#1249522)
        - Full local path of files is available to web pages
        after drag and drop CVE-2016-5280 (bmo#1289970) -
        Use-after-free in
        mozilla::nsTextNodeDirectionalityMap::RemoveElementFromM
        ap CVE-2016-5281 (bmo#1284690) - use-after-free in
        DOMSVGLength CVE-2016-5282 (bmo#932335) - Don't allow
        content to request favicons from non-whitelisted schemes
        CVE-2016-5283 (bmo#928187) - <iframe src> fragment
        timing attack can reveal cross-origin data CVE-2016-5284
        (bmo#1303127) - Add-on update site certificate pin
        expiration CVE-2016-5256 - Memory safety bugs fixed in
        Firefox 49 CVE-2016-5257 - Memory safety bugs fixed in
        Firefox 49 and Firefox ESR 45.4
    
      - requires NSS 3.25
    
      - Mozilla Firefox 48.0.2 :
    
      - Mitigate a startup crash issue caused on Windows
        (bmo#1291738)
    
        mozilla-nss was updated to NSS 3.25. New functionality :
    
      - Implemented DHE key agreement for TLS 1.3
    
      - Added support for ChaCha with TLS 1.3
    
      - Added support for TLS 1.2 ciphersuites that use SHA384
        as the PRF
    
      - In previous versions, when using client authentication
        with TLS 1.2, NSS only supported certificate_verify
        messages that used the same signature hash algorithm as
        used by the PRF. This limitation has been removed.
    
      - Several functions have been added to the public API of
        the NSS Cryptoki Framework. New functions :
    
      - NSSCKFWSlot_GetSlotID
    
      - NSSCKFWSession_GetFWSlot
    
      - NSSCKFWInstance_DestroySessionHandle
    
      - NSSCKFWInstance_FindSessionHandle Notable changes :
    
      - An SSL socket can no longer be configured to allow both
        TLS 1.3 and SSLv3
    
      - Regression fix: NSS no longer reports a failure if an
        application attempts to disable the SSLv2 protocol.
    
      - The list of trusted CA certificates has been updated to
        version 2.8
    
      - The following CA certificate was Removed Sonera Class1
        CA
    
      - The following CA certificates were Added Hellenic
        Academic and Research Institutions RootCA 2015 Hellenic
        Academic and Research Institutions ECC RootCA 2015
        Certplus Root CA G1 Certplus Root CA G2 OpenTrust Root
        CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1249522"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1280387"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1282076"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1284690"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1287316"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1287721"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1288946"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1289085"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1289970"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1291016"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1291665"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1291738"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1294677"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1297934"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1303127"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1304114"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1304783"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=928187"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=932335"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=999701"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected MozillaFirefox / mozilla-nss packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/09/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/27");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-49.0.1-125.2") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-branding-upstream-49.0.1-125.2") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-buildsymbols-49.0.1-125.2") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-debuginfo-49.0.1-125.2") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-debugsource-49.0.1-125.2") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-devel-49.0.1-125.2") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-translations-common-49.0.1-125.2") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-translations-other-49.0.1-125.2") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libfreebl3-3.25-91.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libfreebl3-debuginfo-3.25-91.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libsoftokn3-3.25-91.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libsoftokn3-debuginfo-3.25-91.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-3.25-91.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-certs-3.25-91.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-certs-debuginfo-3.25-91.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-debuginfo-3.25-91.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-debugsource-3.25-91.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-devel-3.25-91.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-sysinit-3.25-91.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-sysinit-debuginfo-3.25-91.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-tools-3.25-91.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"mozilla-nss-tools-debuginfo-3.25-91.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libfreebl3-32bit-3.25-91.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.25-91.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsoftokn3-32bit-3.25-91.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.25-91.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-32bit-3.25-91.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.25-91.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.25-91.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.25-91.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.25-91.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.25-91.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-upstream / etc");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-1912.NASL
    descriptionFrom Red Hat Security Advisory 2016:1912 : An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.4.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-5257, CVE-2016-5278, CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284, CVE-2016-5250, CVE-2016-5261) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Samuel Gross, Brian Carpenter, Mei Wang, Ryan Duff, Catalin Dumitru, Mozilla developers, Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, Carsten Book, Abhishek Arya, Atte Kettunen, and Nils as the original reporters.
    last seen2020-05-31
    modified2016-09-22
    plugin id93641
    published2016-09-22
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93641
    titleOracle Linux 5 / 6 / 7 : firefox (ELSA-2016-1912)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2016:1912 and 
    # Oracle Linux Security Advisory ELSA-2016-1912 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93641);
      script_version("2.12");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29");
    
      script_cve_id("CVE-2016-5250", "CVE-2016-5257", "CVE-2016-5261", "CVE-2016-5270", "CVE-2016-5272", "CVE-2016-5274", "CVE-2016-5276", "CVE-2016-5277", "CVE-2016-5278", "CVE-2016-5280", "CVE-2016-5281", "CVE-2016-5284");
      script_xref(name:"RHSA", value:"2016:1912");
    
      script_name(english:"Oracle Linux 5 / 6 / 7 : firefox (ELSA-2016-1912)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Oracle Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "From Red Hat Security Advisory 2016:1912 :
    
    An update for firefox is now available for Red Hat Enterprise Linux 5,
    Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Critical. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Mozilla Firefox is an open source web browser.
    
    This update upgrades Firefox to version 45.4.0 ESR.
    
    Security Fix(es) :
    
    * Multiple flaws were found in the processing of malformed web
    content. A web page containing malicious content could cause Firefox
    to crash or, potentially, execute arbitrary code with the privileges
    of the user running Firefox. (CVE-2016-5257, CVE-2016-5278,
    CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276,
    CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284,
    CVE-2016-5250, CVE-2016-5261)
    
    Red Hat would like to thank the Mozilla project for reporting these
    issues. Upstream acknowledges Samuel Gross, Brian Carpenter, Mei Wang,
    Ryan Duff, Catalin Dumitru, Mozilla developers, Christoph Diehl,
    Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink,
    Tyson Smith, Philipp, Carsten Book, Abhishek Arya, Atte Kettunen, and
    Nils as the original reporters."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2016-September/006350.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2016-September/006351.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2016-September/006352.html"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected firefox package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:firefox");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/09/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6 / 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL5", reference:"firefox-45.4.0-1.0.1.el5_11", allowmaj:TRUE)) flag++;
    
    if (rpm_check(release:"EL6", reference:"firefox-45.4.0-1.0.1.el6_8", allowmaj:TRUE)) flag++;
    
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"firefox-45.4.0-1.0.1.el7_2", allowmaj:TRUE)) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3076-1.NASL
    descriptionAtte Kettunen discovered an out-of-bounds read when handling certain Content Security Policy (CSP) directives in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-2827) Christoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas, Seth Fowler, Michael Smith, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, and Carsten Book discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5256, CVE-2016-5257) Atte Kettunen discovered a heap buffer overflow during text conversion with some unicode characters. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5270) Abhishek Arya discovered an out of bounds read during the processing of text runs in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-5271) Abhishek Arya discovered a bad cast when processing layout with input elements in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5272) A crash was discovered in accessibility. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-5273) A use-after-free was discovered in web animations during restyling. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5274) A buffer overflow was discovered when working with empty filters during canvas rendering. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5275) A use-after-free was discovered in accessibility. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5276) A use-after-free was discovered in web animations when destroying a timeline. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5277) A buffer overflow was discovered when encoding image frames to images in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5278) Rafael Gieschke discovered that the full path of files is available to web pages after a drag and drop operation. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5279) Mei Wang discovered a use-after-free when changing text direction. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5280) Brian Carpenter discovered a use-after-free when manipulating SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5281) Richard Newman discovered that favicons can be loaded through non-whitelisted protocols, such as jar:. (CVE-2016-5282) Gavin Sharp discovered a timing attack vulnerability involving document resizes and link colours. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5283) An issue was discovered with the preloaded Public Key Pinning (HPKP). If a man-in-the-middle (MITM) attacker was able to obtain a fraudulent certificate for a Mozilla site, they could exploit this by providing malicious addon updates. (CVE-2016-5284). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93683
    published2016-09-23
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93683
    titleUbuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : firefox vulnerabilities (USN-3076-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3076-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93683);
      script_version("2.13");
      script_cvs_date("Date: 2019/09/18 12:31:46");
    
      script_cve_id("CVE-2016-2827", "CVE-2016-5256", "CVE-2016-5257", "CVE-2016-5270", "CVE-2016-5271", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5274", "CVE-2016-5275", "CVE-2016-5276", "CVE-2016-5277", "CVE-2016-5278", "CVE-2016-5279", "CVE-2016-5280", "CVE-2016-5281", "CVE-2016-5282", "CVE-2016-5283", "CVE-2016-5284");
      script_xref(name:"USN", value:"3076-1");
    
      script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : firefox vulnerabilities (USN-3076-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Atte Kettunen discovered an out-of-bounds read when handling certain
    Content Security Policy (CSP) directives in some circumstances. If a
    user were tricked in to opening a specially crafted website, an
    attacker could potentially exploit this to cause a denial of service
    via application crash. (CVE-2016-2827)
    
    Christoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza
    Bambas, Seth Fowler, Michael Smith, Andrew McCreight, Dan Minor, Byron
    Campen, Jon Coppeard, Steve Fink, Tyson Smith, and Carsten Book
    discovered multiple memory safety issues in Firefox. If a user were
    tricked in to opening a specially crafted website, an attacker could
    potentially exploit these to cause a denial of service via application
    crash, or execute arbitrary code. (CVE-2016-5256, CVE-2016-5257)
    
    Atte Kettunen discovered a heap buffer overflow during text conversion
    with some unicode characters. If a user were tricked in to opening a
    specially crafted website, an attacker could potentially exploit this
    to cause a denial of service via application crash, or execute
    arbitrary code. (CVE-2016-5270)
    
    Abhishek Arya discovered an out of bounds read during the processing
    of text runs in some circumstances. If a user were tricked in to
    opening a specially crafted website, an attacker could potentially
    exploit this to cause a denial of service via application crash.
    (CVE-2016-5271)
    
    Abhishek Arya discovered a bad cast when processing layout with input
    elements in some circumstances. If a user were tricked in to opening a
    specially crafted website, an attacker could potentially exploit this
    to cause a denial of service via application crash, or execute
    arbitrary code. (CVE-2016-5272)
    
    A crash was discovered in accessibility. If a user were tricked in to
    opening a specially crafted website, an attacker could potentially
    exploit this to execute arbitrary code. (CVE-2016-5273)
    
    A use-after-free was discovered in web animations during restyling. If
    a user were tricked in to opening a specially crafted website, an
    attacker could potentially exploit this to cause a denial of service
    via application crash, or execute arbitrary code. (CVE-2016-5274)
    
    A buffer overflow was discovered when working with empty filters
    during canvas rendering. If a user were tricked in to opening a
    specially crafted website, an attacker could potentially exploit this
    to cause a denial of service via application crash, or execute
    arbitrary code. (CVE-2016-5275)
    
    A use-after-free was discovered in accessibility. If a user were
    tricked in to opening a specially crafted website, an attacker could
    potentially exploit this to cause a denial of service via application
    crash, or execute arbitrary code. (CVE-2016-5276)
    
    A use-after-free was discovered in web animations when destroying a
    timeline. If a user were tricked in to opening a specially crafted
    website, an attacker could potentially exploit this to cause a denial
    of service via application crash, or execute arbitrary code.
    (CVE-2016-5277)
    
    A buffer overflow was discovered when encoding image frames to images
    in some circumstances. If a user were tricked in to opening a
    specially crafted website, an attacker could potentially exploit this
    to cause a denial of service via application crash, or execute
    arbitrary code. (CVE-2016-5278)
    
    Rafael Gieschke discovered that the full path of files is available to
    web pages after a drag and drop operation. An attacker could
    potentially exploit this to obtain sensitive information.
    (CVE-2016-5279)
    
    Mei Wang discovered a use-after-free when changing text direction. If
    a user were tricked in to opening a specially crafted website, an
    attacker could potentially exploit this to cause a denial of service
    via application crash, or execute arbitrary code. (CVE-2016-5280)
    
    Brian Carpenter discovered a use-after-free when manipulating SVG
    content in some circumstances. If a user were tricked in to opening a
    specially crafted website, an attacker could potentially exploit this
    to cause a denial of service via application crash, or execute
    arbitrary code. (CVE-2016-5281)
    
    Richard Newman discovered that favicons can be loaded through
    non-whitelisted protocols, such as jar:. (CVE-2016-5282)
    
    Gavin Sharp discovered a timing attack vulnerability involving
    document resizes and link colours. If a user were tricked in to
    opening a specially crafted website, an attacker could potentially
    exploit this to obtain sensitive information. (CVE-2016-5283)
    
    An issue was discovered with the preloaded Public Key Pinning (HPKP).
    If a man-in-the-middle (MITM) attacker was able to obtain a fraudulent
    certificate for a Mozilla site, they could exploit this by providing
    malicious addon updates. (CVE-2016-5284).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3076-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/09/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04|14\.04|16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 16.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"firefox", pkgver:"49.0+build4-0ubuntu0.12.04.1")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"firefox", pkgver:"49.0+build4-0ubuntu0.14.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"firefox", pkgver:"49.0+build4-0ubuntu0.16.04.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-1912.NASL
    descriptionAn update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.4.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-5257, CVE-2016-5278, CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284, CVE-2016-5250, CVE-2016-5261) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Samuel Gross, Brian Carpenter, Mei Wang, Ryan Duff, Catalin Dumitru, Mozilla developers, Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, Carsten Book, Abhishek Arya, Atte Kettunen, and Nils as the original reporters.
    last seen2020-06-01
    modified2020-06-02
    plugin id93666
    published2016-09-23
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93666
    titleCentOS 5 / 6 / 7 : firefox (CESA-2016:1912)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2016:1912 and 
    # CentOS Errata and Security Advisory 2016:1912 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93666);
      script_version("2.15");
      script_cvs_date("Date: 2020/02/18");
    
      script_cve_id("CVE-2016-5250", "CVE-2016-5257", "CVE-2016-5261", "CVE-2016-5270", "CVE-2016-5272", "CVE-2016-5274", "CVE-2016-5276", "CVE-2016-5277", "CVE-2016-5278", "CVE-2016-5280", "CVE-2016-5281", "CVE-2016-5284");
      script_xref(name:"RHSA", value:"2016:1912");
    
      script_name(english:"CentOS 5 / 6 / 7 : firefox (CESA-2016:1912)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for firefox is now available for Red Hat Enterprise Linux 5,
    Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Critical. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Mozilla Firefox is an open source web browser.
    
    This update upgrades Firefox to version 45.4.0 ESR.
    
    Security Fix(es) :
    
    * Multiple flaws were found in the processing of malformed web
    content. A web page containing malicious content could cause Firefox
    to crash or, potentially, execute arbitrary code with the privileges
    of the user running Firefox. (CVE-2016-5257, CVE-2016-5278,
    CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276,
    CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284,
    CVE-2016-5250, CVE-2016-5261)
    
    Red Hat would like to thank the Mozilla project for reporting these
    issues. Upstream acknowledges Samuel Gross, Brian Carpenter, Mei Wang,
    Ryan Duff, Catalin Dumitru, Mozilla developers, Christoph Diehl,
    Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink,
    Tyson Smith, Philipp, Carsten Book, Abhishek Arya, Atte Kettunen, and
    Nils as the original reporters."
      );
      # https://lists.centos.org/pipermail/centos-announce/2016-September/022088.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0c4c9bfd"
      );
      # https://lists.centos.org/pipermail/centos-announce/2016-September/022089.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8f17ef0a"
      );
      # https://lists.centos.org/pipermail/centos-announce/2016-September/022090.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?257807c2"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5257");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:firefox");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/09/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x / 6.x / 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-5", reference:"firefox-45.4.0-1.el5.centos", allowmaj:TRUE)) flag++;
    
    if (rpm_check(release:"CentOS-6", reference:"firefox-45.4.0-1.el6.centos", allowmaj:TRUE)) flag++;
    
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"firefox-45.4.0-1.el7.centos", allowmaj:TRUE)) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-1912.NASL
    descriptionAn update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.4.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-5257, CVE-2016-5278, CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284, CVE-2016-5250, CVE-2016-5261) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Samuel Gross, Brian Carpenter, Mei Wang, Ryan Duff, Catalin Dumitru, Mozilla developers, Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, Carsten Book, Abhishek Arya, Atte Kettunen, and Nils as the original reporters.
    last seen2020-05-31
    modified2016-09-22
    plugin id93642
    published2016-09-22
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93642
    titleRHEL 5 / 6 / 7 : firefox (RHSA-2016:1912)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2016:1912. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93642);
      script_version("2.19");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29");
    
      script_cve_id("CVE-2016-5250", "CVE-2016-5257", "CVE-2016-5261", "CVE-2016-5270", "CVE-2016-5272", "CVE-2016-5274", "CVE-2016-5276", "CVE-2016-5277", "CVE-2016-5278", "CVE-2016-5280", "CVE-2016-5281", "CVE-2016-5284");
      script_xref(name:"RHSA", value:"2016:1912");
    
      script_name(english:"RHEL 5 / 6 / 7 : firefox (RHSA-2016:1912)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "An update for firefox is now available for Red Hat Enterprise Linux 5,
    Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Critical. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Mozilla Firefox is an open source web browser.
    
    This update upgrades Firefox to version 45.4.0 ESR.
    
    Security Fix(es) :
    
    * Multiple flaws were found in the processing of malformed web
    content. A web page containing malicious content could cause Firefox
    to crash or, potentially, execute arbitrary code with the privileges
    of the user running Firefox. (CVE-2016-5257, CVE-2016-5278,
    CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276,
    CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284,
    CVE-2016-5250, CVE-2016-5261)
    
    Red Hat would like to thank the Mozilla project for reporting these
    issues. Upstream acknowledges Samuel Gross, Brian Carpenter, Mei Wang,
    Ryan Duff, Catalin Dumitru, Mozilla developers, Christoph Diehl,
    Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink,
    Tyson Smith, Philipp, Carsten Book, Abhishek Arya, Atte Kettunen, and
    Nils as the original reporters."
      );
      # https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8b5eaff4"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2016:1912"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-5250"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-5257"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-5261"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-5270"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-5272"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-5274"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-5276"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-5277"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-5278"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-5280"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-5281"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-5284"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected firefox and / or firefox-debuginfo packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/09/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x / 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2016:1912";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", reference:"firefox-45.4.0-1.el5_11", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"firefox-debuginfo-45.4.0-1.el5_11", allowmaj:TRUE)) flag++;
    
    
      if (rpm_check(release:"RHEL6", reference:"firefox-45.4.0-1.el6_8", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL6", reference:"firefox-debuginfo-45.4.0-1.el6_8", allowmaj:TRUE)) flag++;
    
    
      if (rpm_check(release:"RHEL7", reference:"firefox-45.4.0-1.el7_2", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"firefox-debuginfo-45.4.0-1.el7_2", allowmaj:TRUE)) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / firefox-debuginfo");
      }
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_49_0.NASL
    descriptionThe version of Mozilla Firefox installed on the remote macOS host is prior to 49. It is, therefore, affected by multiple vulnerabilities as noted in Mozilla Firefox stable channel update release notes for 2016/09/20. Please refer to the release notes for additional information. Note that Nessus has not attempted to exploit these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id117940
    published2018-10-05
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117940
    titleMozilla Firefox < 49 Multiple Vulnerabilities (macOS)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_45_4_ESR.NASL
    descriptionThe version of Mozilla Firefox ESR installed on the remote Windows host is 45.x prior to 45.4. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the HttpBaseChannel::GetPerformance() function in netwerk/protocol/http/HttpBaseChannel.cpp due to the program leaking potentially sensitive resources of URLs through the Resource Timing API during page navigation. An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2016-5250) - Multiple memory safety issues exist that allow an unauthenticated, remote attacker to potentially execute arbitrary code. (CVE-2016-5257) - An integer overflow condition exists in the WebSocketChannel::ProcessInput() function within file netwerk/protocol/websocket/WebSocketChannel.cpp when handling specially crafted WebSocketChannel packets due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5261) - A heap buffer overflow condition exists in the nsCaseTransformTextRunFactory::TransformString() function in layout/generic/nsTextRunTransformations.cpp when converting text containing certain Unicode characters. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5270) - A type confusion error exists within file layout/forms/nsRangeFrame.cpp when handling layout with input elements. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5272) - A use-after-free error exists within file layout/style/nsRuleNode.cpp when handling web animations during restyling. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5274) - A use-after-free error exists in the DocAccessible::ProcessInvalidationList() function within file accessible/generic/DocAccessible.cpp when setting an aria-owns attribute. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5276) - A use-after-free error exists in the nsRefreshDriver::Tick() function when handling web animations destroying a timeline. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5277) - A buffer overflow condition exists in the nsBMPEncoder::AddImageFrame() function within file dom/base/ImageEncoder.cpp when encoding image frames to images. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5278) - A use-after-free error exists in the nsTextNodeDirectionalityMap::RemoveElementFromMap() function within file dom/base/DirectionalityUtils.cpp when handling changing of text direction. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5280) - A use-after-free error exists when handling SVG format content that is being manipulated through script code. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5281) - A flaw exists due to the certificate pinning policy for built-in sites (e.g., addons.mozilla.org) not being honored when pins have expired. A man-in-the-middle (MitM) attacker can exploit this to generate a trusted certificate, which could be used to conduct spoofing attacks. (CVE-2016-5284)
    last seen2020-06-01
    modified2020-06-02
    plugin id93661
    published2016-09-22
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93661
    titleMozilla Firefox ESR 45.x < 45.4 Multiple Vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160921_FIREFOX_ON_SL5_X.NASL
    descriptionThis update upgrades Firefox to version 45.4.0 ESR. Security Fix(es) : - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-5257, CVE-2016-5278, CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284, CVE-2016-5250, CVE-2016-5261)
    last seen2020-03-18
    modified2016-09-22
    plugin id93643
    published2016-09-22
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93643
    titleScientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20160921)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_49_0.NASL
    descriptionThe version of Mozilla Firefox installed on the remote Windows host is prior to 49. It is, therefore, affected by multiple vulnerabilities as noted in Mozilla Firefox stable channel update release notes for 2016/09/20. Please refer to the release notes for additional information. Note that Nessus has not attempted to exploit these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id117941
    published2018-10-05
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117941
    titleMozilla Firefox < 49 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_49.NASL
    descriptionThe version of Mozilla Firefox installed on the remote Mac OS X host is prior to 49.0. It is, therefore, affected by multiple vulnerabilities : - An out-of-bounds read error exists within file dom/security/nsCSPParser.cpp when handling content security policies (CSP) containing empty referrer directives. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2827) - Multiple memory safety issues exist that allow an unauthenticated, remote attacker to potentially execute arbitrary code. (CVE-2016-5256, CVE-2016-5257) - A heap buffer overflow condition exists in the nsCaseTransformTextRunFactory::TransformString() function in layout/generic/nsTextRunTransformations.cpp when converting text containing certain Unicode characters. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5270) - An out-of-bounds read error exists in the nsCSSFrameConstructor::GetInsertionPrevSibling() function in file layout/base/nsCSSFrameConstructor.cpp when handling text runs. An unauthenticated, remote attacker can exploit this to disclose memory contents. (CVE-2016-5271) - A type confusion error exists within file layout/forms/nsRangeFrame.cpp when handling layout with input elements. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5272) - An unspecified flaw exists in the HyperTextAccessible::GetChildOffset() function that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5273) - A use-after-free error exists within file layout/style/nsRuleNode.cpp when handling web animations during restyling. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5274) - A buffer overflow condition exists in the FilterSupport::ComputeSourceNeededRegions() function when handling empty filters during canvas rendering. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5275) - A use-after-free error exists in the DocAccessible::ProcessInvalidationList() function within file accessible/generic/DocAccessible.cpp when setting an aria-owns attribute. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5276) - A use-after-free error exists in the nsRefreshDriver::Tick() function when handling web animations destroying a timeline. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5277) - A buffer overflow condition exists in the nsBMPEncoder::AddImageFrame() function within file dom/base/ImageEncoder.cpp when encoding image frames to images. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5278) - A flaw exists that is triggered when handling drag-and-drop events for files. An unauthenticated, remote attacker can exploit this disclose the full local file path. (CVE-2016-5279) - A use-after-free error exists in the nsTextNodeDirectionalityMap::RemoveElementFromMap() function within file dom/base/DirectionalityUtils.cpp when handling changing of text direction. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5280) - A use-after-free error exists when handling SVG format content that is being manipulated through script code. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5281) - A flaw exists when handling content that requests favicons from non-whitelisted schemes that are using certain URI handlers. An unauthenticated, remote attacker can exploit this to bypass intended restrictions. (CVE-2016-5282) - A flaw exists that is related to the handling of iframes that allow an unauthenticated, remote attacker to conduct an
    last seen2020-06-01
    modified2020-06-02
    plugin id93660
    published2016-09-22
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93660
    titleMozilla Firefox < 49.0 Multiple Vulnerabilities (Mac OS X)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2431-1.NASL
    descriptionMozilla Firefox was updated to 45.4.0 ESR to fix the following issues (bsc#999701): The following security issue were fixed : - MFSA 2016-86/CVE-2016-5270: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString - MFSA 2016-86/CVE-2016-5272: Bad cast in nsImageGeometryMixin - MFSA 2016-86/CVE-2016-5276: Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList - MFSA 2016-86/CVE-2016-5274: use-after-free in nsFrameManager::CaptureFrameState - MFSA 2016-86/CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick - MFSA 2016-86/CVE-2016-5278: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame - MFSA 2016-86/CVE-2016-5280: Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromM ap - MFSA 2016-86/CVE-2016-5281: use-after-free in DOMSVGLength - MFSA 2016-86/CVE-2016-5284: Add-on update site certificate pin expiration - MFSA 2016-86/CVE-2016-5250: Resource Timing API is storing resources sent by the previous page - MFSA 2016-86/CVE-2016-5261: Integer overflow and memory corruption in WebSocketChannel - MFSA 2016-86/CVE-2016-5257: Various memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93860
    published2016-10-05
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93860
    titleSUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2016:2431-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_2C57C47E8BB3469483C89FC3ABAD3964.NASL
    descriptionMozilla Foundation reports : CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low] CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical] CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical] CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high] CVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low] CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high] CVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high] CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high] CVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical] CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high] CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high] CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical] CVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate] CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high] CVE-2016-5281 - use-after-free in DOMSVGLength [high] CVE-2016-5282 - Don
    last seen2020-06-01
    modified2020-06-02
    plugin id93614
    published2016-09-21
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93614
    titleFreeBSD : mozilla -- multiple vulnerabilities (2c57c47e-8bb3-4694-83c8-9fc3abad3964)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3674.NASL
    descriptionMultiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or information disclosure.
    last seen2020-06-01
    modified2020-06-02
    plugin id93669
    published2016-09-23
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93669
    titleDebian DSA-3674-1 : firefox-esr - security update
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_45_4_ESR.NASL
    descriptionThe version of Mozilla Firefox ESR installed on the remote Mac OS X host is 45.x prior to 45.4. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the HttpBaseChannel::GetPerformance() function in netwerk/protocol/http/HttpBaseChannel.cpp due to the program leaking potentially sensitive resources of URLs through the Resource Timing API during page navigation. An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2016-5250) - Multiple memory safety issues exist that allow an unauthenticated, remote attacker to potentially execute arbitrary code. (CVE-2016-5257) - An integer overflow condition exists in the WebSocketChannel::ProcessInput() function within file netwerk/protocol/websocket/WebSocketChannel.cpp when handling specially crafted WebSocketChannel packets due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5261) - A heap buffer overflow condition exists in the nsCaseTransformTextRunFactory::TransformString() function in layout/generic/nsTextRunTransformations.cpp when converting text containing certain Unicode characters. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5270) - A type confusion error exists within file layout/forms/nsRangeFrame.cpp when handling layout with input elements. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5272) - A use-after-free error exists within file layout/style/nsRuleNode.cpp when handling web animations during restyling. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5274) - A use-after-free error exists in the DocAccessible::ProcessInvalidationList() function within file accessible/generic/DocAccessible.cpp when setting an aria-owns attribute. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5276) - A use-after-free error exists in the nsRefreshDriver::Tick() function when handling web animations destroying a timeline. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5277) - A buffer overflow condition exists in the nsBMPEncoder::AddImageFrame() function within file dom/base/ImageEncoder.cpp when encoding image frames to images. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5278) - A use-after-free error exists in the nsTextNodeDirectionalityMap::RemoveElementFromMap() function within file dom/base/DirectionalityUtils.cpp when handling changing of text direction. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5280) - A use-after-free error exists when handling SVG format content that is being manipulated through script code. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5281) - A flaw exists due to the certificate pinning policy for built-in sites (e.g., addons.mozilla.org) not being honored when pins have expired. A man-in-the-middle (MitM) attacker can exploit this to generate a trusted certificate, which could be used to conduct spoofing attacks. (CVE-2016-5284)
    last seen2020-06-01
    modified2020-06-02
    plugin id93659
    published2016-09-22
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93659
    titleMozilla Firefox ESR 45.x < 45.4 Multiple Vulnerabilities (Mac OS X)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_49.NASL
    descriptionThe version of Mozilla Firefox installed on the remote Windows host is prior to 49.0. It is, therefore, affected by multiple vulnerabilities : - An out-of-bounds read error exists within file dom/security/nsCSPParser.cpp when handling content security policies (CSP) containing empty referrer directives. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2827) - Multiple memory safety issues exist that allow an unauthenticated, remote attacker to potentially execute arbitrary code. (CVE-2016-5256, CVE-2016-5257) - A heap buffer overflow condition exists in the nsCaseTransformTextRunFactory::TransformString() function in layout/generic/nsTextRunTransformations.cpp when converting text containing certain Unicode characters. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5270) - An out-of-bounds read error exists in the nsCSSFrameConstructor::GetInsertionPrevSibling() function in file layout/base/nsCSSFrameConstructor.cpp when handling text runs. An unauthenticated, remote attacker can exploit this to disclose memory contents. (CVE-2016-5271) - A type confusion error exists within file layout/forms/nsRangeFrame.cpp when handling layout with input elements. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5272) - An unspecified flaw exists in the HyperTextAccessible::GetChildOffset() function that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5273) - A use-after-free error exists within file layout/style/nsRuleNode.cpp when handling web animations during restyling. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5274) - A buffer overflow condition exists in the FilterSupport::ComputeSourceNeededRegions() function when handling empty filters during canvas rendering. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5275) - A use-after-free error exists in the DocAccessible::ProcessInvalidationList() function within file accessible/generic/DocAccessible.cpp when setting an aria-owns attribute. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5276) - A use-after-free error exists in the nsRefreshDriver::Tick() function when handling web animations destroying a timeline. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5277) - A buffer overflow condition exists in the nsBMPEncoder::AddImageFrame() function within file dom/base/ImageEncoder.cpp when encoding image frames to images. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5278) - A flaw exists that is triggered when handling drag-and-drop events for files. An unauthenticated, remote attacker can exploit this disclose the full local file path. (CVE-2016-5279) - A use-after-free error exists in the nsTextNodeDirectionalityMap::RemoveElementFromMap() function within file dom/base/DirectionalityUtils.cpp when handling changing of text direction. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5280) - A use-after-free error exists when handling SVG format content that is being manipulated through script code. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5281) - A flaw exists when handling content that requests favicons from non-whitelisted schemes that are using certain URI handlers. An unauthenticated, remote attacker can exploit this to bypass intended restrictions. (CVE-2016-5282) - A flaw exists that is related to the handling of iframes that allow an unauthenticated, remote attacker to conduct an
    last seen2020-06-01
    modified2020-06-02
    plugin id93662
    published2016-09-22
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93662
    titleMozilla Firefox < 49.0 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2434-1.NASL
    descriptionMozilla Firefox was updated to version 45.4.0 ESR to fix the following issues: Security issues fixed: (bsc#999701 MFSA 2016-86) : - CVE-2016-5270: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString - CVE-2016-5272: Bad cast in nsImageGeometryMixin - CVE-2016-5276: Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList - CVE-2016-5274: use-after-free in nsFrameManager::CaptureFrameState - CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick - CVE-2016-5278: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame - CVE-2016-5280: Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromM ap - CVE-2016-5281: use-after-free in DOMSVGLength - CVE-2016-5284: Add-on update site certificate pin expiration - CVE-2016-5250: Resource Timing API is storing resources sent by the previous page - CVE-2016-5261: Integer overflow and memory corruption in WebSocketChannel - CVE-2016-5257: Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 Bug fixed : - Fix for aarch64 Firefox startup crash (bsc#991344) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93861
    published2016-10-05
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93861
    titleSUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2016:2434-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2513-1.NASL
    descriptionMozilla Firefox was updated to 45.4.0 ESR to fix the following issues (bsc#999701): The following security issue were fixed : - MFSA 2016-86/CVE-2016-5270: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString - MFSA 2016-86/CVE-2016-5272: Bad cast in nsImageGeometryMixin - MFSA 2016-86/CVE-2016-5276: Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList - MFSA 2016-86/CVE-2016-5274: use-after-free in nsFrameManager::CaptureFrameState - MFSA 2016-86/CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick - MFSA 2016-86/CVE-2016-5278: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame - MFSA 2016-86/CVE-2016-5280: Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromM ap - MFSA 2016-86/CVE-2016-5281: use-after-free in DOMSVGLength - MFSA 2016-86/CVE-2016-5284: Add-on update site certificate pin expiration - MFSA 2016-86/CVE-2016-5250: Resource Timing API is storing resources sent by the previous page - MFSA 2016-86/CVE-2016-5261: Integer overflow and memory corruption in WebSocketChannel - MFSA 2016-86/CVE-2016-5257: Various memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id94043
    published2016-10-13
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94043
    titleSUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2016:2513-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201701-15.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201701-15 (Mozilla Firefox, Thunderbird: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox and Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition via multiple vectors. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id96276
    published2017-01-04
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96276
    titleGLSA-201701-15 : Mozilla Firefox, Thunderbird: Multiple vulnerabilities (SWEET32)

Redhat

advisories
rhsa
idRHSA-2016:1912
rpms
  • firefox-0:45.4.0-1.el5_11
  • firefox-0:45.4.0-1.el6_8
  • firefox-0:45.4.0-1.el7_2
  • firefox-debuginfo-0:45.4.0-1.el5_11
  • firefox-debuginfo-0:45.4.0-1.el6_8
  • firefox-debuginfo-0:45.4.0-1.el7_2