Vulnerabilities > CVE-2017-5375 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
redhat
mozilla
debian
CWE-119
nessus
exploit available

Summary

JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

Vulnerable Configurations

Part Description Count
OS
Redhat
9
OS
Debian
1
Application
Mozilla
714

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Exploit-Db

  • descriptionFirefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution. CVE-2016-1960,CVE-2017-5375. Remote exploit for Windows platform
    fileexploits/windows/remote/44294.html
    idEDB-ID:44294
    last seen2018-05-24
    modified2018-03-16
    platformwindows
    port
    published2018-03-16
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/44294/
    titleFirefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution
    typeremote
  • descriptionFirefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution. CVE-2016-9079,CVE-2017-5375. Remote exploit for Windows platform
    fileexploits/windows/remote/42327.html
    idEDB-ID:42327
    last seen2017-07-14
    modified2017-07-14
    platformwindows
    port
    published2017-07-14
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/42327/
    titleFirefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution
    typeremote
  • descriptionFirefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution. CVE-2016-2819,CVE-2017-5375. Remote exploit for Windows platform
    fileexploits/windows/remote/44293.html
    idEDB-ID:44293
    last seen2018-05-24
    modified2018-03-16
    platformwindows
    port
    published2018-03-16
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/44293/
    titleFirefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution
    typeremote

Nessus

  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_51.NASL
    descriptionThe version of Mozilla Firefox installed on the remote Windows host is prior to 51.0. It is, therefore, affected by multiple vulnerabilities : - Mozilla developers and community members Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5373) - Mozilla developers and community members Gary Kwong, Olli Pettay, Tooru Fujisawa, Carsten Book, Andrew McCreight, Chris Pearce, Ronald Crane, Jan de Mooij, Julian Seward, Nicolas Pierron, Randell Jesup, Esther Monchari, Honza Bambas, and Philipp reported memory safety bugs present in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5374) - JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. (CVE-2017-5375) - Use-after-free while manipulating XSL in XSLT documents (CVE-2017-5376) - A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. (CVE-2017-5377) - Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object
    last seen2020-06-01
    modified2020-06-02
    plugin id96776
    published2017-01-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96776
    titleMozilla Firefox < 51.0 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96776);
      script_version("1.8");
      script_cvs_date("Date: 2019/11/13");
    
      script_cve_id(
        "CVE-2017-5373",
        "CVE-2017-5374",
        "CVE-2017-5375",
        "CVE-2017-5376",
        "CVE-2017-5377",
        "CVE-2017-5378",
        "CVE-2017-5379",
        "CVE-2017-5380",
        "CVE-2017-5381",
        "CVE-2017-5382",
        "CVE-2017-5383",
        "CVE-2017-5384",
        "CVE-2017-5385",
        "CVE-2017-5386",
        "CVE-2017-5387",
        "CVE-2017-5388",
        "CVE-2017-5389",
        "CVE-2017-5390",
        "CVE-2017-5391",
        "CVE-2017-5393",
        "CVE-2017-5396"
      );
      script_bugtraq_id(
        95757,
        95758,
        95759,
        95761,
        95762,
        95763,
        95769
      );
      script_xref(name:"MFSA", value:"2017-01");
    
      script_name(english:"Mozilla Firefox < 51.0 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of Firefox.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a web browser that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Mozilla Firefox installed on the remote Windows host
    is prior to 51.0. It is, therefore, affected by multiple
    vulnerabilities :
    
      - Mozilla developers and community members Christian
        Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom
        Schuster, and Oriol reported memory safety bugs present
        in Firefox 50.1 and Firefox ESR 45.6. Some of these
        bugs showed evidence of memory corruption and we
        presume that with enough effort that some of these
        could be exploited to run arbitrary code.
        (CVE-2017-5373)
    
      - Mozilla developers and community members Gary Kwong,
        Olli Pettay, Tooru Fujisawa, Carsten Book, Andrew
        McCreight, Chris Pearce, Ronald Crane, Jan de Mooij,
        Julian Seward, Nicolas Pierron, Randell Jesup, Esther
        Monchari, Honza Bambas, and Philipp reported memory
        safety bugs present in Firefox 50.1. Some of these bugs
        showed evidence of memory corruption and we presume
        that with enough effort that some of these could be
        exploited to run arbitrary code. (CVE-2017-5374)
    
      - JIT code allocation can allow for a bypass of ASLR and
        DEP protections leading to potential memory corruption
        attacks. (CVE-2017-5375)
    
      - Use-after-free while manipulating XSL in XSLT documents
        (CVE-2017-5376)
    
      - A memory corruption vulnerability in Skia that can
        occur when using transforms to make gradients,
        resulting in a potentially exploitable crash.
        (CVE-2017-5377)
    
      - Hashed codes of JavaScript objects are shared between
        pages. This allows for pointer leaks because an object's
        address can be discovered through hash codes, and also
        allows for data leakage of an object's content using
        these hash codes. (CVE-2017-5378)
    
      - Use-after-free vulnerability in Web Animations when
        interacting with cycle collection found through
        fuzzing. (CVE-2017-5379)
    
      - A potential use-after-free found through fuzzing during
        DOM manipulation of SVG content. (CVE-2017-5380)
    
      - The 'export' function in the Certificate Viewer can
        force local filesystem navigation when the 'common
        name' in a certificate contains slashes, allowing
        certificate content to be saved in unsafe locations
        with an arbitrary filename. (CVE-2017-5381)
    
      - Feed preview for RSS feeds can be used to capture
        errors and exceptions generated by privileged content,
        allowing for the exposure of internal information not
        meant to be seen by web content. (CVE-2017-5382)
    
      - URLs containing certain unicode glyphs for alternative
        hyphens and quotes do not properly trigger punycode
        display, allowing for domain name spoofing attacks in
        the location bar. (CVE-2017-5383)
    
      - Proxy Auto-Config (PAC) files can specify a JavaScript
        function called for all URL requests with the full URL
        path which exposes more information than would be sent
        to the proxy itself in the case of HTTPS. Normally the
        Proxy Auto-Config file is specified by the user or
        machine owner and presumed to be non-malicious, but if
        a user has enabled Web Proxy Auto Detect (WPAD) this
        file can be served remotely. (CVE-2017-5384)
    
      - Data sent with in multipart channels, such as the
        multipart/x-mixed-replace MIME type, will ignore the
        referrer-policy response header, leading to potential
        information disclosure for sites using this header.
        (CVE-2017-5385)
    
      - WebExtension scripts can use the 'data:' protocol to
        affect pages loaded by other web extensions using this
        protocol, leading to potential data disclosure or
        privilege escalation in affected extensions.
        (CVE-2017-5386)
    
      - The existence of a specifically requested local file
        can be found due to the double firing of the 'onerror'
        when the 'source' attribute on a <track> tag refers to
        a file that does not exist if the source page is loaded
        locally. (CVE-2017-5387)
    
      - A STUN server in conjunction with a large number of
        'webkitRTCPeerConnection' objects can be used to send
        large STUN packets in a short period of time due to a
        lack of rate limiting being applied on e10s systems,
        allowing for a denial of service attack. (CVE-2017-5388)
    
      - WebExtensions could use the 'mozAddonManager' API by
        modifying the CSP headers on sites with the appropriate
        permissions and then using host requests to redirect
        script loads to a malicious site. This allows a
        malicious extension to then install additional
        extensions without explicit user permission.
        (CVE-2017-5389)
    
      - The JSON viewer in the Developer Tools uses insecure
        methods to create a communication channel for copying
        and viewing JSON or HTTP headers data, allowing for
        potential privilege escalation. (CVE-2017-5390)
    
      - Special 'about:' pages used by web content, such as RSS
        feeds, can load privileged 'about:' pages in an iframe.
        If a content-injection bug were found in one of those
        pages this could allow for potential privilege
        escalation. (CVE-2017-5391)
    
      - The 'mozAddonManager' allows for the installation of
        extensions from the CDN for addons.mozilla.org, a
        publicly accessible site. This could allow malicious
        extensions to install additional extensions from the CDN
        in combination with an XSS attack on Mozilla AMO sites.
        (CVE-2017-5393)
    
      - A use-after-free vulnerability in the Media Decoder
        when working with media files when some events are
        fired after the media elements are freed from memory.
        (CVE-2017-5396)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Mozilla security advisories.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues.");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1017616");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1255474");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1281482");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1285833");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1285960");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1288561");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1293327");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1295023");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1295322");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1295747");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1295945");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1297361");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1297808");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1300145");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1302231");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1306883");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1307458");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1308688");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1309198");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1309282");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1309310");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1311319");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1311687");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1312001");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1313385");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1315447");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1317501");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1318766");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1319070");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1319456");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1319888");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1321374");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1322107");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1322305");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1322315");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1322420");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1323338");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1324716");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1324810");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1325200");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1325344");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1325877");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1325938");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1328251");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1328834");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1329403");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1329989");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1330769");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1331058");
      # https://www.contextis.com//resources/blog/leaking-https-urls-20-year-old-vulnerability/
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4d11b233");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Mozilla Firefox version 51.0 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5396");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/01/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/25");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Firefox/Version");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    
    port = get_kb_item("SMB/transport");
    if (!port) port = 445;
    
    installs = get_kb_list("SMB/Mozilla/Firefox/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");
    
    mozilla_check_version(installs:installs, product:'firefox', fix:'51.0', severity:SECURITY_HOLE);
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3165-1.NASL
    descriptionMultiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9893, CVE-2017-5373) Andrew Krasichkov discovered that event handlers on <marquee> elements were executed despite a Content Security Policy (CSP) that disallowed inline JavaScript. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-9895) A memory corruption issue was discovered in WebGL in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9897) A use-after-free was discovered when manipulating DOM subtrees in the Editor. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9898) A use-after-free was discovered when manipulating DOM events and audio elements. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9899) It was discovered that external resources that should be blocked when loading SVG images can bypass security restrictions using data: URLs. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-9900) Jann Horn discovered that JavaScript Map/Set were vulnerable to timing attacks. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to obtain sensitive information across domains. (CVE-2016-9904) A crash was discovered in EnumerateSubDocuments while adding or removing sub-documents. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-9905) JIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5375) Nicolas Gregoire discovered a use-after-free when manipulating XSL in XSLT documents in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5376) Jann Horn discovered that an object
    last seen2020-06-01
    modified2020-06-02
    plugin id96871
    published2017-01-30
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96871
    titleUbuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : thunderbird vulnerabilities (USN-3165-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3165-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96871);
      script_version("3.12");
      script_cvs_date("Date: 2019/09/18 12:31:46");
    
      script_cve_id("CVE-2016-9893", "CVE-2016-9895", "CVE-2016-9897", "CVE-2016-9898", "CVE-2016-9899", "CVE-2016-9900", "CVE-2016-9904", "CVE-2016-9905", "CVE-2017-5373", "CVE-2017-5375", "CVE-2017-5376", "CVE-2017-5378", "CVE-2017-5380", "CVE-2017-5383", "CVE-2017-5390", "CVE-2017-5396");
      script_xref(name:"USN", value:"3165-1");
    
      script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : thunderbird vulnerabilities (USN-3165-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple memory safety issues were discovered in Thunderbird. If a
    user were tricked in to opening a specially crafted message, an
    attacker could potentially exploit these to cause a denial of service
    via application crash, or execute arbitrary code. (CVE-2016-9893,
    CVE-2017-5373)
    
    Andrew Krasichkov discovered that event handlers on <marquee> elements
    were executed despite a Content Security Policy (CSP) that disallowed
    inline JavaScript. If a user were tricked in to opening a specially
    crafted website in a browsing context, an attacker could potentially
    exploit this to conduct cross-site scripting (XSS) attacks.
    (CVE-2016-9895)
    
    A memory corruption issue was discovered in WebGL in some
    circumstances. If a user were tricked in to opening a specially
    crafted website in a browsing context, an attacker could potentially
    exploit this to cause a denial of service via application crash, or
    execute arbitrary code. (CVE-2016-9897)
    
    A use-after-free was discovered when manipulating DOM subtrees in the
    Editor. If a user were tricked in to opening a specially crafted
    website in a browsing context, an attacker could potentially exploit
    this to cause a denial of service via application crash, or execute
    arbitrary code. (CVE-2016-9898)
    
    A use-after-free was discovered when manipulating DOM events and audio
    elements. If a user were tricked in to opening a specially crafted
    website in a browsing context, an attacker could potentially exploit
    this to cause a denial of service via application crash, or execute
    arbitrary code. (CVE-2016-9899)
    
    It was discovered that external resources that should be blocked when
    loading SVG images can bypass security restrictions using data: URLs.
    An attacker could potentially exploit this to obtain sensitive
    information. (CVE-2016-9900)
    
    Jann Horn discovered that JavaScript Map/Set were vulnerable to timing
    attacks. If a user were tricked in to opening a specially crafted
    website in a browsing context, an attacker could potentially exploit
    this to obtain sensitive information across domains. (CVE-2016-9904)
    
    A crash was discovered in EnumerateSubDocuments while adding or
    removing sub-documents. If a user were tricked in to opening a
    specially crafted website in a browsing context, an attacker could
    potentially exploit this to execute arbitrary code. (CVE-2016-9905)
    
    JIT code allocation can allow a bypass of ASLR protections in some
    circumstances. If a user were tricked in to opening a specially
    crafted website in a browsing context, an attacker could potentially
    exploit this to cause a denial of service via application crash, or
    execute arbitrary code. (CVE-2017-5375)
    
    Nicolas Gregoire discovered a use-after-free when manipulating XSL in
    XSLT documents in some circumstances. If a user were tricked in to
    opening a specially crafted website in a browsing context, an attacker
    could potentially exploit this to cause a denial of service via
    application crash, or execute arbitrary code. (CVE-2017-5376)
    
    Jann Horn discovered that an object's address could be discovered
    through hashed codes of JavaScript objects shared between pages. If a
    user were tricked in to opening a specially crafted website in a
    browsing context, an attacker could potentially exploit this to obtain
    sensitive information. (CVE-2017-5378)
    
    A use-after-free was discovered during DOM manipulation of SVG content
    in some circumstances. If a user were tricked in to opening a
    specially crafted website in a browsing context, an attacker could
    potentially exploit this to cause a denial of service via application
    crash, or execute arbitrary code. (CVE-2017-5380)
    
    Armin Razmjou discovered that certain unicode glyphs do not trigger
    punycode display. If a user were tricked in to opening a specially
    crafted website in a browsing context, an attacker could potentially
    exploit this to spoof the URL bar contents. (CVE-2017-5383)
    
    Jerri Rice discovered insecure communication methods in the Dev Tools
    JSON Viewer. An attacker could potentially exploit this to gain
    additional privileges. (CVE-2017-5390)
    
    Filipe Gomes discovered a use-after-free in the media decoder in some
    circumstances. If a user were tricked in to opening a specially
    crafted website in a browsing context, an attacker could potentially
    exploit this to cause a denial of service via application crash, or
    execute arbitrary code. (CVE-2017-5396).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3165-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected thunderbird package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:thunderbird");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/01/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04|14\.04|16\.04|16\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 16.04 / 16.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"thunderbird", pkgver:"1:45.7.0+build1-0ubuntu0.12.04.1")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"thunderbird", pkgver:"1:45.7.0+build1-0ubuntu0.14.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"thunderbird", pkgver:"1:45.7.0+build1-0ubuntu0.16.04.1")) flag++;
    if (ubuntu_check(osver:"16.10", pkgname:"thunderbird", pkgver:"1:45.7.0+build1-0ubuntu0.16.10.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0238.NASL
    descriptionAn update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.7.0. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5390, CVE-2017-5396) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jann Horn, Filipe Gomes, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters.
    last seen2020-05-31
    modified2017-02-02
    plugin id96949
    published2017-02-02
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96949
    titleRHEL 5 / 6 / 7 : thunderbird (RHSA-2017:0238)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2017:0238. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96949);
      script_version("3.19");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29");
    
      script_cve_id("CVE-2017-5373", "CVE-2017-5375", "CVE-2017-5376", "CVE-2017-5378", "CVE-2017-5380", "CVE-2017-5383", "CVE-2017-5390", "CVE-2017-5396");
      script_xref(name:"RHSA", value:"2017:0238");
    
      script_name(english:"RHEL 5 / 6 / 7 : thunderbird (RHSA-2017:0238)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "An update for thunderbird is now available for Red Hat Enterprise
    Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Mozilla Thunderbird is a standalone mail and newsgroup client.
    
    This update upgrades Thunderbird to version 45.7.0.
    
    Security Fix(es) :
    
    * Multiple flaws were found in the processing of malformed web
    content. A web page containing malicious content could cause
    Thunderbird to crash or, potentially, execute arbitrary code with the
    privileges of the user running Thunderbird. (CVE-2017-5373,
    CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380,
    CVE-2017-5383, CVE-2017-5390, CVE-2017-5396)
    
    Red Hat would like to thank the Mozilla project for reporting these
    issues. Upstream acknowledges Jann Horn, Filipe Gomes, Nils, Armin
    Razmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij,
    Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the
    original reporters."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2017:0238"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-5378"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-5396"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-5380"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-5383"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-5373"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-5375"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-5376"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-5390"
      );
      script_set_attribute(
        attribute:"solution",
        value:
    "Update the affected thunderbird and / or thunderbird-debuginfo
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x / 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2017:0238";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"thunderbird-45.7.0-1.el5_11", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"thunderbird-45.7.0-1.el5_11", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"thunderbird-debuginfo-45.7.0-1.el5_11", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"thunderbird-debuginfo-45.7.0-1.el5_11", allowmaj:TRUE)) flag++;
    
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"thunderbird-45.7.0-1.el6_8", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"thunderbird-45.7.0-1.el6_8", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"thunderbird-45.7.0-1.el6_8", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"thunderbird-debuginfo-45.7.0-1.el6_8", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"thunderbird-debuginfo-45.7.0-1.el6_8", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"thunderbird-debuginfo-45.7.0-1.el6_8", allowmaj:TRUE)) flag++;
    
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"thunderbird-45.7.0-1.el7_3", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"thunderbird-debuginfo-45.7.0-1.el7_3", allowmaj:TRUE)) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird / thunderbird-debuginfo");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0190.NASL
    descriptionAn update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 21 February 2017] This advisory has been updated to include Firefox packages for the PPC and S390 architectures that were previously omitted. For this revised update, packages for all architectures were rebuilt. The rebuilt packages do not contain any new code changes. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jann Horn, Filipe Gomes, Muneaki Nishimura, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters.
    last seen2020-05-31
    modified2017-01-26
    plugin id96791
    published2017-01-26
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96791
    titleRHEL 5 / 6 / 7 : firefox (RHSA-2017:0190)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2017:0190. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96791);
      script_version("3.19");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29");
    
      script_cve_id("CVE-2017-5373", "CVE-2017-5375", "CVE-2017-5376", "CVE-2017-5378", "CVE-2017-5380", "CVE-2017-5383", "CVE-2017-5386", "CVE-2017-5390", "CVE-2017-5396");
      script_xref(name:"RHSA", value:"2017:0190");
    
      script_name(english:"RHEL 5 / 6 / 7 : firefox (RHSA-2017:0190)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "An update for firefox is now available for Red Hat Enterprise Linux 5,
    Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Critical. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    [Updated 21 February 2017] This advisory has been updated to include
    Firefox packages for the PPC and S390 architectures that were
    previously omitted. For this revised update, packages for all
    architectures were rebuilt. The rebuilt packages do not contain any
    new code changes.
    
    Mozilla Firefox is an open source web browser.
    
    This update upgrades Firefox to version 45.7.0 ESR.
    
    Security Fix(es) :
    
    * Multiple flaws were found in the processing of malformed web
    content. A web page containing malicious content could cause Firefox
    to crash or, potentially, execute arbitrary code with the privileges
    of the user running Firefox. (CVE-2017-5373, CVE-2017-5375,
    CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383,
    CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)
    
    Red Hat would like to thank the Mozilla project for reporting these
    issues. Upstream acknowledges Jann Horn, Filipe Gomes, Muneaki
    Nishimura, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre
    Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and
    Jerri Rice as the original reporters."
      );
      # https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8b5eaff4"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2017:0190"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-5378"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-5396"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-5386"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-5380"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-5383"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-5373"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-5375"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-5376"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-5390"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected firefox and / or firefox-debuginfo packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x / 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2017:0190";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", reference:"firefox-45.7.0-2.el5_11", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"firefox-debuginfo-45.7.0-2.el5_11", allowmaj:TRUE)) flag++;
    
    
      if (rpm_check(release:"RHEL6", reference:"firefox-45.7.0-2.el6_8", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL6", reference:"firefox-debuginfo-45.7.0-2.el6_8", allowmaj:TRUE)) flag++;
    
    
      if (rpm_check(release:"RHEL7", reference:"firefox-45.7.0-2.el7_3", allowmaj:TRUE)) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"firefox-debuginfo-45.7.0-2.el7_3", allowmaj:TRUE)) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / firefox-debuginfo");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-187.NASL
    descriptionThis update for MozillaFirefox to version 51.0.1 fixes security issues and bugs. These security issues were fixed : - CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (bmo#1325200, boo#1021814) - CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817) CVE-2017-5377: Memory corruption with transforms to create gradients in Skia (bmo#1306883, boo#1021826) - CVE-2017-5378: Pointer and frame data leakage of JavaScript objects (bmo#1312001, bmo#1330769, boo#1021818) - CVE-2017-5379: Use-after-free in Web Animations (bmo#1309198,boo#1021827) - CVE-2017-5380: Potential use-after-free during DOM manipulations (bmo#1322107, boo#1021819) - CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (bmo#1297361, boo#1021820) - CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests (bmo#1308688, boo#1021828) - CVE-2017-5396: Use-after-free with Media Decoder (bmo#1329403, boo#1021821) - CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations (bmo#1017616, boo#1021830) - CVE-2017-5382: Feed preview can expose privileged content errors and exceptions (bmo#1295322, boo#1021831) - CVE-2017-5383: Location bar spoofing with unicode characters (bmo#1323338, bmo#1324716, boo#1021822) - CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) (bmo#1255474, boo#1021832) - CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers (bmo#1295945, boo#1021833) - CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions (bmo#1319070, boo#1021823) - CVE-2017-5391: Content about: pages can load privileged about: pages (bmo#1309310, boo#1021835) - CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager (bmo#1309282, boo#1021837) - CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages (bmo#1295023, boo#1021839) - CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks (bmo#1281482, boo#1021840) - CVE-2017-5374: Memory safety bugs (boo#1021841) - CVE-2017-5373: Memory safety bugs (boo#1021824) These non-security issues in MozillaFirefox were fixed : - Added support for FLAC (Free Lossless Audio Codec) playback - Added support for WebGL 2 - Added Georgian (ka) and Kabyle (kab) locales - Support saving passwords for forms without
    last seen2020-06-05
    modified2017-02-02
    plugin id96940
    published2017-02-02
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96940
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-2017-187)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2017-187.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96940);
      script_version("3.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-5373", "CVE-2017-5374", "CVE-2017-5375", "CVE-2017-5376", "CVE-2017-5377", "CVE-2017-5378", "CVE-2017-5379", "CVE-2017-5380", "CVE-2017-5381", "CVE-2017-5382", "CVE-2017-5383", "CVE-2017-5384", "CVE-2017-5385", "CVE-2017-5386", "CVE-2017-5387", "CVE-2017-5388", "CVE-2017-5389", "CVE-2017-5390", "CVE-2017-5391", "CVE-2017-5392", "CVE-2017-5393", "CVE-2017-5394", "CVE-2017-5395", "CVE-2017-5396");
    
      script_name(english:"openSUSE Security Update : MozillaFirefox (openSUSE-2017-187)");
      script_summary(english:"Check for the openSUSE-2017-187 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for MozillaFirefox to version 51.0.1 fixes security issues
    and bugs.
    
    These security issues were fixed :
    
      - CVE-2017-5375: Excessive JIT code allocation allows
        bypass of ASLR and DEP (bmo#1325200, boo#1021814)
    
      - CVE-2017-5376: Use-after-free in XSL (bmo#1311687,
        boo#1021817) CVE-2017-5377: Memory corruption with
        transforms to create gradients in Skia (bmo#1306883,
        boo#1021826)
    
      - CVE-2017-5378: Pointer and frame data leakage of
        JavaScript objects (bmo#1312001, bmo#1330769,
        boo#1021818)
    
      - CVE-2017-5379: Use-after-free in Web Animations
        (bmo#1309198,boo#1021827)
    
      - CVE-2017-5380: Potential use-after-free during DOM
        manipulations (bmo#1322107, boo#1021819)
    
      - CVE-2017-5390: Insecure communication methods in
        Developer Tools JSON viewer (bmo#1297361, boo#1021820)
    
      - CVE-2017-5389: WebExtensions can install additional
        add-ons via modified host requests (bmo#1308688,
        boo#1021828)
    
      - CVE-2017-5396: Use-after-free with Media Decoder
        (bmo#1329403, boo#1021821)
    
      - CVE-2017-5381: Certificate Viewer exporting can be used
        to navigate and save to arbitrary filesystem locations
        (bmo#1017616, boo#1021830)
    
      - CVE-2017-5382: Feed preview can expose privileged
        content errors and exceptions (bmo#1295322, boo#1021831)
    
      - CVE-2017-5383: Location bar spoofing with unicode
        characters (bmo#1323338, bmo#1324716, boo#1021822)
    
      - CVE-2017-5384: Information disclosure via Proxy
        Auto-Config (PAC) (bmo#1255474, boo#1021832)
    
      - CVE-2017-5385: Data sent in multipart channels ignores
        referrer-policy response headers (bmo#1295945,
        boo#1021833)
    
      - CVE-2017-5386: WebExtensions can use data: protocol to
        affect other extensions (bmo#1319070, boo#1021823)
    
      - CVE-2017-5391: Content about: pages can load privileged
        about: pages (bmo#1309310, boo#1021835)
    
      - CVE-2017-5393: Remove addons.mozilla.org CDN from
        whitelist for mozAddonManager (bmo#1309282, boo#1021837)
    
      - CVE-2017-5387: Disclosure of local file existence
        through TRACK tag error messages (bmo#1295023,
        boo#1021839)
    
      - CVE-2017-5388: WebRTC can be used to generate a large
        amount of UDP traffic for DDOS attacks (bmo#1281482,
        boo#1021840)
    
      - CVE-2017-5374: Memory safety bugs (boo#1021841)
    
      - CVE-2017-5373: Memory safety bugs (boo#1021824)
    
    These non-security issues in MozillaFirefox were fixed :
    
      - Added support for FLAC (Free Lossless Audio Codec)
        playback
    
      - Added support for WebGL 2
    
      - Added Georgian (ka) and Kabyle (kab) locales
    
      - Support saving passwords for forms without 'submit'
        events
    
      - Improved video performance for users without GPU
        acceleration
    
      - Zoom indicator is shown in the URL bar if the zoom level
        is not at default level
    
      - View passwords from the prompt before saving them
    
      - Remove Belarusian (be) locale
    
      - Use Skia for content rendering (Linux)
    
      - Improve recognition of LANGUAGE env variable
        (boo#1017174)
    
      - Multiprocess incompatibility did not correctly register
        with some add-ons (bmo#1333423)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1017174"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021814"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021817"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021818"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021819"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021820"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021821"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021822"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021823"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021824"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021826"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021827"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021828"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021830"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021831"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021832"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021833"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021835"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021837"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021839"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021840"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021841"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected MozillaFirefox packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.1|SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1 / 42.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-branding-upstream-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-buildsymbols-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-debuginfo-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-debugsource-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-devel-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-translations-common-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-translations-other-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-branding-upstream-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-buildsymbols-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-debuginfo-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-debugsource-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-devel-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-translations-common-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-translations-other-51.0.1-50.2") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-upstream / etc");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-0238.NASL
    descriptionAn update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.7.0. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5390, CVE-2017-5396) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jann Horn, Filipe Gomes, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters.
    last seen2020-05-31
    modified2017-02-03
    plugin id96962
    published2017-02-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96962
    titleCentOS 5 / 6 / 7 : thunderbird (CESA-2017:0238)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2017:0238 and 
    # CentOS Errata and Security Advisory 2017:0238 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96962);
      script_version("3.16");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29");
    
      script_cve_id("CVE-2017-5373", "CVE-2017-5375", "CVE-2017-5376", "CVE-2017-5378", "CVE-2017-5380", "CVE-2017-5383", "CVE-2017-5390", "CVE-2017-5396");
      script_xref(name:"RHSA", value:"2017:0238");
    
      script_name(english:"CentOS 5 / 6 / 7 : thunderbird (CESA-2017:0238)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote CentOS host is missing a security update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "An update for thunderbird is now available for Red Hat Enterprise
    Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Mozilla Thunderbird is a standalone mail and newsgroup client.
    
    This update upgrades Thunderbird to version 45.7.0.
    
    Security Fix(es) :
    
    * Multiple flaws were found in the processing of malformed web
    content. A web page containing malicious content could cause
    Thunderbird to crash or, potentially, execute arbitrary code with the
    privileges of the user running Thunderbird. (CVE-2017-5373,
    CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380,
    CVE-2017-5383, CVE-2017-5390, CVE-2017-5396)
    
    Red Hat would like to thank the Mozilla project for reporting these
    issues. Upstream acknowledges Jann Horn, Filipe Gomes, Nils, Armin
    Razmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij,
    Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the
    original reporters."
      );
      # https://lists.centos.org/pipermail/centos-announce/2017-February/022262.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?3777e4e0"
      );
      # https://lists.centos.org/pipermail/centos-announce/2017-February/022263.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?43cb544c"
      );
      # https://lists.centos.org/pipermail/centos-announce/2017-February/022264.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?06934b27"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected thunderbird package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5373");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:thunderbird");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x / 6.x / 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-5", reference:"thunderbird-45.7.0-1.el5.centos", allowmaj:TRUE)) flag++;
    
    if (rpm_check(release:"CentOS-6", reference:"thunderbird-45.7.0-1.el6.centos", allowmaj:TRUE)) flag++;
    
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"thunderbird-45.7.0-1.el7.centos", allowmaj:TRUE)) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-0190.NASL
    descriptionFrom Red Hat Security Advisory 2017:0190 : An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 21 February 2017] This advisory has been updated to include Firefox packages for the PPC and S390 architectures that were previously omitted. For this revised update, packages for all architectures were rebuilt. The rebuilt packages do not contain any new code changes. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jann Horn, Filipe Gomes, Muneaki Nishimura, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters.
    last seen2020-05-31
    modified2017-01-26
    plugin id96789
    published2017-01-26
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96789
    titleOracle Linux 5 / 6 / 7 : firefox (ELSA-2017-0190)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3175-2.NASL
    descriptionUSN-3175-1 fixed vulnerabilities in Firefox. The update caused a regression on systems where the AppArmor profile for Firefox is set to enforce mode. This update fixes the problem. We apologize for the inconvenience. Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374) JIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5375) Nicolas Gregoire discovered a use-after-free when manipulating XSL in XSLT documents in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5376) Atte Kettunen discovered a memory corruption issue in Skia in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5377) Jann Horn discovered that an object
    last seen2020-06-01
    modified2020-06-02
    plugin id97047
    published2017-02-07
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97047
    titleUbuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox regression (USN-3175-2)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-188.NASL
    descriptionThis update to Mozilla Thunderbird 45.7.0 fixes security issues and bugs. The following security issues from advisory MFSA 2017-03 were fixed (boo#1021991) In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts : - CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (boo#1021814) - CVE-2017-5376: Use-after-free in XSL (boo#1021817) - CVE-2017-5378: Pointer and frame data leakage of JavaScript objects (boo#1021818) - CVE-2017-5380: Potential use-after-free during DOM manipulations (boo#1021819) - CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (boo#1021820) - CVE-2017-5396: Use-after-free with Media Decoder (boo#1021821) - CVE-2017-5383: Location bar spoofing with unicode characters (boo#1021822) - CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7 (boo#1021824) The following non-security bugs were fixed : - Message preview pane non-functional after IMAP folder was renamed or moved -
    last seen2020-06-05
    modified2017-02-02
    plugin id96941
    published2017-02-02
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96941
    titleopenSUSE Security Update : MozillaThunderbird (openSUSE-2017-188)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_E60169C4AA8646B08AE20D81F683DF09.NASL
    descriptionMozilla Foundation reports : Please reference CVE/URL list for details
    last seen2020-06-01
    modified2020-06-02
    plugin id96743
    published2017-01-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96743
    titleFreeBSD : mozilla -- multiple vulnerabilities (e60169c4-aa86-46b0-8ae2-0d81f683df09)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1012.NASL
    descriptionAccording to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-9079,CVE-2016-9893, CVE-2016-9899, CVE-2016-9895, CVE-2016-9897, CVE-2016-9898, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9904, CVE-2016-9905,CVE-2017-5373,CVE-2017-5375,CVE-2017-5376 ,CVE-2017-5378,CVE-2017-5380,CVE-2017-5383,CVE-2017-538 6,CVE-2017-5390,CVE-2017-5396) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-01
    plugin id99858
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99858
    titleEulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1012)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_45_7.NASL
    descriptionThe version of Mozilla Thunderbird installed on the remote Windows host is prior to 45.7. It is, therefore, affected by multiple vulnerabilities : - Mozilla developers and community members Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Thunderbird 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5373) - JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. (CVE-2017-5375) - Use-after-free while manipulating XSL in XSLT documents. (CVE-2017-5376) - Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object
    last seen2020-06-01
    modified2020-06-02
    plugin id96905
    published2017-01-31
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96905
    titleMozilla Thunderbird < 45.7 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_51.NASL
    descriptionThe version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 51. It is, therefore, affected by the following vulnerabilities : - Mozilla developers and community members Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5373) - Mozilla developers and community members Gary Kwong, Olli Pettay, Tooru Fujisawa, Carsten Book, Andrew McCreight, Chris Pearce, Ronald Crane, Jan de Mooij, Julian Seward, Nicolas Pierron, Randell Jesup, Esther Monchari, Honza Bambas, and Philipp reported memory safety bugs present in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5374) - JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. (CVE-2017-5375) - Use-after-free while manipulating XSL in XSLT documents (CVE-2017-5376) - A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. (CVE-2017-5377) - Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object
    last seen2020-06-01
    modified2020-06-02
    plugin id96774
    published2017-01-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96774
    titleMozilla Firefox < 51 Multiple Vulnerabilities (macOS)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1011.NASL
    descriptionAccording to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-9079,CVE-2016-9893,CVE-2016-9895,CVE-2016-989 7,CVE-2016-9898,CVE-2016-9899,CVE-2016-9900,CVE-2016-99 01,CVE-2016-9902,CVE-2016-9904,CVE-2016-9905,CVE-2017-5 373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-01
    plugin id99857
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99857
    titleEulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1011)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-896.NASL
    descriptionMultiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or spoofing. With version 45.8 Debian drops it
    last seen2020-03-17
    modified2017-04-19
    plugin id99442
    published2017-04-19
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99442
    titleDebian DLA-896-1 : icedove/thunderbird security update
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2017-026-01.NASL
    descriptionNew mozilla-thunderbird packages are available for Slackware 14.1, 14.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id96804
    published2017-01-27
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96804
    titleSlackware 14.1 / 14.2 / current : mozilla-thunderbird (SSA:2017-026-01)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0427-1.NASL
    descriptionMozillaFirefox 45 ESR was updated to 45.7 to fix the following issues (bsc#1021991) : - MFSA 2017-02/CVE-2017-5378: Pointer and frame data leakage of JavaScript objects (bsc#1021818) - MFSA 2017-02/CVE-2017-5396: Use-after-free with Media Decoder (bsc#1021821) - MFSA 2017-02/CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions (bsc#1021823) - MFSA 2017-02/CVE-2017-5380: Potential use-after-free during DOM manipulations (bsc#1021819) - MFSA 2017-02/CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (bsc#1021820) - MFSA 2017-02/CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 (bsc#1021824) - MFSA 2017-02/CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (bsc#1021814) - MFSA 2017-02/CVE-2017-5376: Use-after-free in XSL (bsc#1021817) - MFSA 2017-02/CVE-2017-5383: Location bar spoofing with unicode characters (bsc#1021822) Please see https://www.mozilla.org/en-US/security/advisories/mfsa20 17-02/ for more information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97082
    published2017-02-09
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97082
    titleSUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2017:0427-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0426-1.NASL
    descriptionMozillaFirefox 45 ESR was updated to 45.7 to fix the following issues (bsc#1021991) : - MFSA 2017-02/CVE-2017-5378: Pointer and frame data leakage of JavaScript objects (bsc#1021818) - MFSA 2017-02/CVE-2017-5396: Use-after-free with Media Decoder (bsc#1021821) - MFSA 2017-02/CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions (bsc#1021823) - MFSA 2017-02/CVE-2017-5380: Potential use-after-free during DOM manipulations (bsc#1021819) - MFSA 2017-02/CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (bsc#1021820) - MFSA 2017-02/CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 (bsc#1021824) - MFSA 2017-02/CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (bsc#1021814) - MFSA 2017-02/CVE-2017-5376: Use-after-free in XSL (bsc#1021817) - MFSA 2017-02/CVE-2017-5383: Location bar spoofing with unicode characters (bsc#1021822) Please see https://www.mozilla.org/en-US/security/advisories/mfsa20 17-02/ for more information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97081
    published2017-02-09
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97081
    titleSUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2017:0426-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-0190.NASL
    descriptionAn update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 21 February 2017] This advisory has been updated to include Firefox packages for the PPC and S390 architectures that were previously omitted. For this revised update, packages for all architectures were rebuilt. The rebuilt packages do not contain any new code changes. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jann Horn, Filipe Gomes, Muneaki Nishimura, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters.
    last seen2020-06-01
    modified2020-06-02
    plugin id96813
    published2017-01-27
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96813
    titleCentOS 5 / 6 / 7 : firefox (CESA-2017:0190)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201702-22.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201702-22 (Mozilla Firefox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, bypass access restriction, access otherwise protected information, or spoof content via multiple vectors. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id97265
    published2017-02-21
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97265
    titleGLSA-201702-22 : Mozilla Firefox: Multiple vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170202_THUNDERBIRD_ON_SL5_X.NASL
    descriptionThis update upgrades Thunderbird to version 45.7.0. Security Fix(es) : - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5390, CVE-2017-5396)
    last seen2020-03-18
    modified2017-02-03
    plugin id96975
    published2017-02-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96975
    titleScientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20170202)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170125_FIREFOX_ON_SL5_X.NASL
    descriptionThis update upgrades Firefox to version 45.7.0 ESR. Security Fix(es) : - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)
    last seen2020-03-18
    modified2017-01-26
    plugin id96792
    published2017-01-26
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96792
    titleScientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20170125)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_45_7.NASL
    descriptionThe version of Mozilla Thunderbird installed on the remote macOS or Mac OS X host is prior to 45.7. It is, therefore, affected by multiple vulnerabilities : - Mozilla developers and community members Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Thunderbird 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5373) - JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. (CVE-2017-5375) - Use-after-free while manipulating XSL in XSLT documents. (CVE-2017-5376) - Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object
    last seen2020-06-01
    modified2020-06-02
    plugin id96904
    published2017-01-31
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96904
    titleMozilla Thunderbird < 45.7 Multiple Vulnerabilities (macOS)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-0238.NASL
    descriptionFrom Red Hat Security Advisory 2017:0238 : An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.7.0. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5390, CVE-2017-5396) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jann Horn, Filipe Gomes, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters.
    last seen2020-05-31
    modified2017-02-03
    plugin id96970
    published2017-02-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96970
    titleOracle Linux 6 / 7 : thunderbird (ELSA-2017-0238)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-0190.NASL
    descriptionAn update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 21 February 2017] This advisory has been updated to include Firefox packages for the PPC and S390 architectures that were previously omitted. For this revised update, packages for all architectures were rebuilt. The rebuilt packages do not contain any new code changes. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jann Horn, Filipe Gomes, Muneaki Nishimura, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-03
    modified2017-07-13
    plugin id101416
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101416
    titleVirtuozzo 6 : firefox (VZLSA-2017-0190)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-800.NASL
    descriptionMultiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or information leaks or privilege escalation. For Debian 7
    last seen2020-03-17
    modified2017-01-27
    plugin id96815
    published2017-01-27
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96815
    titleDebian DLA-800-1 : firefox-esr security update
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_45_7_ESR.NASL
    descriptionThe version of Mozilla Firefox ESR installed on the remote Windows host is prior to 45.7. It is, therefore, affected by multiple vulnerabilities : - Mozilla developers and community members Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5373) - JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. (CVE-2017-5375) - Use-after-free while manipulating XSL in XSLT documents (CVE-2017-5376) - Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object
    last seen2020-06-01
    modified2020-06-02
    plugin id96775
    published2017-01-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96775
    titleMozilla Firefox ESR < 45.7 Multiple Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3175-1.NASL
    descriptionMultiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374) JIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5375) Nicolas Gregoire discovered a use-after-free when manipulating XSL in XSLT documents in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5376) Atte Kettunen discovered a memory corruption issue in Skia in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5377) Jann Horn discovered that an object
    last seen2020-06-01
    modified2020-06-02
    plugin id96872
    published2017-01-30
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96872
    titleUbuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox vulnerabilities (USN-3175-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201702-13.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201702-13 (Mozilla Thunderbird: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, by enticing a user to open a specially crafted email or web page, could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id97256
    published2017-02-21
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97256
    titleGLSA-201702-13 : Mozilla Thunderbird: Multiple vulnerabilities
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-0238.NASL
    descriptionAn update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.7.0. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5390, CVE-2017-5396) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jann Horn, Filipe Gomes, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101418
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101418
    titleVirtuozzo 6 : thunderbird (VZLSA-2017-0238)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_45_7_ESR.NASL
    descriptionThe version of Mozilla Firefox ESR installed on the remote macOS or Mac OS X host is 45.x prior to 45.7. It is, therefore, affected by the following vulnerabilities : - Mozilla developers and community members Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5373) - JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. (CVE-2017-5375) - Use-after-free while manipulating XSL in XSLT documents (CVE-2017-5376) - Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object
    last seen2020-06-01
    modified2020-06-02
    plugin id96773
    published2017-01-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96773
    titleMozilla Firefox ESR 45.x < 45.7 Multiple Vulnerabilities (macOS)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3832.NASL
    descriptionMultiple security issues have been found in Thunderbird, which may may lead to the execution of arbitrary code or information leaks. With this update, the Icedove packages are de-branded back to the official Mozilla branding. With the removing of the Debian branding the packages are also renamed back to the official names used by Mozilla. The Thunderbird package is using a different default profile folder, the default profile folder is now
    last seen2020-06-01
    modified2020-06-02
    plugin id99545
    published2017-04-21
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99545
    titleDebian DSA-3832-1 : icedove - security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3771.NASL
    descriptionMultiple security issues have been found in the Mozilla Firefox web browser: Memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or privilege escalation.
    last seen2020-06-01
    modified2020-06-02
    plugin id96780
    published2017-01-26
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96780
    titleDebian DSA-3771-1 : firefox-esr - security update

Packetstorm

Redhat

advisories
  • rhsa
    idRHSA-2017:0190
  • rhsa
    idRHSA-2017:0238
rpms
  • firefox-0:45.7.0-2.el5_11
  • firefox-0:45.7.0-2.el6_8
  • firefox-0:45.7.0-2.el7_3
  • firefox-debuginfo-0:45.7.0-2.el5_11
  • firefox-debuginfo-0:45.7.0-2.el6_8
  • firefox-debuginfo-0:45.7.0-2.el7_3
  • thunderbird-0:45.7.0-1.el5_11
  • thunderbird-0:45.7.0-1.el6_8
  • thunderbird-0:45.7.0-1.el7_3
  • thunderbird-debuginfo-0:45.7.0-1.el5_11
  • thunderbird-debuginfo-0:45.7.0-1.el6_8
  • thunderbird-debuginfo-0:45.7.0-1.el7_3